1. Some DTLS code was missing an ifdef.

2. If receiving a handshake message that's already been processed, retransmit the previous message flight.
2016-02-22 14:08:35 -08:00
parent f6fafe6738
commit f621f81fa2
1 changed files with 7 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -6101,7 +6101,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        *inOutIdx += fragSz;
        if(type == finished )
            *inOutIdx += ssl->keys.padSz;
-        ret = 0;
+        ret = DtlsPoolSend(ssl);
    }
    else if (fragSz < size) {
        /* Since this branch is in order, but fragmented, dtls_msg_list will be
@ -7612,6 +7612,7 @@ int ProcessReply(WOLFSSL* ssl)
                        }
                    #endif

+#ifdef WOLFSSL_DTLS
                    /* Check for duplicate CCS message in DTLS mode.
                     * DTLS allows for duplicate messages, and it should be
                     * skipped. */
@ -7619,6 +7620,10 @@ int ProcessReply(WOLFSSL* ssl)
                        ssl->msgsReceived.got_change_cipher) {

                        WOLFSSL_MSG("Duplicate ChangeCipher msg");
+                        ret = DtlsPoolSend(ssl);
+                        if (ret != 0)
+                            return ret;
+
                        if (ssl->curSize != 1) {
                            WOLFSSL_MSG("Malicious or corrupted"
                                        " duplicate ChangeCipher msg");
@ -7627,6 +7632,7 @@ int ProcessReply(WOLFSSL* ssl)
                        ssl->buffers.inputBuffer.idx++;
                        break;
                    }
+#endif

                    ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
                    if (ret != 0)