DTLS 1.2 cached record support.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 27 Mar 2013 15:50:42 +0000 (15:50 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 28 Mar 2013 14:14:27 +0000 (14:14 +0000)
Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).

ssl/d1_srvr.c

index e7df252..f18fb38 100644 (file)
@@ -649,6 +649,24 @@ int dtls1_accept(SSL *s)
                                s->state=SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
                                }
+                       else if (SSL_USE_SIGALGS(s))
+                               {
+                               s->state=SSL3_ST_SR_CERT_VRFY_A;
+                               s->init_num=0;
+                               if (!s->session->peer)
+                                       break;
+                               /* For sigalgs freeze the handshake buffer
+                                * at this point and digest cached records.
+                                */
+                               if (!s->s3->handshake_buffer)
+                                       {
+                                       SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+                                       return -1;
+                                       }
+                               s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+                               if (!ssl3_digest_cached_records(s))
+                                       return -1;
+                               }
                        else
                                {
                                s->state=SSL3_ST_SR_CERT_VRFY_A;