From 7432d073af97539e5a2c8b0f1ff254d6b53c9682 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sun, 30 Sep 2007 18:53:54 +0000
Subject: Switch to RFC-compliant version encoding in DTLS.

---
 ssl/d1_pkt.c  |  2 +-
 ssl/d1_srvr.c | 20 ++++++++++----------
 ssl/dtls1.h   |  4 +---
 ssl/s3_srvr.c |  7 ++++---
 4 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index bf189f11c3..8cde57509c 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -526,7 +526,7 @@ int dtls1_get_record(SSL *s)
 	SSL3_RECORD *rr;
 	SSL_SESSION *sess;
 	unsigned char *p;
-	short version;
+	unsigned short version;
 	DTLS1_BITMAP *bitmap;
 	unsigned int is_next_epoch;
 
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index d299ba618f..0cfcf99971 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,7 +121,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -626,15 +625,16 @@ int dtls1_send_hello_verify_request(SSL *s)
 		*(p++) = s->version & 0xFF;
 
 		*(p++) = (unsigned char) s->d1->cookie_len;
-	if (s->ctx->app_gen_cookie_cb != NULL &&
-	    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-		&(s->d1->cookie_len)) == 0)
-		{
-		SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-		return 0;
-		}
-	/* else the cookie is assumed to have 
-	 * been initialized by the application */
+
+		if (s->ctx->app_gen_cookie_cb != NULL &&
+		    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+			&(s->d1->cookie_len)) == 0)
+			{
+			SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+			return 0;
+			}
+		/* else the cookie is assumed to have 
+		 * been initialized by the application */
 
 		memcpy(p, s->d1->cookie, s->d1->cookie_len);
 		p += s->d1->cookie_len;
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index c5b1b9cab5..fdf97052de 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -67,9 +67,7 @@
 extern "C" {
 #endif
 
-#define DTLS1_VERSION			0x0100
-#define DTLS1_VERSION_MAJOR		0x01
-#define DTLS1_VERSION_MINOR		0x00
+#define DTLS1_VERSION			0xFEFF
 
 #if 0
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index cc01cb109f..d2f2688bd7 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -774,7 +774,8 @@ int ssl3_get_client_hello(SSL *s)
 	s->client_version=(((int)p[0])<<8)|(int)p[1];
 	p+=2;
 
-	if (s->client_version < s->version)
+	if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+	    (s->version != DTLS1_VERSION && s->client_version < s->version))
 		{
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
 		if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
@@ -825,7 +826,7 @@ int ssl3_get_client_hello(SSL *s)
 
 	p+=j;
 
-	if (SSL_version(s) == DTLS1_VERSION)
+	if (s->version == DTLS1_VERSION)
 		{
 		/* cookie stuff */
 		cookie_len = *(p++);
@@ -1821,7 +1822,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 			rsa=pkey->pkey.rsa;
 			}
 
-		/* TLS */
+		/* TLS and [incidentally] DTLS{0xFEFF} */
 		if (s->version > SSL3_VERSION)
 			{
 			n2s(p,i);
-- 
cgit v1.2.1