Switch to RFC-compliant version encoding in DTLS.
authorAndy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)
committerAndy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 18:53:54 +0000 (18:53 +0000)
ssl/d1_pkt.c
ssl/d1_srvr.c
ssl/dtls1.h
ssl/s3_srvr.c

index bf189f1..8cde575 100644 (file)
@@ -526,7 +526,7 @@ int dtls1_get_record(SSL *s)
        SSL3_RECORD *rr;
        SSL_SESSION *sess;
        unsigned char *p;
-       short version;
+       unsigned short version;
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
 
index d299ba6..0cfcf99 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -626,15 +625,16 @@ int dtls1_send_hello_verify_request(SSL *s)
                *(p++) = s->version & 0xFF;
 
                *(p++) = (unsigned char) s->d1->cookie_len;
-       if (s->ctx->app_gen_cookie_cb != NULL &&
-           s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-               &(s->d1->cookie_len)) == 0)
-               {
-               SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-               return 0;
-               }
-       /* else the cookie is assumed to have 
-        * been initialized by the application */
+
+               if (s->ctx->app_gen_cookie_cb != NULL &&
+                   s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+                       &(s->d1->cookie_len)) == 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               /* else the cookie is assumed to have 
+                * been initialized by the application */
 
                memcpy(p, s->d1->cookie, s->d1->cookie_len);
                p += s->d1->cookie_len;
index c5b1b9c..fdf9705 100644 (file)
@@ -67,9 +67,7 @@
 extern "C" {
 #endif
 
-#define DTLS1_VERSION                  0x0100
-#define DTLS1_VERSION_MAJOR            0x01
-#define DTLS1_VERSION_MINOR            0x00
+#define DTLS1_VERSION                  0xFEFF
 
 #if 0
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
index cc01cb1..d2f2688 100644 (file)
@@ -774,7 +774,8 @@ int ssl3_get_client_hello(SSL *s)
        s->client_version=(((int)p[0])<<8)|(int)p[1];
        p+=2;
 
-       if (s->client_version < s->version)
+       if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+           (s->version != DTLS1_VERSION && s->client_version < s->version))
                {
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
                if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
@@ -825,7 +826,7 @@ int ssl3_get_client_hello(SSL *s)
 
        p+=j;
 
-       if (SSL_version(s) == DTLS1_VERSION)
+       if (s->version == DTLS1_VERSION)
                {
                /* cookie stuff */
                cookie_len = *(p++);
@@ -1821,7 +1822,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                        rsa=pkey->pkey.rsa;
                        }
 
-               /* TLS */
+               /* TLS and [incidentally] DTLS{0xFEFF} */
                if (s->version > SSL3_VERSION)
                        {
                        n2s(p,i);