diff options
Diffstat (limited to 'src/lib/libssl/d1_both.c')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 4ce4064cc9..2180c6d4da 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -153,7 +153,7 @@ | |||
| 153 | #endif | 153 | #endif |
| 154 | 154 | ||
| 155 | static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; | 155 | static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; |
| 156 | static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; | 156 | static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; |
| 157 | 157 | ||
| 158 | /* XDTLS: figure out the right values */ | 158 | /* XDTLS: figure out the right values */ |
| 159 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; | 159 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; |
| @@ -464,20 +464,9 @@ again: | |||
| 464 | 464 | ||
| 465 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | 465 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); |
| 466 | 466 | ||
| 467 | s->d1->handshake_read_seq++; | 467 | /* Don't change sequence numbers while listening */ |
| 468 | /* we just read a handshake message from the other side: | 468 | if (!s->d1->listen) |
| 469 | * this means that we don't need to retransmit of the | 469 | s->d1->handshake_read_seq++; |
| 470 | * buffered messages. | ||
| 471 | * XDTLS: may be able clear out this | ||
| 472 | * buffer a little sooner (i.e if an out-of-order | ||
| 473 | * handshake message/record is received at the record | ||
| 474 | * layer. | ||
| 475 | * XDTLS: exception is that the server needs to | ||
| 476 | * know that change cipher spec and finished messages | ||
| 477 | * have been received by the client before clearing this | ||
| 478 | * buffer. this can simply be done by waiting for the | ||
| 479 | * first data segment, but is there a better way? */ | ||
| 480 | dtls1_clear_record_buffer(s); | ||
| 481 | 470 | ||
| 482 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | 471 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; |
| 483 | return s->init_num; | 472 | return s->init_num; |
| @@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | |||
| 813 | 802 | ||
| 814 | /* | 803 | /* |
| 815 | * if this is a future (or stale) message it gets buffered | 804 | * if this is a future (or stale) message it gets buffered |
| 816 | * (or dropped)--no further processing at this time | 805 | * (or dropped)--no further processing at this time |
| 806 | * While listening, we accept seq 1 (ClientHello with cookie) | ||
| 807 | * although we're still expecting seq 0 (ClientHello) | ||
| 817 | */ | 808 | */ |
| 818 | if ( msg_hdr.seq != s->d1->handshake_read_seq) | 809 | if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1)) |
| 819 | return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); | 810 | return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); |
| 820 | 811 | ||
| 821 | len = msg_hdr.msg_len; | 812 | len = msg_hdr.msg_len; |
| @@ -1322,7 +1313,8 @@ unsigned char * | |||
| 1322 | dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, | 1313 | dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, |
| 1323 | unsigned long len, unsigned long frag_off, unsigned long frag_len) | 1314 | unsigned long len, unsigned long frag_off, unsigned long frag_len) |
| 1324 | { | 1315 | { |
| 1325 | if ( frag_off == 0) | 1316 | /* Don't change sequence numbers while listening */ |
| 1317 | if (frag_off == 0 && !s->d1->listen) | ||
| 1326 | { | 1318 | { |
| 1327 | s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; | 1319 | s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; |
| 1328 | s->d1->next_handshake_write_seq++; | 1320 | s->d1->next_handshake_write_seq++; |