Prepare for checking incoming handshake seqnum

This commit is contained in:
Manuel Pégourié-Gonnard 2014-09-02 18:30:26 +02:00 committed by Paul Bakker
parent 0c4cbc7895
commit d9ba0d96b6
3 changed files with 10 additions and 6 deletions

View File

@ -620,7 +620,8 @@ struct _ssl_handshake_params
#endif
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_SSL_PROTO_DTLS)
unsigned int msg_seq; /*!< DTLS handshake sequence number */
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
Srv: unused */
unsigned char verify_cookie_len; /*!< Cli: cookie length

View File

@ -1292,7 +1292,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
* Copy the client's handshake message_seq on initial handshakes
*/
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
ssl->handshake->msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
{
ssl->handshake->out_msg_seq = ( ssl->in_msg[4] << 8 ) |
ssl->in_msg[5];
}
// TODO: DTLS: check message_seq on non-initial handshakes?
// (or already done in ssl_read_record?)

View File

@ -2033,9 +2033,9 @@ int ssl_write_record( ssl_context *ssl )
/* Write message_seq and update it, except for HelloRequest */
if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
{
ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
ssl->out_msg[5] = ( ssl->handshake->msg_seq ) & 0xFF;
++( ssl->handshake->msg_seq );
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
++( ssl->handshake->out_msg_seq );
}
else
{
@ -4784,7 +4784,7 @@ static int ssl_start_renegotiation( ssl_context *ssl )
ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
ssl->handshake->msg_seq = 1;
ssl->handshake->out_msg_seq = 1;
}
#endif