feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

delay check of DTLS handshake message's RH version until the handshake header check

Browse Source
This commit is contained in:
John Safranek
2016-04-27 14:04:47 -07:00
parent 7123b080ed
commit 0511c8cac8
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/internal.c
View File

@@ -3982,11 +3982,9 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.downgrade && ssl->options.downgrade &&
ssl->options.connectState < FIRST_REPLY_DONE) ssl->options.connectState < FIRST_REPLY_DONE)
WOLFSSL_MSG("Server attempting to accept with different version"); WOLFSSL_MSG("Server attempting to accept with different version");
else if (ssl->options.dtls else if (ssl->options.dtls && rh->type == handshake)
&& (ssl->options.acceptState == ACCEPT_BEGIN /* Check the DTLS handshake message RH version later. */
|| ssl->options.acceptState == CLIENT_HELLO_SENT)) WOLFSSL_MSG("DTLS handshake, skip RH version number check");
/* Do not check version until Server Hello or Hello Again (2) */
WOLFSSL_MSG("Use version for formatting only in DTLS till ");
else { else {
WOLFSSL_MSG("SSL version error"); WOLFSSL_MSG("SSL version error");
return VERSION_ERROR; /* only use requested version */ return VERSION_ERROR; /* only use requested version */
@@ -4064,6 +4062,15 @@ static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
idx += DTLS_HANDSHAKE_FRAG_SZ; idx += DTLS_HANDSHAKE_FRAG_SZ;
c24to32(input + idx, fragSz); c24to32(input + idx, fragSz);
if (ssl->curRL.pvMajor != ssl->version.major ||
ssl->curRL.pvMinor != ssl->version.minor) {
if (*type != client_hello && *type != hello_verify_request)
return VERSION_ERROR;
else
WOLFSSL_MSG("DTLS Handshake ignoring hello or "
"hello verify version");
}
return 0; return 0;
} }
#endif #endif