feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #285 from ejohnstown/dtls-hello

Browse Source 
DTLS server should be able to receive multiple client hellos without …
This commit is contained in:
JacobBarthelmeh
2016-02-04 14:27:03 -07:00
parent 7936c7a72e 7fe73c7cbd
commit 60668be1c0
1 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/internal.c
View File

@ -5995,12 +5995,29 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ssl->keys.dtls_peer_handshake_number > if (ssl->keys.dtls_peer_handshake_number >
ssl->keys.dtls_expected_peer_handshake_number) { ssl->keys.dtls_expected_peer_handshake_number) {
/* Current message is out of order. It will get stored in the list. /* Current message is out of order. It will get stored in the list.
* Storing also takes care of defragmentation. */ * Storing also takes care of defragmentation. If the messages is a
ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, * client hello, we need to process this out of order; the server
ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, * is not supposed to keep state, but the second client hello will
size, type, fragOffset, fragSz, ssl->heap); * have a different handshake sequence number than is expected, and
*inOutIdx += fragSz; * the server shouldn't be expecting any particular handshake sequence
ret = 0; * number. (If the cookie changes multiple times in quick succession,
* the client could be sending multiple new client hello messages
* with newer and newer cookies.) */
if (type != client_hello) {
ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
ssl->keys.dtls_peer_handshake_number,
input + *inOutIdx, size, type,
fragOffset, fragSz, ssl->heap);
*inOutIdx += fragSz;
ret = 0;
}
else {
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
if (ret == 0) {
ssl->keys.dtls_expected_peer_handshake_number =
ssl->keys.dtls_peer_handshake_number + 1;
}
}
} }
else if (ssl->keys.dtls_peer_handshake_number < else if (ssl->keys.dtls_peer_handshake_number <
ssl->keys.dtls_expected_peer_handshake_number) { ssl->keys.dtls_expected_peer_handshake_number) {
@ -15739,6 +15756,8 @@ int DoSessionTicket(WOLFSSL* ssl,
/* Send newCookie to client in a HelloVerifyRequest message /* Send newCookie to client in a HelloVerifyRequest message
* and let the state machine alone. */ * and let the state machine alone. */
ssl->msgsReceived.got_client_hello = 0; ssl->msgsReceived.got_client_hello = 0;
ssl->keys.dtls_handshake_number = 0;
ssl->keys.dtls_expected_peer_handshake_number = 0;
*inOutIdx += helloSz; *inOutIdx += helloSz;
return SendHelloVerifyRequest(ssl, newCookie, cookieSz); return SendHelloVerifyRequest(ssl, newCookie, cookieSz);
} }