generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only call ssl3_init_finished_mac once for DTLS

Browse Source 
In DTLS if an IO retry occurs during writing of a fragmented ClientHello
then we can end up reseting the finish mac variables on the retry, which
causes a handshake failure. We should only reset on the first attempt not
on retries.

Thanks to BoringSSL for reporting this issue.

RT#4119

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 15a7164eb7)
This commit is contained in:
Matt Caswell
2015-11-03 15:49:08 +00:00
parent 84d0c40f3f
commit e83009840a
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/d1_clnt.c
View File

@@ -299,13 +299,12 @@ int dtls1_connect(SSL *s)
#endif #endif
case SSL3_ST_CW_CLNT_HELLO_A: case SSL3_ST_CW_CLNT_HELLO_A:
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown = 0; s->shutdown = 0;
/* every DTLS ClientHello resets Finished MAC */ /* every DTLS ClientHello resets Finished MAC */
ssl3_init_finished_mac(s); ssl3_init_finished_mac(s);
case SSL3_ST_CW_CLNT_HELLO_B:
dtls1_start_timer(s); dtls1_start_timer(s);
ret = dtls1_client_hello(s); ret = dtls1_client_hello(s);
if (ret <= 0) if (ret <= 0)