Merge remote-tracking branch 'origin/stable/10' into devel

author: Renato Botelho <renato@netgate.com> 2015-12-10 17:01:14 -0200
committer: Renato Botelho <renato@netgate.com> 2015-12-10 17:01:14 -0200
commit: a7ed3b08bcfc9de3d1e75679fe9292e5b09aea82 (patch)
tree: 71acee51f11c433be4c4a51635ce1ea4302ca4b6 /crypto/openssl/ssl/d1_clnt.c
parent: 54cf5d1b6607c1e6f2cbf32784c33720517bce49 (diff)
parent: 3bc7f4d78d27696df85e118c07aa5a2630188922 (diff)
download: FreeBSD-src-a7ed3b08bcfc9de3d1e75679fe9292e5b09aea82.zip
FreeBSD-src-a7ed3b08bcfc9de3d1e75679fe9292e5b09aea82.tar.gz
1 files changed, 17 insertions, 6 deletions
diff --git a/crypto/openssl/ssl/d1_clnt.c b/crypto/openssl/ssl/d1_clnt.c
index 377c1e6..eb371a2 100644
--- a/crypto/openssl/ssl/d1_clnt.c
+++ b/crypto/openssl/ssl/d1_clnt.c
@@ -299,13 +299,12 @@ int dtls1_connect(SSL *s)
 #endif
 
         case SSL3_ST_CW_CLNT_HELLO_A:
-        case SSL3_ST_CW_CLNT_HELLO_B:
-
             s->shutdown = 0;
 
             /* every DTLS ClientHello resets Finished MAC */
             ssl3_init_finished_mac(s);
 
+        case SSL3_ST_CW_CLNT_HELLO_B:
             dtls1_start_timer(s);
             ret = dtls1_client_hello(s);
             if (ret <= 0)
@@ -350,11 +349,15 @@ int dtls1_connect(SSL *s)
                              sizeof(DTLS1_SCTP_AUTH_LABEL),
                              DTLS1_SCTP_AUTH_LABEL);
 
-                    SSL_export_keying_material(s, sctpauthkey,
+                    if (SSL_export_keying_material(s, sctpauthkey,
                                                sizeof(sctpauthkey),
                                                labelbuffer,
                                                sizeof(labelbuffer), NULL, 0,
-                                               0);
+                                               0) <= 0) {
+                        ret = -1;
+                        s->state = SSL_ST_ERR;
+                        goto end;
+                    }
 
                     BIO_ctrl(SSL_get_wbio(s),
                              BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
@@ -362,6 +365,10 @@ int dtls1_connect(SSL *s)
 #endif
 
                     s->state = SSL3_ST_CR_FINISHED_A;
+                    if (s->tlsext_ticket_expected) {
+                        /* receive renewed session ticket */
+                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
+                    }
                 } else
                     s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
             }
@@ -484,9 +491,13 @@ int dtls1_connect(SSL *s)
             snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
                      DTLS1_SCTP_AUTH_LABEL);
 
-            SSL_export_keying_material(s, sctpauthkey,
+            if (SSL_export_keying_material(s, sctpauthkey,
                                        sizeof(sctpauthkey), labelbuffer,
-                                       sizeof(labelbuffer), NULL, 0, 0);
+                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
 
             BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
                      sizeof(sctpauthkey), sctpauthkey);
author	Renato Botelho <renato@netgate.com>	2015-12-10 17:01:14 -0200
committer	Renato Botelho <renato@netgate.com>	2015-12-10 17:01:14 -0200
commit	a7ed3b08bcfc9de3d1e75679fe9292e5b09aea82 (patch)
tree	71acee51f11c433be4c4a51635ce1ea4302ca4b6 /crypto/openssl/ssl/d1_clnt.c
parent	54cf5d1b6607c1e6f2cbf32784c33720517bce49 (diff)
parent	3bc7f4d78d27696df85e118c07aa5a2630188922 (diff)
download	FreeBSD-src-a7ed3b08bcfc9de3d1e75679fe9292e5b09aea82.zip FreeBSD-src-a7ed3b08bcfc9de3d1e75679fe9292e5b09aea82.tar.gz