Switch to RFC-compliant version encoding in DTLS.
This commit is contained in:
Andy Polyakov
parent
04e2ab2c02
commit
7432d073af
4 changed files with 16 additions and 17 deletions
|
|
@ -526,7 +526,7 @@ int dtls1_get_record(SSL *s)
|
|||
SSL3_RECORD *rr;
|
||||
SSL_SESSION *sess;
|
||||
unsigned char *p;
|
||||
short version;
|
||||
unsigned short version;
|
||||
DTLS1_BITMAP *bitmap;
|
||||
unsigned int is_next_epoch;
|
||||
|
||||
|
|
|
|||
|
|
@ -121,7 +121,6 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/bn.h>
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <openssl/dh.h>
|
||||
#endif
|
||||
|
|
@ -626,15 +625,16 @@ int dtls1_send_hello_verify_request(SSL *s)
|
|||
*(p++) = s->version & 0xFF;
|
||||
|
||||
*(p++) = (unsigned char) s->d1->cookie_len;
|
||||
if (s->ctx->app_gen_cookie_cb != NULL &&
|
||||
s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
|
||||
&(s->d1->cookie_len)) == 0)
|
||||
{
|
||||
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
/* else the cookie is assumed to have
|
||||
* been initialized by the application */
|
||||
|
||||
if (s->ctx->app_gen_cookie_cb != NULL &&
|
||||
s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
|
||||
&(s->d1->cookie_len)) == 0)
|
||||
{
|
||||
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
/* else the cookie is assumed to have
|
||||
* been initialized by the application */
|
||||
|
||||
memcpy(p, s->d1->cookie, s->d1->cookie_len);
|
||||
p += s->d1->cookie_len;
|
||||
|
|
|
|||
|
|
@ -67,9 +67,7 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define DTLS1_VERSION 0x0100
|
||||
#define DTLS1_VERSION_MAJOR 0x01
|
||||
#define DTLS1_VERSION_MINOR 0x00
|
||||
#define DTLS1_VERSION 0xFEFF
|
||||
|
||||
#if 0
|
||||
#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
|
||||
|
|
|
|||
|
|
@ -774,7 +774,8 @@ int ssl3_get_client_hello(SSL *s)
|
|||
s->client_version=(((int)p[0])<<8)|(int)p[1];
|
||||
p+=2;
|
||||
|
||||
if (s->client_version < s->version)
|
||||
if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
|
||||
(s->version != DTLS1_VERSION && s->client_version < s->version))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
|
||||
if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
|
||||
|
|
@ -825,7 +826,7 @@ int ssl3_get_client_hello(SSL *s)
|
|||
|
||||
p+=j;
|
||||
|
||||
if (SSL_version(s) == DTLS1_VERSION)
|
||||
if (s->version == DTLS1_VERSION)
|
||||
{
|
||||
/* cookie stuff */
|
||||
cookie_len = *(p++);
|
||||
|
|
@ -1821,7 +1822,7 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||
rsa=pkey->pkey.rsa;
|
||||
}
|
||||
|
||||
/* TLS */
|
||||
/* TLS and [incidentally] DTLS{0xFEFF} */
|
||||
if (s->version > SSL3_VERSION)
|
||||
{
|
||||
n2s(p,i);
|
||||
|
|
|
|||
Loading…
Reference in a new issue