mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 02:55:45 +01:00
Write new DTLS handshake fields correctly
This commit is contained in:
parent
ce441b3442
commit
e89bcf05da
@ -616,6 +616,9 @@ struct _ssl_handshake_params
|
|||||||
ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||||
#endif
|
#endif
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||||
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
|
unsigned int msg_seq; /*!< DTLS handshake sequence number */
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Checksum contexts
|
* Checksum contexts
|
||||||
|
@ -1203,6 +1203,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
else
|
else
|
||||||
n = ssl->in_msglen;
|
n = ssl->in_msglen;
|
||||||
|
|
||||||
|
SSL_DEBUG_BUF( 4, "record contents", buf, n );
|
||||||
|
|
||||||
ssl->handshake->update_checksum( ssl, buf, n );
|
ssl->handshake->update_checksum( ssl, buf, n );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1211,7 +1213,17 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
// TODO: DTLS: actually use the additional fields before removing them!
|
// TODO: DTLS: check message_seq
|
||||||
|
|
||||||
|
/* For now we don't support fragmentation, so make sure
|
||||||
|
* fragment_offset == 0 and fragment_length == length */
|
||||||
|
if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
|
||||||
|
memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "handshake fragmentation not supported" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
memmove( buf + 4, buf + 12, n - 12 );
|
memmove( buf + 4, buf + 12, n - 12 );
|
||||||
n -= 8;
|
n -= 8;
|
||||||
@ -1233,8 +1245,6 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
* 42+y . 41+z compression algs
|
* 42+y . 41+z compression algs
|
||||||
* .. . .. extensions
|
* .. . .. extensions
|
||||||
*/
|
*/
|
||||||
SSL_DEBUG_BUF( 4, "record contents", buf, n );
|
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d",
|
SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d",
|
||||||
buf[0] ) );
|
buf[0] ) );
|
||||||
SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
|
SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
|
||||||
|
@ -1934,12 +1934,19 @@ int ssl_write_record( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
memmove( ssl->out_msg + 12, ssl->out_msg + 4, ssl->out_msglen - 4 );
|
/* Make room for the additional DTLS fields */
|
||||||
|
memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
|
||||||
ssl->out_msglen += 8;
|
ssl->out_msglen += 8;
|
||||||
len += 8;
|
len += 8;
|
||||||
|
|
||||||
// TODO: DTLS: fill additional fields correctly
|
/* Write message_seq and update it */
|
||||||
memset( ssl->out_msg + 4, 0x00, 8 );
|
ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
|
||||||
|
ssl->out_msg[5] = ( ssl->handshake->msg_seq ) & 0xFF;
|
||||||
|
++( ssl->handshake->msg_seq );
|
||||||
|
|
||||||
|
/* We don't fragment, so frag_offset = 0 and frag_len = len */
|
||||||
|
memset( ssl->out_msg + 6, 0x00, 3 );
|
||||||
|
memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_SSL_PROTO_DTLS */
|
#endif /* POLARSSL_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
@ -2048,7 +2055,16 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
|
|||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
// TODO: DTLS: actually use the additional fields before removing them!
|
// TODO: DTLS: check message_seq
|
||||||
|
|
||||||
|
/* For now we don't support fragmentation, so make sure
|
||||||
|
* fragment_offset == 0 and fragment_length == length */
|
||||||
|
if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
|
||||||
|
memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "handshake fragmentation not supported" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
|
||||||
memmove( ssl->in_msg + 4, ssl->in_msg + 12, ssl->in_hslen - 12 );
|
memmove( ssl->in_msg + 4, ssl->in_msg + 12, ssl->in_hslen - 12 );
|
||||||
ssl->in_hslen -= 8;
|
ssl->in_hslen -= 8;
|
||||||
|
Loading…
Reference in New Issue
Block a user