From 67427c07b24d6eb905fba37c63e601a8f964a778 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Fri, 11 Jul 2014 13:45:34 +0200
Subject: [PATCH] Fix checksum computation with HelloVerifyRequest

---
 include/polarssl/ssl.h |  1 +
 library/ssl_cli.c      |  2 ++
 library/ssl_tls.c      | 17 +++++++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 16a6dacd8..04be34dd6 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -1766,6 +1766,7 @@ void ssl_handshake_wrapup( ssl_context *ssl );
 
 int ssl_send_fatal_handshake_failure( ssl_context *ssl );
 
+void ssl_reset_checksum( ssl_context *ssl );
 int ssl_derive_keys( ssl_context *ssl );
 
 int ssl_read_record( ssl_context *ssl );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 253d74ddc..7a0cde6b1 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -955,7 +955,9 @@ static int ssl_parse_hello_verify_request( ssl_context *ssl )
     memcpy( ssl->handshake->verify_cookie, p, cookie_len );
     ssl->handshake->verify_cookie_len = cookie_len;
 
+    /* Start over at ClientHello */
     ssl->state = SSL_CLIENT_HELLO;
+    ssl_reset_checksum( ssl );
 
     SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) );
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5abf89253..0b341607a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2935,6 +2935,23 @@ void ssl_optimize_checksum( ssl_context *ssl,
     }
 }
 
+void ssl_reset_checksum( ssl_context *ssl )
+{
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+    defined(POLARSSL_SSL_PROTO_TLS1_1)
+     md5_starts( &ssl->handshake->fin_md5  );
+    sha1_starts( &ssl->handshake->fin_sha1 );
+#endif
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+#if defined(POLARSSL_SHA256_C)
+    sha256_starts( &ssl->handshake->fin_sha256, 0 );
+#endif
+#if defined(POLARSSL_SHA512_C)
+    sha512_starts( &ssl->handshake->fin_sha512, 1 );
+#endif
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+}
+
 static void ssl_update_checksum_start( ssl_context *ssl,
                                        const unsigned char *buf, size_t len )
 {