OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Andy
Polyakov
Root: /v/openssl/cvs Email: appro openssl.org
Module: openssl Date:
30-Sep-2007 23:19:30
Branch: HEAD Handle:
2007093022193000
Modified files:
openssl/ssl d1_both.c d1_pkt.c
Log:
Make ChangeCipherSpec compliant with DTLS RFC4347.
Summary:
Revision Changes Path
1.11 +0 -2 openssl/ssl/d1_both.c
1.19 +28 -36 openssl/ssl/d1_pkt.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/ssl/d1_both.c
============================================================
================
$ cvs diff -u -r1.10 -r1.11 d1_both.c
--- openssl/ssl/d1_both.c 19 Sep 2007 16:38:15 -0000 1.10
+++ openssl/ssl/d1_both.c 30 Sep 2007 21:19:30 -0000 1.11
-813,7 +813,6
*p++=SSL3_MT_CCS;
s->d1->handshake_write_seq =
s->d1->next_handshake_write_seq;
s->d1->next_handshake_write_seq++;
- s2n(s->d1->handshake_write_seq,p);
s->init_num=DTLS1_CCS_HEADER_LENGTH;
s->init_off=0;
-1255,5 +1254,4
memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
ccs_hdr->type = *(data++);
- n2s(data, ccs_hdr->seq);
}
.
patch -p0 <<' .'
Index: openssl/ssl/d1_pkt.c
============================================================
================
$ cvs diff -u -r1.18 -r1.19 d1_pkt.c
--- openssl/ssl/d1_pkt.c 30 Sep 2007 18:53:54 -0000 1.18
+++ openssl/ssl/d1_pkt.c 30 Sep 2007 21:19:30 -0000 1.19
-1014,47 +1014,39
}
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- struct ccs_header_st ccs_hdr;
+ {
+ struct ccs_header_st ccs_hdr;
dtls1_get_ccs_header(rr->data, &ccs_hdr);
- if ( ccs_hdr.seq == s->d1->handshake_read_seq)
+ /* 'Change Cipher Spec' is just a single byte, so we
know
+ * exactly what the record payload has to look like */
+ /* XDTLS: check that epoch is consistent */
+ if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
+ (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
{
- /* 'Change Cipher Spec' is just a single byte, so we
know
- * exactly what the record payload has to look like
*/
- /* XDTLS: check that epoch is consistent */
- if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] !=
SSL3_MT_CCS))
- {
- i=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_S
PEC);
- goto err;
- }
-
- rr->length=0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version,
SSL3_RT_CHANGE_CIPHER_SPEC,
- rr->data, 1, s, s->msg_callback_arg);
-
- s->s3->change_cipher_spec=1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
-
- /* do this whenever CCS is processed */
- dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
- /* handshake read seq is reset upon handshake
completion */
- s->d1->handshake_read_seq++;
-
- goto start;
- }
- else
- {
- rr->length = 0;
- goto start;
+ i=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SP
EC);
+ goto err;
}
+
+ rr->length=0;
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version,
SSL3_RT_CHANGE_CIPHER_SPEC,
+ rr->data, 1, s, s->msg_callback_arg);
+
+ s->s3->change_cipher_spec=1;
+ if (!ssl3_do_change_cipher_spec(s))
+ goto err;
+
+ /* do this whenever CCS is processed */
+ dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+ /* handshake read seq is reset upon handshake
completion */
+ s->d1->handshake_read_seq++;
+
+ goto start;
}
/* Unexpected handshake message (Client Hello, or
protocol violation) */
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
