diff options
| author | appro <appro> | 2007-09-30 21:19:30 +0000 |
|---|---|---|
| committer | appro <appro> | 2007-09-30 21:19:30 +0000 |
| commit | 11b9e79a81695f7345822c4ce3bb3a43198286c6 (patch) | |
| tree | 8215e569946c8d79f742aa53b37b3dde20c71a69 /ssl/d1_pkt.c | |
| parent | 899068651f9c0e62f4960577845fd7a0d4309d6f (diff) | |
| download | openssl-11b9e79a81695f7345822c4ce3bb3a43198286c6.tar.gz | |
Make ChangeCipherSpec compliant with DTLS RFC4347.
Diffstat (limited to 'ssl/d1_pkt.c')
| -rw-r--r-- | ssl/d1_pkt.c | 64 |
1 files changed, 28 insertions, 36 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 8cde57509..452348401 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1014,47 +1014,39 @@ start: } if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - struct ccs_header_st ccs_hdr; + { + struct ccs_header_st ccs_hdr; dtls1_get_ccs_header(rr->data, &ccs_hdr); - if ( ccs_hdr.seq == s->d1->handshake_read_seq) - { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ - if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) - { - i=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto err; - } - - rr->length=0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - rr->data, 1, s, s->msg_callback_arg); - - s->s3->change_cipher_spec=1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - - /* do this whenever CCS is processed */ - dtls1_reset_seq_numbers(s, SSL3_CC_READ); - - /* handshake read seq is reset upon handshake completion */ - s->d1->handshake_read_seq++; - - goto start; - } - else + /* 'Change Cipher Spec' is just a single byte, so we know + * exactly what the record payload has to look like */ + /* XDTLS: check that epoch is consistent */ + if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) || + (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - rr->length = 0; - goto start; + i=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); + goto err; } + + rr->length=0; + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, + rr->data, 1, s, s->msg_callback_arg); + + s->s3->change_cipher_spec=1; + if (!ssl3_do_change_cipher_spec(s)) + goto err; + + /* do this whenever CCS is processed */ + dtls1_reset_seq_numbers(s, SSL3_CC_READ); + + /* handshake read seq is reset upon handshake completion */ + s->d1->handshake_read_seq++; + + goto start; } /* Unexpected handshake message (Client Hello, or protocol violation) */ |