(linenum→info "unix/slp.c:2238")

openssl/0.9.8g/ssl/d1_srvr.c

    1: /* ssl/d1_srvr.c */
    2: /* 
    3:  * DTLS implementation written by Nagendra Modadugu
    4:  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
    5:  */
    6: /* ====================================================================
    7:  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
    8:  *
    9:  * Redistribution and use in source and binary forms, with or without
   10:  * modification, are permitted provided that the following conditions
   11:  * are met:
   12:  *
   13:  * 1. Redistributions of source code must retain the above copyright
   14:  *    notice, this list of conditions and the following disclaimer. 
   15:  *
   16:  * 2. Redistributions in binary form must reproduce the above copyright
   17:  *    notice, this list of conditions and the following disclaimer in
   18:  *    the documentation and/or other materials provided with the
   19:  *    distribution.
   20:  *
   21:  * 3. All advertising materials mentioning features or use of this
   22:  *    software must display the following acknowledgment:
   23:  *    "This product includes software developed by the OpenSSL Project
   24:  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
   25:  *
   26:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   27:  *    endorse or promote products derived from this software without
   28:  *    prior written permission. For written permission, please contact
   29:  *    openssl-core@OpenSSL.org.
   30:  *
   31:  * 5. Products derived from this software may not be called "OpenSSL"
   32:  *    nor may "OpenSSL" appear in their names without prior written
   33:  *    permission of the OpenSSL Project.
   34:  *
   35:  * 6. Redistributions of any form whatsoever must retain the following
   36:  *    acknowledgment:
   37:  *    "This product includes software developed by the OpenSSL Project
   38:  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
   39:  *
   40:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   41:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   42:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   43:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   44:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   45:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   46:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   47:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   49:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   50:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   51:  * OF THE POSSIBILITY OF SUCH DAMAGE.
   52:  * ====================================================================
   53:  *
   54:  * This product includes cryptographic software written by Eric Young
   55:  * (eay@cryptsoft.com).  This product includes software written by Tim
   56:  * Hudson (tjh@cryptsoft.com).
   57:  *
   58:  */
   59: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   60:  * All rights reserved.
   61:  *
   62:  * This package is an SSL implementation written
   63:  * by Eric Young (eay@cryptsoft.com).
   64:  * The implementation was written so as to conform with Netscapes SSL.
   65:  * 
   66:  * This library is free for commercial and non-commercial use as long as
   67:  * the following conditions are aheared to.  The following conditions
   68:  * apply to all code found in this distribution, be it the RC4, RSA,
   69:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   70:  * included with this distribution is covered by the same copyright terms
   71:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   72:  * 
   73:  * Copyright remains Eric Young's, and as such any Copyright notices in
   74:  * the code are not to be removed.
   75:  * If this package is used in a product, Eric Young should be given attribution
   76:  * as the author of the parts of the library used.
   77:  * This can be in the form of a textual message at program startup or
   78:  * in documentation (online or textual) provided with the package.
   79:  * 
   80:  * Redistribution and use in source and binary forms, with or without
   81:  * modification, are permitted provided that the following conditions
   82:  * are met:
   83:  * 1. Redistributions of source code must retain the copyright
   84:  *    notice, this list of conditions and the following disclaimer.
   85:  * 2. Redistributions in binary form must reproduce the above copyright
   86:  *    notice, this list of conditions and the following disclaimer in the
   87:  *    documentation and/or other materials provided with the distribution.
   88:  * 3. All advertising materials mentioning features or use of this software
   89:  *    must display the following acknowledgement:
   90:  *    "This product includes cryptographic software written by
   91:  *     Eric Young (eay@cryptsoft.com)"
   92:  *    The word 'cryptographic' can be left out if the rouines from the library
   93:  *    being used are not cryptographic related :-).
   94:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   95:  *    the apps directory (application code) you must include an acknowledgement:
   96:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   97:  * 
   98:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   99:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  100:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  101:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  102:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  103:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  104:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  105:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  106:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  107:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  108:  * SUCH DAMAGE.
  109:  * 
  110:  * The licence and distribution terms for any publically available version or
  111:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  112:  * copied and put under another distribution licence
  113:  * [including the GNU Public Licence.]
  114:  */
  115: 
  116: #include <stdio.h>
  117: #include "ssl_locl.h"
  118: #include <openssl/buffer.h>
  119: #include <openssl/rand.h>
  120: #include <openssl/objects.h>
  121: #include <openssl/evp.h>
  122: #include <openssl/x509.h>
  123: #include <openssl/md5.h>
  124: #ifndef OPENSSL_NO_DH
  125: #include <openssl/dh.h>
  126: #endif
  127: 
  128: static SSL_METHOD *dtls1_get_server_method(int ver);
  129: static int dtls1_send_hello_verify_request(SSL *s);
  130: 
  131: static SSL_METHOD *dtls1_get_server_method(int ver)
  132:         {
  133:         if (ver == DTLS1_VERSION)
  134:                 return(DTLSv1_server_method());
  135:         else
  136:                 return(NULL);
  137:         }
  138: 
  139: IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
  140:                         dtls1_accept,
  141:                         ssl_undefined_function,
  142:                         dtls1_get_server_method)
  143: 
  144: int dtls1_accept(SSL *s)
  145:         {
  146:         BUF_MEM *buf;
  147:         unsigned long l,Time=(unsigned long)time(NULL);
  148:         void (*cb)(const SSL *ssl,int type,int val)=NULL;
  149:         long num1;
  150:         int ret= -1;
  151:         int new_state,state,skip=0;
  152: 
  153:         RAND_add(&Time,sizeof(Time),0);
  154:         ERR_clear_error();
  155:         clear_sys_error();
  156: 
  157:         if (s->info_callback != NULL)
  158:                 cb=s->info_callback;
  159:         else if (s->ctx->info_callback != NULL)
  160:                 cb=s->ctx->info_callback;
  161: 
  162:         /* init things to blank */
  163:         s->in_handshake++;
  164:         if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  165: 
  166:         if (s->cert == NULL)
  167:                 {
  168:                 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
  169:                 return(-1);
  170:                 }
  171: 
  172:         for (;;)
  173:                 {
  174:                 state=s->state;
  175: 
  176:                 switch (s->state)
  177:                         {
  178:                 case SSL_ST_RENEGOTIATE:
  179:                         s->new_session=1;
  180:                         /* s->state=SSL_ST_ACCEPT; */
  181: 
  182:                 case SSL_ST_BEFORE:
  183:                 case SSL_ST_ACCEPT:
  184:                 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
  185:                 case SSL_ST_OK|SSL_ST_ACCEPT:
  186: 
  187:                         s->server=1;
  188:                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  189: 
  190:                         if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
  191:                                 {
  192:                                 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
  193:                                 return -1;
  194:                                 }
  195:                         s->type=SSL_ST_ACCEPT;
  196: 
  197:                         if (s->init_buf == NULL)
  198:                                 {
  199:                                 if ((buf=BUF_MEM_new()) == NULL)
  200:                                         {
  201:                                         ret= -1;
  202:                                         goto end;
  203:                                         }
  204:                                 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
  205:                                         {
  206:                                         ret= -1;
  207:                                         goto end;
  208:                                         }
  209:                                 s->init_buf=buf;
  210:                                 }
  211: 
  212:                         if (!ssl3_setup_buffers(s))
  213:                                 {
  214:                                 ret= -1;
  215:                                 goto end;
  216:                                 }
  217: 
  218:                         s->init_num=0;
  219: 
  220:                         if (s->state != SSL_ST_RENEGOTIATE)
  221:                                 {
  222:                                 /* Ok, we now need to push on a buffering BIO so that
  223:                                  * the output is sent in a way that TCP likes :-)
  224:                                  */
  225:                                 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
  226: 
  227:                                 ssl3_init_finished_mac(s);
  228:                                 s->state=SSL3_ST_SR_CLNT_HELLO_A;
  229:                                 s->ctx->stats.sess_accept++;
  230:                                 }
  231:                         else
  232:                                 {
  233:                                 /* s->state == SSL_ST_RENEGOTIATE,
  234:                                  * we will just send a HelloRequest */
  235:                                 s->ctx->stats.sess_accept_renegotiate++;
  236:                                 s->state=SSL3_ST_SW_HELLO_REQ_A;
  237:                                 }
  238: 
  239:             if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
  240:                 s->d1->send_cookie = 1;
  241:             else
  242:                 s->d1->send_cookie = 0;
  243: 
  244:                         break;
  245: 
  246:                 case SSL3_ST_SW_HELLO_REQ_A:
  247:                 case SSL3_ST_SW_HELLO_REQ_B:
  248: 
  249:                         s->shutdown=0;
  250:                         ret=dtls1_send_hello_request(s);
  251:                         if (ret <= 0) goto end;
  252:                         s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
  253:                         s->state=SSL3_ST_SW_FLUSH;
  254:                         s->init_num=0;
  255: 
  256:                         ssl3_init_finished_mac(s);
  257:                         break;
  258: 
  259:                 case SSL3_ST_SW_HELLO_REQ_C:
  260:                         s->state=SSL_ST_OK;
  261:                         break;
  262: 
  263:                 case SSL3_ST_SR_CLNT_HELLO_A:
  264:                 case SSL3_ST_SR_CLNT_HELLO_B:
  265:                 case SSL3_ST_SR_CLNT_HELLO_C:
  266: 
  267:                         s->shutdown=0;
  268:                         ret=ssl3_get_client_hello(s);
  269:                         if (ret <= 0) goto end;
  270:                         s->new_session = 2;
  271: 
  272:                         if ( s->d1->send_cookie)
  273:                                 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
  274:                         else
  275:                                 s->state = SSL3_ST_SW_SRVR_HELLO_A;
  276: 
  277:                         s->init_num=0;
  278:                         break;
  279:                         
  280:                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
  281:                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
  282: 
  283:                         ret = dtls1_send_hello_verify_request(s);
  284:                         if ( ret <= 0) goto end;
  285:                         s->d1->send_cookie = 0;
  286:                         s->state=SSL3_ST_SW_FLUSH;
  287:                         s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
  288: 
  289:                         /* HelloVerifyRequests resets Finished MAC */
  290:                         if (s->client_version != DTLS1_BAD_VER)
  291:                                 ssl3_init_finished_mac(s);
  292:                         break;
  293:                         
  294:                 case SSL3_ST_SW_SRVR_HELLO_A:
  295:                 case SSL3_ST_SW_SRVR_HELLO_B:
  296:                         ret=dtls1_send_server_hello(s);
  297:                         if (ret <= 0) goto end;
  298: 
  299:                         if (s->hit)
  300:                                 s->state=SSL3_ST_SW_CHANGE_A;
  301:                         else
  302:                                 s->state=SSL3_ST_SW_CERT_A;
  303:                         s->init_num=0;
  304:                         break;
  305: 
  306:                 case SSL3_ST_SW_CERT_A:
  307:                 case SSL3_ST_SW_CERT_B:
  308:                         /* Check if it is anon DH */
  309:                         if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
  310:                                 {
  311:                                 ret=dtls1_send_server_certificate(s);
  312:                                 if (ret <= 0) goto end;
  313:                                 }
  314:                         else
  315:                                 skip=1;
  316:                         s->state=SSL3_ST_SW_KEY_EXCH_A;
  317:                         s->init_num=0;
  318:                         break;
  319: 
  320:                 case SSL3_ST_SW_KEY_EXCH_A:
  321:                 case SSL3_ST_SW_KEY_EXCH_B:
  322:                         l=s->s3->tmp.new_cipher->algorithms;
  323: 
  324:                         /* clear this, it may get reset by
  325:                          * send_server_key_exchange */
  326:                         if ((s->options & SSL_OP_EPHEMERAL_RSA)
  327: #ifndef OPENSSL_NO_KRB5
  328:                                 && !(l & SSL_KRB5)
  329: #endif /* OPENSSL_NO_KRB5 */
  330:                                 )
  331:                                 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
  332:                                  * even when forbidden by protocol specs
  333:                                  * (handshake may fail as clients are not required to
  334:                                  * be able to handle this) */
  335:                                 s->s3->tmp.use_rsa_tmp=1;
  336:                         else
  337:                                 s->s3->tmp.use_rsa_tmp=0;
  338: 
  339:                         /* only send if a DH key exchange, fortezza or
  340:                          * RSA but we have a sign only certificate */
  341:                         if (s->s3->tmp.use_rsa_tmp
  342:                             || (l & (SSL_DH|SSL_kFZA))
  343:                             || ((l & SSL_kRSA)
  344:                                 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
  345:                                     || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
  346:                                         && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
  347:                                         )
  348:                                     )
  349:                                 )
  350:                             )
  351:                                 {
  352:                                 ret=dtls1_send_server_key_exchange(s);
  353:                                 if (ret <= 0) goto end;
  354:                                 }
  355:                         else
  356:                                 skip=1;
  357: 
  358:                         s->state=SSL3_ST_SW_CERT_REQ_A;
  359:                         s->init_num=0;
  360:                         break;
  361: 
  362:                 case SSL3_ST_SW_CERT_REQ_A:
  363:                 case SSL3_ST_SW_CERT_REQ_B:
  364:                         if (/* don't request cert unless asked for it: */
  365:                                 !(s->verify_mode & SSL_VERIFY_PEER) ||
  366:                                 /* if SSL_VERIFY_CLIENT_ONCE is set,
  367:                                  * don't request cert during re-negotiation: */
  368:                                 ((s->session->peer != NULL) &&
  369:                                  (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
  370:                                 /* never request cert in anonymous ciphersuites
  371:                                  * (see section "Certificate request" in SSL 3 drafts
  372:                                  * and in RFC 2246): */
  373:                                 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
  374:                                  /* ... except when the application insists on verification
  375:                                   * (against the specs, but s3_clnt.c accepts this for SSL 3) */
  376:                                  !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
  377:                                  /* never request cert in Kerberos ciphersuites */
  378:                                 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
  379:                                 {
  380:                                 /* no cert request */
  381:                                 skip=1;
  382:                                 s->s3->tmp.cert_request=0;
  383:                                 s->state=SSL3_ST_SW_SRVR_DONE_A;
  384:                                 }
  385:                         else
  386:                                 {
  387:                                 s->s3->tmp.cert_request=1;
  388:                                 ret=dtls1_send_certificate_request(s);
  389:                                 if (ret <= 0) goto end;
  390: #ifndef NETSCAPE_HANG_BUG
  391:                                 s->state=SSL3_ST_SW_SRVR_DONE_A;
  392: #else
  393:                                 s->state=SSL3_ST_SW_FLUSH;
  394:                                 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
  395: #endif
  396:                                 s->init_num=0;
  397:                                 }
  398:                         break;
  399: 
  400:                 case SSL3_ST_SW_SRVR_DONE_A:
  401:                 case SSL3_ST_SW_SRVR_DONE_B:
  402:                         ret=dtls1_send_server_done(s);
  403:                         if (ret <= 0) goto end;
  404:                         s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
  405:                         s->state=SSL3_ST_SW_FLUSH;
  406:                         s->init_num=0;
  407:                         break;
  408:                 
  409:                 case SSL3_ST_SW_FLUSH:
  410:                         /* number of bytes to be flushed */
  411:                         num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
  412:                         if (num1 > 0)
  413:                                 {
  414:                                 s->rwstate=SSL_WRITING;
  415:                                 num1=BIO_flush(s->wbio);
  416:                                 if (num1 <= 0) { ret= -1; goto end; }
  417:                                 s->rwstate=SSL_NOTHING;
  418:                                 }
  419: 
  420:                         s->state=s->s3->tmp.next_state;
  421:                         break;
  422: 
  423:                 case SSL3_ST_SR_CERT_A:
  424:                 case SSL3_ST_SR_CERT_B:
  425:                         /* Check for second client hello (MS SGC) */
  426:                         ret = ssl3_check_client_hello(s);
  427:                         if (ret <= 0)
  428:                                 goto end;
  429:                         if (ret == 2)
  430:                                 s->state = SSL3_ST_SR_CLNT_HELLO_C;
  431:                         else {
  432:                                 /* could be sent for a DH cert, even if we
  433:                                  * have not asked for it :-) */
  434:                                 ret=ssl3_get_client_certificate(s);
  435:                                 if (ret <= 0) goto end;
  436:                                 s->init_num=0;
  437:                                 s->state=SSL3_ST_SR_KEY_EXCH_A;
  438:                         }
  439:                         break;
  440: 
  441:                 case SSL3_ST_SR_KEY_EXCH_A:
  442:                 case SSL3_ST_SR_KEY_EXCH_B:
  443:                         ret=ssl3_get_client_key_exchange(s);
  444:                         if (ret <= 0) goto end;
  445:                         s->state=SSL3_ST_SR_CERT_VRFY_A;
  446:                         s->init_num=0;
  447: 
  448:                         /* We need to get hashes here so if there is
  449:                          * a client cert, it can be verified */ 
  450:                         s->method->ssl3_enc->cert_verify_mac(s,
  451:                                 &(s->s3->finish_dgst1),
  452:                                 &(s->s3->tmp.cert_verify_md[0]));
  453:                         s->method->ssl3_enc->cert_verify_mac(s,
  454:                                 &(s->s3->finish_dgst2),
  455:                                 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
  456: 
  457:                         break;
  458: 
  459:                 case SSL3_ST_SR_CERT_VRFY_A:
  460:                 case SSL3_ST_SR_CERT_VRFY_B:
  461: 
  462:                         /* we should decide if we expected this one */
  463:                         ret=ssl3_get_cert_verify(s);
  464:                         if (ret <= 0) goto end;
  465: 
  466:                         s->state=SSL3_ST_SR_FINISHED_A;
  467:                         s->init_num=0;
  468:                         break;
  469: 
  470:                 case SSL3_ST_SR_FINISHED_A:
  471:                 case SSL3_ST_SR_FINISHED_B:
  472:                         ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
  473:                                 SSL3_ST_SR_FINISHED_B);
  474:                         if (ret <= 0) goto end;
  475:                         if (s->hit)
  476:                                 s->state=SSL_ST_OK;
  477:                         else
  478:                                 s->state=SSL3_ST_SW_CHANGE_A;
  479:                         s->init_num=0;
  480:                         break;
  481: 
  482:                 case SSL3_ST_SW_CHANGE_A:
  483:                 case SSL3_ST_SW_CHANGE_B:
  484: 
  485:                         s->session->cipher=s->s3->tmp.new_cipher;
  486:                         if (!s->method->ssl3_enc->setup_key_block(s))
  487:                                 { ret= -1; goto end; }
  488: 
  489:                         ret=dtls1_send_change_cipher_spec(s,
  490:                                 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
  491: 
  492:                         if (ret <= 0) goto end;
  493:                         s->state=SSL3_ST_SW_FINISHED_A;
  494:                         s->init_num=0;
  495: 
  496:                         if (!s->method->ssl3_enc->change_cipher_state(s,
  497:                                 SSL3_CHANGE_CIPHER_SERVER_WRITE))
  498:                                 {
  499:                                 ret= -1;
  500:                                 goto end;
  501:                                 }
  502: 
  503:                         dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
  504:                         break;
  505: 
  506:                 case SSL3_ST_SW_FINISHED_A:
  507:                 case SSL3_ST_SW_FINISHED_B:
  508:                         ret=dtls1_send_finished(s,
  509:                                 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
  510:                                 s->method->ssl3_enc->server_finished_label,
  511:                                 s->method->ssl3_enc->server_finished_label_len);
  512:                         if (ret <= 0) goto end;
  513:                         s->state=SSL3_ST_SW_FLUSH;
  514:                         if (s->hit)
  515:                                 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
  516:                         else
  517:                                 s->s3->tmp.next_state=SSL_ST_OK;
  518:                         s->init_num=0;
  519:                         break;
  520: 
  521:                 case SSL_ST_OK:
  522:                         /* clean a few things up */
  523:                         ssl3_cleanup_key_block(s);
  524: 
  525: #if 0
  526:                         BUF_MEM_free(s->init_buf);
  527:                         s->init_buf=NULL;
  528: #endif
  529: 
  530:                         /* remove buffering on output */
  531:                         ssl_free_wbio_buffer(s);
  532: 
  533:                         s->init_num=0;
  534: 
  535:                         if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
  536:                                 {
  537:                                 /* actually not necessarily a 'new' session unless
  538:                                  * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
  539:                                 
  540:                                 s->new_session=0;
  541:                                 
  542:                                 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
  543:                                 
  544:                                 s->ctx->stats.sess_accept_good++;
  545:                                 /* s->server=1; */
  546:                                 s->handshake_func=dtls1_accept;
  547: 
  548:                                 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
  549:                                 }
  550:                         
  551:                         ret = 1;
  552: 
  553:                         /* done handshaking, next message is client hello */
  554:                         s->d1->handshake_r