DTLS 1.2 cached record support.

Add DTLS1.2 support for cached records when computing handshake macs instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the equivalent TLS 1.2 code to DTLS).
2013-03-27 15:50:42 +00:00
parent 94782e0e9c
commit 04fac50045
1 changed files with 18 additions and 0 deletions
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -649,6 +649,24 @@ int dtls1_accept(SSL *s)
 				s->state=SSL3_ST_SR_FINISHED_A;
 				s->init_num = 0;
 				}
+			else if (SSL_USE_SIGALGS(s))
+				{
+				s->state=SSL3_ST_SR_CERT_VRFY_A;
+				s->init_num=0;
+				if (!s->session->peer)
+					break;
+				/* For sigalgs freeze the handshake buffer
+				 * at this point and digest cached records.
+				 */
+				if (!s->s3->handshake_buffer)
+					{
+					SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+					return -1;
+					}
+				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+				if (!ssl3_digest_cached_records(s))
+					return -1;
+				}
 			else
 				{
 				s->state=SSL3_ST_SR_CERT_VRFY_A;