DTLS 1.2 cached record support.

Add DTLS1.2 support for cached records when computing handshake macs instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the equivalent TLS 1.2 code to DTLS). (cherry picked from commit 04fac50045929e7078cad4835478dd7f16b6d4bd)
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-27 15:50:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-18 13:46:02 +0100
commit: efc17286f86fd55496c28021fce475a0ffe1957a (patch)
tree: eac0c182f2f99a444c283615d308b05e8f9b00a5 /ssl
parent: acec5a6244b6e54b805a5f7512efc72e18cc693a (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index b0f516880e..e8a829b354 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -650,6 +650,24 @@ int dtls1_accept(SSL *s)
 				s->state=SSL3_ST_SR_FINISHED_A;
 				s->init_num = 0;
 				}
+			else if (SSL_USE_SIGALGS(s))
+				{
+				s->state=SSL3_ST_SR_CERT_VRFY_A;
+				s->init_num=0;
+				if (!s->session->peer)
+					break;
+				/* For sigalgs freeze the handshake buffer
+				 * at this point and digest cached records.
+				 */
+				if (!s->s3->handshake_buffer)
+					{
+					SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+					return -1;
+					}
+				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+				if (!ssl3_digest_cached_records(s))
+					return -1;
+				}
 			else
 				{
 				s->state=SSL3_ST_SR_CERT_VRFY_A;
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-27 15:50:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-18 13:46:02 +0100
commit	efc17286f86fd55496c28021fce475a0ffe1957a (patch)
tree	eac0c182f2f99a444c283615d308b05e8f9b00a5 /ssl
parent	acec5a6244b6e54b805a5f7512efc72e18cc693a (diff)