summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2011-04-03 16:25:29 +0000
committerDr. Stephen Henson <steve@openssl.org>2011-04-03 16:25:29 +0000
commitf74a0c0c934f4e60a3b4592be6d09f8b4912cb0e (patch)
treed0b0ecf77cdf2048a9626340d90b67a14f43220d /ssl
parent6e28b60aa5559ddf82142d0df787f5cf9c0ab15f (diff)
PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.
Diffstat (limited to 'ssl')
-rw-r--r--ssl/d1_both.c14
-rw-r--r--ssl/d1_srvr.c9
2 files changed, 16 insertions, 7 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 2569bb7d67..c195159967 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -464,7 +464,10 @@ again:
memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- s->d1->handshake_read_seq++;
+ /* Don't change sequence numbers while listening */
+ if (!s->d1->listen)
+ s->d1->handshake_read_seq++;
+
/* we just read a handshake message from the other side:
* this means that we don't need to retransmit of the
* buffered messages.
@@ -813,9 +816,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
/*
* if this is a future (or stale) message it gets buffered
- * (or dropped)--no further processing at this time
+ * (or dropped)--no further processing at this time
+ * While listening, we accept seq 1 (ClientHello with cookie)
+ * although we're still expecting seq 0 (ClientHello)
*/
- if ( msg_hdr.seq != s->d1->handshake_read_seq)
+ if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
len = msg_hdr.msg_len;
@@ -1322,7 +1327,8 @@ unsigned char *
dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
unsigned long len, unsigned long frag_off, unsigned long frag_len)
{
- if ( frag_off == 0)
+ /* Don't change sequence numbers while listening */
+ if (frag_off == 0 && !s->d1->listen)
{
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
s->d1->next_handshake_write_seq++;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index ac4fbda3a6..f6d72f5fa6 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -278,6 +278,12 @@ int dtls1_accept(SSL *s)
{
ret = 2;
s->d1->listen = 0;
+ /* Set expected sequence numbers
+ * to continue the handshake.
+ */
+ s->d1->handshake_read_seq = 2;
+ s->d1->handshake_write_seq = 1;
+ s->d1->next_handshake_write_seq = 1;
goto end;
}
@@ -737,9 +743,6 @@ int dtls1_send_hello_verify_request(SSL *s)
/* number of bytes to write */
s->init_num=p-buf;
s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
}
/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 15:31:41 +0000