Commit b62f4daa authored Aug 13, 2013 by Michael Tuexen Committed by Dr. Stephen Henson Aug 13, 2013

DTLS message_sequence number wrong in rehandshake ServerHello

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.

parent 0c75eeac

ssl/d1_pkt.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1058,6 +1058,7 @@ start:
		!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
		!s->s3->renegotiate)
		{
		s->d1->handshake_read_seq++;
		s->new_session = 1;
		ssl3_renegotiate(s);
		if (ssl3_renegotiate_check(s))

ssl/d1_srvr.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -294,10 +294,11 @@ int dtls1_accept(SSL *s)
		case SSL3_ST_SW_HELLO_REQ_B:

		s->shutdown=0;
		dtls1_clear_record_buffer(s);
		dtls1_start_timer(s);
		ret=ssl3_send_hello_request(s);
		if (ret <= 0) goto end;
		s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
		s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
		s->state=SSL3_ST_SW_FLUSH;
		s->init_num=0;