commit abc7e3b4baaa78ba13d0fc11a3f33d40f18ece29
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Feb 11 18:15:03 2014 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:05 2014 +0200
tree 8d83c4c270d6425efb66193116b614b1b37e8b08
parent 864a81fdc0e66ea037c3ecb7b5df51345cb12bdb

Handle DTLS version encoding and fix some checks

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 49ae4a5..0d07b36 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1129,6 +1129,7 @@
     int handshake_failure = 0;
     const int *ciphersuites;
     const ssl_ciphersuite_t *ciphersuite_info;
+    int major, minor;
 
     SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
 
@@ -1142,7 +1143,7 @@
     buf = ssl->in_hdr;
 
 #if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
-    if( ( buf[0] & 0x80 ) != 0 )
+    if( ssl->transport == SSL_TRANSPORT_STREAM && ( buf[0] & 0x80 ) != 0 )
         return ssl_parse_client_hello_v2( ssl );
 #endif
 
@@ -1163,13 +1164,19 @@
      *     1  .   2   protocol version
      *     3  .   4   message length
      */
+    if( buf[0] != SSL_MSG_HANDSHAKE )
+    {
+        SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    ssl_read_version( &major, &minor, ssl->transport, buf + 1 );
 
     /* According to RFC 5246 Appendix E.1, the version here is typically
      * "{03,00}, the lowest version number supported by the client, [or] the
      * value of ClientHello.client_version", so the only meaningful check here
      * is the major version shouldn't be less than 3 */
-    if( buf[0] != SSL_MSG_HANDSHAKE ||
-        buf[1] < SSL_MAJOR_VERSION_3 )
+    if( major < SSL_MAJOR_VERSION_3 )
     {
         SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
@@ -1231,8 +1238,8 @@
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
     }
 
-    ssl->major_ver = buf[4];
-    ssl->minor_ver = buf[5];
+    ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
+                      ssl->transport, buf + 4 );
 
     ssl->handshake->max_major_ver = ssl->major_ver;
     ssl->handshake->max_minor_ver = ssl->minor_ver;
@@ -1782,11 +1789,12 @@
     buf = ssl->out_msg;
     p = buf + 4;
 
-    *p++ = (unsigned char) ssl->major_ver;
-    *p++ = (unsigned char) ssl->minor_ver;
+    ssl_write_version( ssl->major_ver, ssl->minor_ver,
+                       ssl->transport, p );
+    p += 2;
 
     SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
-                   buf[4], buf[5] ) );
+                        buf[4], buf[5] ) );
 
 #if defined(POLARSSL_HAVE_TIME)
     t = time( NULL );
@@ -2564,6 +2572,7 @@
     int ret;
     size_t len = pk_get_len( ssl_own_key( ssl ) );
     unsigned char *pms = ssl->handshake->premaster + pms_offset;
+    unsigned char ver[2];
 
     if( ! pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_RSA ) )
     {
@@ -2593,14 +2602,18 @@
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
     }
 
+    ssl_write_version( ssl->handshake->max_major_ver,
+                       ssl->handshake->max_minor_ver,
+                       ssl->transport, ver );
+
     ret = pk_decrypt( ssl_own_key( ssl ), p, len,
                       pms, &ssl->handshake->pmslen,
                       sizeof( ssl->handshake->premaster ) - pms_offset,
                       ssl->f_rng, ssl->p_rng );
 
     if( ret != 0 || ssl->handshake->pmslen != 48 ||
-        pms[0] != ssl->handshake->max_major_ver ||
-        pms[1] != ssl->handshake->max_minor_ver )
+        pms[0] != ver[0] ||
+        pms[1] != ver[1] )
     {
         SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );