Switch to RFC-compliant version encoding in DTLS.

7432d073 · Andy Polyakov · 04e2ab2c · 7432d073 · 7432d073 · 7432d073
隐藏空白更改
内联并排

Showing with 16 addition and 17 deletion

ssl/d1_pkt.c ssl/d1_pkt.c +1 -1

ssl/d1_srvr.c ssl/d1_srvr.c +10 -10

ssl/dtls1.h ssl/dtls1.h +1 -3

ssl/s3_srvr.c ssl/s3_srvr.c +4 -3

未找到文件。
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -526,7 +526,7 @@ int dtls1_get_record(SSL *s)
 	SSL3_RECORD *rr;
 	SSL_SESSION *sess;
 	unsigned char *p;
-	short version;
+	unsigned short version;
 	DTLS1_BITMAP *bitmap;
 	unsigned int is_next_epoch;


--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,7 +121,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -626,15 +625,16 @@ int dtls1_send_hello_verify_request(SSL *s)
 		*(p++) = s->version & 0xFF;

 		*(p++) = (unsigned char) s->d1->cookie_len;
-	if (s->ctx->app_gen_cookie_cb != NULL &&
-	    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-		&(s->d1->cookie_len)) == 0)
-		{
-		SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-		return 0;
-		}
-	/* else the cookie is assumed to have 
-	 * been initialized by the application */
+
+		if (s->ctx->app_gen_cookie_cb != NULL &&
+		    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+			&(s->d1->cookie_len)) == 0)
+			{
+			SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+			return 0;
+			}
+		/* else the cookie is assumed to have 
+		 * been initialized by the application */

 		memcpy(p, s->d1->cookie, s->d1->cookie_len);
 		p += s->d1->cookie_len;

--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -67,9 +67,7 @@
 extern "C" {
 #endif

-#define DTLS1_VERSION			0x0100
-#define DTLS1_VERSION_MAJOR		0x01
-#define DTLS1_VERSION_MINOR		0x00
+#define DTLS1_VERSION			0xFEFF

 #if 0
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110

--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -774,7 +774,8 @@ int ssl3_get_client_hello(SSL *s)
 	s->client_version=(((int)p[0])<<8)|(int)p[1];
 	p+=2;

-	if (s->client_version < s->version)
+	if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+	    (s->version != DTLS1_VERSION && s->client_version < s->version))
 		{
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
 		if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
@@ -825,7 +826,7 @@ int ssl3_get_client_hello(SSL *s)

 	p+=j;

-	if (SSL_version(s) == DTLS1_VERSION)
+	if (s->version == DTLS1_VERSION)
 		{
 		/* cookie stuff */
 		cookie_len = *(p++);
@@ -1821,7 +1822,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 			rsa=pkey->pkey.rsa;
 			}

-		/* TLS */
+		/* TLS and [incidentally] DTLS{0xFEFF} */
 		if (s->version > SSL3_VERSION)
 			{
 			n2s(p,i);