List Info

Thread: OpenSSL: OpenSSL_0_9_8-stable: openssl/ssl/ d1_both.c d1_pkt.c
OpenSSL: OpenSSL_0_9_8-stable: openssl/ssl/ d1_both.c d1_pkt.c
country flaguser name
Germany		 2007-09-30 16:20:59 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Andy
Polyakov
  Root:   /v/openssl/cvs                   Email:  approopenssl.org
  Module: openssl                          Date:  
30-Sep-2007 23:20:59
  Branch: OpenSSL_0_9_8-stable             Handle:
2007093022205900

  Modified files:           (Branch: OpenSSL_0_9_8-stable)
    openssl/ssl             d1_both.c d1_pkt.c

  Log:
    Make ChangeCipherSpec compliant with DTLS RFC4347. From
HEAD with a twist:
    server interoperates with non-compliant pre-0.9.8f.

  Summary:
    Revision    Changes     Path
    1.4.2.4     +8  -4      openssl/ssl/d1_both.c
    1.4.2.7     +29 -36     openssl/ssl/d1_pkt.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/ssl/d1_both.c
 
============================================================
================
  $ cvs diff -u -r1.4.2.3 -r1.4.2.4 d1_both.c
  --- openssl/ssl/d1_both.c	4 Jul 2007 13:09:27
-0000	1.4.2.3
  +++ openssl/ssl/d1_both.c	30 Sep 2007 21:20:59
-0000	1.4.2.4
   -816,9 +816,14 
   		*p++=SSL3_MT_CCS;
   		s->d1->handshake_write_seq =
s->d1->next_handshake_write_seq;
   		s->d1->next_handshake_write_seq++;
  -		s2n(s->d1->handshake_write_seq,p);
  -
   		s->init_num=DTLS1_CCS_HEADER_LENGTH;
  +
  +		if (s->client_version == DTLS1_BAD_VER)
  +			{
  +			s2n(s->d1->handshake_write_seq,p);
  +			s->init_num+=2;
  +			}
  +
   		s->init_off=0;
   
   		dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 
   -1056,7 +1061,7 
       if ( is_ccs)
           {
           OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
  -            DTLS1_CCS_HEADER_LENGTH == (unsigned
int)s->init_num);
  +            DTLS1_CCS_HEADER_LENGTH <= (unsigned
int)s->init_num);
           }
       else
           {
   -1259,5 +1264,4 
       memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
       
       ccs_hdr->type = *(data++);
  -    n2s(data, ccs_hdr->seq);
   }
   .
  patch -p0 <<' .'
  Index: openssl/ssl/d1_pkt.c
 
============================================================
================
  $ cvs diff -u -r1.4.2.6 -r1.4.2.7 d1_pkt.c
  --- openssl/ssl/d1_pkt.c	30 Sep 2007 18:55:59
-0000	1.4.2.6
  +++ openssl/ssl/d1_pkt.c	30 Sep 2007 21:20:59
-0000	1.4.2.7
   -974,47 +974,40 
   		}
   
   	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
  -        {
  -        struct ccs_header_st ccs_hdr;
  +		{
  +		struct ccs_header_st ccs_hdr;
   
   		dtls1_get_ccs_header(rr->data, &ccs_hdr);
   
  -		if ( ccs_hdr.seq == s->d1->handshake_read_seq)
  +		/* 'Change Cipher Spec' is just a single byte, so we
know
  +		 * exactly what the record payload has to look like */
  +		/* XDTLS: check that epoch is consistent */
  +		if (	(s->client_version == DTLS1_BAD_VER &&
rr->length != 3) ||
  +			(s->client_version != DTLS1_BAD_VER &&
rr->length != DTLS1_CCS_HEADER_LENGTH) || 
  +			(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
   			{
  -			/* 'Change Cipher Spec' is just a single byte, so we
know
  -			 * exactly what the record payload has to look like
*/
  -			/* XDTLS: check that epoch is consistent */
  -			if (	(rr->length != DTLS1_CCS_HEADER_LENGTH) || 
  -				(rr->off != 0) || (rr->data[0] !=
SSL3_MT_CCS))
  -				{
  -				i=SSL_AD_ILLEGAL_PARAMETER;
 
-				SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_S
PEC);
  -				goto err;
  -				}
  -			
  -			rr->length=0;
  -			
  -			if (s->msg_callback)
  -				s->msg_callback(0, s->version,
SSL3_RT_CHANGE_CIPHER_SPEC, 
  -					rr->data, 1, s, s->msg_callback_arg);
  -			
  -			s->s3->change_cipher_spec=1;
  -			if (!ssl3_do_change_cipher_spec(s))
  -				goto err;
  -			
  -			/* do this whenever CCS is processed */
  -			dtls1_reset_seq_numbers(s, SSL3_CC_READ);
  -			
  -			/* handshake read seq is reset upon handshake
completion */
  -			s->d1->handshake_read_seq++;
  -			
  -			goto start;
  -			}
  -		else
  -			{
  -			rr->length = 0;
  -			goto start;
  +			i=SSL_AD_ILLEGAL_PARAMETER;
 
+			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SP
EC);
  +			goto err;
   			}
  +
  +		rr->length=0;
  +
  +		if (s->msg_callback)
  +			s->msg_callback(0, s->version,
SSL3_RT_CHANGE_CIPHER_SPEC, 
  +				rr->data, 1, s, s->msg_callback_arg);
  +
  +		s->s3->change_cipher_spec=1;
  +		if (!ssl3_do_change_cipher_spec(s))
  +			goto err;
  +
  +		/* do this whenever CCS is processed */
  +		dtls1_reset_seq_numbers(s, SSL3_CC_READ);
  +
  +		/* handshake read seq is reset upon handshake
completion */
  +		s->d1->handshake_read_seq++;
  +
  +		goto start;
   		}
   
   	/* Unexpected handshake message (Client Hello, or
protocol violation) */
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )