yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Prepare for checking incoming handshake seqnum

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-09-02 18:30:26 +02:00 committed by Paul Bakker
parent 0c4cbc7895
commit d9ba0d96b6
3 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/polarssl/ssl.h
View file

@ -620,7 +620,8 @@ struct _ssl_handshake_params
#endif #endif
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_SSL_PROTO_DTLS) #if defined(POLARSSL_SSL_PROTO_DTLS)
unsigned int msg_seq; /*!< DTLS handshake sequence number */ unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
Srv: unused */ Srv: unused */
unsigned char verify_cookie_len; /*!< Cli: cookie length unsigned char verify_cookie_len; /*!< Cli: cookie length

5
library/ssl_srv.c
View file

@ -1292,7 +1292,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
* Copy the client's handshake message_seq on initial handshakes * Copy the client's handshake message_seq on initial handshakes
*/ */
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE ) if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
ssl->handshake->msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; {
ssl->handshake->out_msg_seq = ( ssl->in_msg[4] << 8 ) |
ssl->in_msg[5];
}
// TODO: DTLS: check message_seq on non-initial handshakes? // TODO: DTLS: check message_seq on non-initial handshakes?
// (or already done in ssl_read_record?) // (or already done in ssl_read_record?)

8
library/ssl_tls.c
View file

@ -2033,9 +2033,9 @@ int ssl_write_record( ssl_context *ssl )
/* Write message_seq and update it, except for HelloRequest */ /* Write message_seq and update it, except for HelloRequest */
if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST ) if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
{ {
ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF; ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
ssl->out_msg[5] = ( ssl->handshake->msg_seq ) & 0xFF; ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
++( ssl->handshake->msg_seq ); ++( ssl->handshake->out_msg_seq );
} }
else else
{ {
@ -4784,7 +4784,7 @@ static int ssl_start_renegotiation( ssl_context *ssl )
ssl->endpoint == SSL_IS_SERVER && ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{ {
ssl->handshake->msg_seq = 1; ssl->handshake->out_msg_seq = 1;
} }
#endif #endif