mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-27 06:35:22 +00:00
Check handshake message_seq field
This commit is contained in:
parent
9d1d7196e4
commit
1aa586e41d
@ -1293,12 +1293,27 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
*/
|
||||
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
|
||||
{
|
||||
ssl->handshake->out_msg_seq = ( ssl->in_msg[4] << 8 ) |
|
||||
ssl->in_msg[5];
|
||||
unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
|
||||
ssl->in_msg[5];
|
||||
ssl->handshake->out_msg_seq = cli_msg_seq;
|
||||
ssl->handshake->in_msg_seq = cli_msg_seq + 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* This couldn't be done in ssl_prepare_handshake_record() */
|
||||
unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
|
||||
ssl->in_msg[5];
|
||||
|
||||
// TODO: DTLS: check message_seq on non-initial handshakes?
|
||||
// (or already done in ssl_read_record?)
|
||||
if( cli_msg_seq != ssl->handshake->in_msg_seq )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
|
||||
"%d (expected %d)", cli_msg_seq,
|
||||
ssl->handshake->in_msg_seq ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
ssl->handshake->in_msg_seq++;
|
||||
}
|
||||
|
||||
/*
|
||||
* For now we don't support fragmentation, so make sure
|
||||
|
@ -2246,8 +2246,8 @@ static int ssl_reassemble_dtls_handshake( ssl_context *ssl )
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Make sure msg_type, length, message_seq are consistent */
|
||||
if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 6 ) != 0 )
|
||||
/* Make sure msg_type and length are consistent */
|
||||
if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) );
|
||||
return( POLARSSL_ERR_SSL_INVALID_RECORD );
|
||||
@ -2357,8 +2357,18 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
int ret;
|
||||
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
|
||||
|
||||
// TODO: DTLS: check message_seq
|
||||
/* ssl->handshake is NULL when receiving ClientHello for renego */
|
||||
if( ssl->handshake != NULL &&
|
||||
recv_msg_seq != ssl->handshake->in_msg_seq )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "dropping out-of-order message: "
|
||||
"message_seq = %d, expected = %d",
|
||||
recv_msg_seq, ssl->handshake->in_msg_seq ) );
|
||||
return( POLARSSL_ERR_NET_WANT_READ );
|
||||
}
|
||||
/* Wait until message completion to increment in_msg_seq */
|
||||
|
||||
/* Reassemble if current message is fragmented or reassembly is
|
||||
* already in progress */
|
||||
@ -2388,6 +2398,15 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
|
||||
if( ssl->state != SSL_HANDSHAKE_OVER )
|
||||
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
|
||||
|
||||
/* Handshake message is complete, increment counter */
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake != NULL )
|
||||
{
|
||||
ssl->handshake->in_msg_seq++;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* For DTLS, we move data so that is looks like TLS handshake format to
|
||||
* other functions.
|
||||
@ -4787,10 +4806,12 @@ static int ssl_start_renegotiation( ssl_context *ssl )
|
||||
* the ServerHello will have message_seq = 1" */
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->endpoint == SSL_IS_SERVER &&
|
||||
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
|
||||
{
|
||||
ssl->handshake->out_msg_seq = 1;
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ssl->handshake->out_msg_seq = 1;
|
||||
else
|
||||
ssl->handshake->in_msg_seq = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -4967,6 +4988,14 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
}
|
||||
else
|
||||
{
|
||||
#if defined(POLARSSL_SSL_PROTO_DTLS)
|
||||
/* DTLS clients need to know renego is server-initiated */
|
||||
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->endpoint == SSL_IS_CLIENT )
|
||||
{
|
||||
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
|
||||
}
|
||||
#endif
|
||||
ret = ssl_start_renegotiation( ssl );
|
||||
if( ret == POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user