Switch to RFC-compliant version encoding in DTLS.

author Andy Polyakov <appro@openssl.org>

Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)

committer Andy Polyakov <appro@openssl.org>

Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)
author Andy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)
committer Andy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index bf189f11c3c9fe389b216c9192a46ff5569ec686..8cde57509c3bf7c0d6f7c233036082d4e1d7abe5 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -526,7 +526,7 @@ int dtls1_get_record(SSL *s)
         SSL3_RECORD *rr;
         SSL_SESSION *sess;
         unsigned char *p;
         SSL3_RECORD *rr;
         SSL_SESSION *sess;
         unsigned char *p;
-       short version;
+       unsigned short version;
         DTLS1_BITMAP *bitmap;
         unsigned int is_next_epoch;
  
         DTLS1_BITMAP *bitmap;
         unsigned int is_next_epoch;
  
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index d299ba618fea23ed3e9c326abf79be36f484188b..0cfcf99971d0af6587beda45702cb4025ca4c5e2 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,7 +121,6 @@
  #include <openssl/evp.h>
  #include <openssl/x509.h>
  #include <openssl/md5.h>
  #include <openssl/evp.h>
  #include <openssl/x509.h>
  #include <openssl/md5.h>
-#include <openssl/bn.h>
  #ifndef OPENSSL_NO_DH
  #include <openssl/dh.h>
  #endif
  #ifndef OPENSSL_NO_DH
  #include <openssl/dh.h>
  #endif
@@ -626,15 +625,16 @@ int dtls1_send_hello_verify_request(SSL *s)
                 *(p++) = s->version & 0xFF;
  
                 *(p++) = (unsigned char) s->d1->cookie_len;
                 *(p++) = s->version & 0xFF;
  
                 *(p++) = (unsigned char) s->d1->cookie_len;
-       if (s->ctx->app_gen_cookie_cb != NULL &&
-           s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-               &(s->d1->cookie_len)) == 0)
-               {
-               SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-               return 0;
-               }
-       /* else the cookie is assumed to have 
-        * been initialized by the application */
+
+               if (s->ctx->app_gen_cookie_cb != NULL &&
+                   s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+                       &(s->d1->cookie_len)) == 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               /* else the cookie is assumed to have 
+                * been initialized by the application */
  
                 memcpy(p, s->d1->cookie, s->d1->cookie_len);
                 p += s->d1->cookie_len;
  
                 memcpy(p, s->d1->cookie, s->d1->cookie_len);
                 p += s->d1->cookie_len;
diff --git a/ssl/dtls1.h b/ssl/dtls1.h

index c5b1b9cab57863658ba8170fbcfb8f9da64abbfd..fdf97052de040abd3660dd7403198a1bc3193687 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -67,9 +67,7 @@
  extern "C" {
  #endif
  
  extern "C" {
  #endif
  
-#define DTLS1_VERSION                  0x0100
-#define DTLS1_VERSION_MAJOR            0x01
-#define DTLS1_VERSION_MINOR            0x00
+#define DTLS1_VERSION                  0xFEFF
  
  #if 0
  #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
  
  #if 0
  #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index cc01cb109fd535b9aac70afb56a9915f7cd7f882..d2f2688bd70e98e343c00495291400639672305c 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -774,7 +774,8 @@ int ssl3_get_client_hello(SSL *s)
         s->client_version=(((int)p[0])<<8)|(int)p[1];
         p+=2;
  
         s->client_version=(((int)p[0])<<8)|(int)p[1];
         p+=2;
  
-       if (s->client_version < s->version)
+       if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+           (s->version != DTLS1_VERSION && s->client_version < s->version))
                 {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
                 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
                 {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
                 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
@@ -825,7 +826,7 @@ int ssl3_get_client_hello(SSL *s)
  
         p+=j;
  
  
         p+=j;
  
-       if (SSL_version(s) == DTLS1_VERSION)
+       if (s->version == DTLS1_VERSION)
                 {
                 /* cookie stuff */
                 cookie_len = *(p++);
                 {
                 /* cookie stuff */
                 cookie_len = *(p++);
@@ -1821,7 +1822,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                         rsa=pkey->pkey.rsa;
                         }
  
                         rsa=pkey->pkey.rsa;
                         }
  
-               /* TLS */
+               /* TLS and [incidentally] DTLS{0xFEFF} */
                 if (s->version > SSL3_VERSION)
                         {
                         n2s(p,i);
                 if (s->version > SSL3_VERSION)
                         {
                         n2s(p,i);
author	Andy Polyakov <appro@openssl.org>
	Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)
ssl/d1_pkt.c		patch \| blob \| history
ssl/d1_srvr.c		patch \| blob \| history
ssl/dtls1.h		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history