mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-25 21:37:45 +00:00
Fix server-initiated renegotiation with DTLS
This commit is contained in:
parent
30d16eb429
commit
c392b240c4
2 changed files with 31 additions and 7 deletions
|
@ -2027,10 +2027,18 @@ int ssl_write_record( ssl_context *ssl )
|
||||||
ssl->out_msglen += 8;
|
ssl->out_msglen += 8;
|
||||||
len += 8;
|
len += 8;
|
||||||
|
|
||||||
/* Write message_seq and update it */
|
/* Write message_seq and update it, except for HelloRequest */
|
||||||
ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
|
if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
|
||||||
ssl->out_msg[5] = ( ssl->handshake->msg_seq ) & 0xFF;
|
{
|
||||||
++( ssl->handshake->msg_seq );
|
ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
|
||||||
|
ssl->out_msg[5] = ( ssl->handshake->msg_seq ) & 0xFF;
|
||||||
|
++( ssl->handshake->msg_seq );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ssl->out_msg[4] = 0;
|
||||||
|
ssl->out_msg[5] = 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* We don't fragment, so frag_offset = 0 and frag_len = len */
|
/* We don't fragment, so frag_offset = 0 and frag_len = len */
|
||||||
memset( ssl->out_msg + 6, 0x00, 3 );
|
memset( ssl->out_msg + 6, 0x00, 3 );
|
||||||
|
@ -2137,12 +2145,15 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
|
||||||
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
|
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* For DTLS, we move data so that is looks like
|
* For DTLS, we move data so that is looks like TLS handshake format to
|
||||||
* TLS handshake format to other functions.
|
* other functions.
|
||||||
|
* Except on server after the initial handshake (wait until after
|
||||||
|
* update_checksum() in ssl_parse_client_hello()).
|
||||||
*/
|
*/
|
||||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->state != SSL_HANDSHAKE_OVER )
|
! ( ssl->endpoint == SSL_IS_SERVER &&
|
||||||
|
ssl->state == SSL_HANDSHAKE_OVER ) )
|
||||||
{
|
{
|
||||||
// TODO: DTLS: check message_seq
|
// TODO: DTLS: check message_seq
|
||||||
|
|
||||||
|
|
|
@ -868,6 +868,19 @@ run_test "Renegotiation: DTLS, client-initiated" \
|
||||||
-s "=> renegotiate" \
|
-s "=> renegotiate" \
|
||||||
-S "write hello request"
|
-S "write hello request"
|
||||||
|
|
||||||
|
run_test "Renegotiation: DTLS, server-initiated" \
|
||||||
|
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
|
||||||
|
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
|
||||||
|
0 \
|
||||||
|
-c "client hello, adding renegotiation extension" \
|
||||||
|
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||||
|
-s "found renegotiation extension" \
|
||||||
|
-s "server hello, secure renegotiation extension" \
|
||||||
|
-c "found renegotiation extension" \
|
||||||
|
-c "=> renegotiate" \
|
||||||
|
-s "=> renegotiate" \
|
||||||
|
-s "write hello request"
|
||||||
|
|
||||||
# Tests for auth_mode
|
# Tests for auth_mode
|
||||||
|
|
||||||
run_test "Authentication: server badcert, client required" \
|
run_test "Authentication: server badcert, client required" \
|
||||||
|
|
Loading…
Reference in a new issue