diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 16a6dacd8..04be34dd6 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -1766,6 +1766,7 @@ void ssl_handshake_wrapup( ssl_context *ssl ); int ssl_send_fatal_handshake_failure( ssl_context *ssl ); +void ssl_reset_checksum( ssl_context *ssl ); int ssl_derive_keys( ssl_context *ssl ); int ssl_read_record( ssl_context *ssl ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 253d74ddc..7a0cde6b1 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -955,7 +955,9 @@ static int ssl_parse_hello_verify_request( ssl_context *ssl ) memcpy( ssl->handshake->verify_cookie, p, cookie_len ); ssl->handshake->verify_cookie_len = cookie_len; + /* Start over at ClientHello */ ssl->state = SSL_CLIENT_HELLO; + ssl_reset_checksum( ssl ); SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5abf89253..0b341607a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2935,6 +2935,23 @@ void ssl_optimize_checksum( ssl_context *ssl, } } +void ssl_reset_checksum( ssl_context *ssl ) +{ +#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ + defined(POLARSSL_SSL_PROTO_TLS1_1) + md5_starts( &ssl->handshake->fin_md5 ); + sha1_starts( &ssl->handshake->fin_sha1 ); +#endif +#if defined(POLARSSL_SSL_PROTO_TLS1_2) +#if defined(POLARSSL_SHA256_C) + sha256_starts( &ssl->handshake->fin_sha256, 0 ); +#endif +#if defined(POLARSSL_SHA512_C) + sha512_starts( &ssl->handshake->fin_sha512, 1 ); +#endif +#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ +} + static void ssl_update_checksum_start( ssl_context *ssl, const unsigned char *buf, size_t len ) {