Make ChangeCipherSpec compliant with DTLS RFC4347.
This commit is contained in:
Andy Polyakov
parent
0d97d00b6c
commit
89c333e3e5
2 changed files with 28 additions and 38 deletions
|
|
@ -813,7 +813,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
|
|||
*p++=SSL3_MT_CCS;
|
||||
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
|
||||
s->d1->next_handshake_write_seq++;
|
||||
s2n(s->d1->handshake_write_seq,p);
|
||||
|
||||
s->init_num=DTLS1_CCS_HEADER_LENGTH;
|
||||
s->init_off=0;
|
||||
|
|
@ -1255,5 +1254,4 @@ dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
|
|||
memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
|
||||
|
||||
ccs_hdr->type = *(data++);
|
||||
n2s(data, ccs_hdr->seq);
|
||||
}
|
||||
|
|
|
|||
64
ssl/d1_pkt.c
64
ssl/d1_pkt.c
|
|
@ -1014,47 +1014,39 @@ start:
|
|||
}
|
||||
|
||||
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
|
||||
{
|
||||
struct ccs_header_st ccs_hdr;
|
||||
{
|
||||
struct ccs_header_st ccs_hdr;
|
||||
|
||||
dtls1_get_ccs_header(rr->data, &ccs_hdr);
|
||||
|
||||
if ( ccs_hdr.seq == s->d1->handshake_read_seq)
|
||||
/* 'Change Cipher Spec' is just a single byte, so we know
|
||||
* exactly what the record payload has to look like */
|
||||
/* XDTLS: check that epoch is consistent */
|
||||
if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
|
||||
(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
|
||||
{
|
||||
/* 'Change Cipher Spec' is just a single byte, so we know
|
||||
* exactly what the record payload has to look like */
|
||||
/* XDTLS: check that epoch is consistent */
|
||||
if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
|
||||
(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
|
||||
{
|
||||
i=SSL_AD_ILLEGAL_PARAMETER;
|
||||
SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
|
||||
goto err;
|
||||
}
|
||||
|
||||
rr->length=0;
|
||||
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
|
||||
rr->data, 1, s, s->msg_callback_arg);
|
||||
|
||||
s->s3->change_cipher_spec=1;
|
||||
if (!ssl3_do_change_cipher_spec(s))
|
||||
goto err;
|
||||
|
||||
/* do this whenever CCS is processed */
|
||||
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
|
||||
|
||||
/* handshake read seq is reset upon handshake completion */
|
||||
s->d1->handshake_read_seq++;
|
||||
|
||||
goto start;
|
||||
}
|
||||
else
|
||||
{
|
||||
rr->length = 0;
|
||||
goto start;
|
||||
i=SSL_AD_ILLEGAL_PARAMETER;
|
||||
SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
|
||||
goto err;
|
||||
}
|
||||
|
||||
rr->length=0;
|
||||
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
|
||||
rr->data, 1, s, s->msg_callback_arg);
|
||||
|
||||
s->s3->change_cipher_spec=1;
|
||||
if (!ssl3_do_change_cipher_spec(s))
|
||||
goto err;
|
||||
|
||||
/* do this whenever CCS is processed */
|
||||
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
|
||||
|
||||
/* handshake read seq is reset upon handshake completion */
|
||||
s->d1->handshake_read_seq++;
|
||||
|
||||
goto start;
|
||||
}
|
||||
|
||||
/* Unexpected handshake message (Client Hello, or protocol violation) */
|
||||
|
|
|
|||
Loading…
Reference in a new issue