commit 4128aa71ee553dc08859e50b7ec141fb47ef0f94
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 21 09:40:12 2014 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:08 2014 +0200
tree 258b7754e06231fd8f268b86d8f25ee4d26bb6cb
parent 8933a65d5c9ed4ad7c94273e545bf47c1a267821

Add the 'cookie' field of DTLS ClientHello

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 25b5535..fd83ef2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1122,6 +1122,9 @@
     unsigned int i, j;
     unsigned int ciph_offset, comp_offset, ext_offset;
     unsigned int msg_len, ciph_len, sess_len, comp_len, ext_len;
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    unsigned int cookie_offset, cookie_len;
+#endif
     unsigned char *buf, *p, *ext;
     int renegotiation_info_seen = 0;
     int handshake_failure = 0;
@@ -1249,11 +1252,13 @@
      *     0  .   0   handshake type
      *     1  .   3   handshake length
      *     4  .   5   protocol version
-     *     6  .  37   random bytes (starting with 4 byte of Unix time)
-     *    38  .  38   session id length
+     *     6  .  37   random bytes (starting with 4 bytes of Unix time)
+     *    38  .  38   session id length (1 byte)
      *    39  . 38+x  session id
-     *   39+x . 40+x  ciphersuite list length
-     *   41+x .  ..   ciphersuite list
+     *   39+x . 39+x  DTLS only: cookie length (1 byte)
+     *   40+x .  ..   DTSL only: cookie
+     *    ..  .  ..   ciphersuite list length (2 bytes)
+     *    ..  .  ..   ciphersuite list
      *    ..  .  ..   compression alg. list length (1 byte)
      *    ..  .  ..   compression alg. list
      *    ..  .  ..   extensions length (2 bytes, optional)
@@ -1333,7 +1338,7 @@
     sess_len = buf[38];
 
     if( sess_len > sizeof( ssl->session_negotiate->id ) ||
-        sess_len + 39 + 2 > msg_len ) /* 2 for cipherlist length field */
+        sess_len + 38 + 2 > msg_len ) /* 2 for cipherlist length field */
     {
         SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
@@ -1349,9 +1354,37 @@
             ssl->session_negotiate->length );
 
     /*
+     * Check the cookie length and content
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+    {
+        cookie_offset = 39 + sess_len;
+        cookie_len = buf[cookie_offset];
+
+        if( // cookie_len > <MAX> || // TODO-DTLS
+            cookie_offset + 1 + cookie_len + 2 > msg_len )
+        {
+            SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+
+        SSL_DEBUG_BUF( 3, "client hello, cookie",
+                       buf + cookie_offset + 1, cookie_len );
+
+        // TODO-DTLS: check cookie, reject if invalid!
+    }
+#endif
+
+    /*
      * Check the ciphersuitelist length (will be parsed later)
      */
-    ciph_offset = 39 + sess_len;
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+        ciph_offset = cookie_offset + 1 + cookie_len;
+    else
+#endif
+        ciph_offset = 39 + sess_len;
 
     ciph_len = ( buf[ciph_offset + 0] << 8 )
              | ( buf[ciph_offset + 1]      );