Add space for new DTLS fields in handshake
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 5ab626a..07bbd3d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -354,7 +354,7 @@
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/*
* Wrapper around f_sni, allowing use of ssl_set_own_cert() but
- * making it act on ssl->hanshake->sni_key_cert instead.
+ * making it act on ssl->handshake->sni_key_cert instead.
*/
static int ssl_sni_wrapper( ssl_context *ssl,
const unsigned char* name, size_t len )
@@ -1206,6 +1206,19 @@
ssl->handshake->update_checksum( ssl, buf, n );
/*
+ * For DTLS, we move data so that is looks like TLS handshake format
+ */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+ if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+ {
+ // TODO: DTLS: actually use the additional fields before removing them!
+
+ memmove( buf + 4, buf + 12, n - 12 );
+ n -= 8;
+ }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
+ /*
* SSL layer:
* 0 . 0 handshake type
* 1 . 3 handshake length
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fba4751..e9ede30 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1924,6 +1924,25 @@
ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
+ /*
+ * DTLS has additional fields in the Handshake layer,
+ * between the length field and the actual payload:
+ * uint16 message_seq;
+ * uint24 fragment_offset;
+ * uint24 fragment_length;
+ */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+ if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+ {
+ memmove( ssl->out_msg + 12, ssl->out_msg + 4, ssl->out_msglen - 4 );
+ ssl->out_msglen += 8;
+ len += 8;
+
+ // TODO: DTLS: fill additional fields correctly
+ memset( ssl->out_msg + 4, 0x00, 8 );
+ }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
}
@@ -2004,34 +2023,38 @@
static int ssl_prepare_handshake_record( ssl_context *ssl )
{
- ssl->in_hslen = 4;
+ ssl->in_hslen = ssl->transport == SSL_TRANSPORT_DATAGRAM ? 12 : 4;
ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
" %d, type = %d, hslen = %d",
- ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
+ ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
- /*
- * Additional checks to validate the handshake header
- */
- if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
+ /* We don't handle handshake messages larger than one record (for now) */
+ if( ssl->in_msg[1] != 0 ||
+ ssl->in_msglen < ssl->in_hslen )
{
SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
- if( ssl->in_msglen < ssl->in_hslen )
- {
- SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
- return( POLARSSL_ERR_SSL_INVALID_RECORD );
- }
-
- /*
- * Update handshake checksum
- */
if( ssl->state != SSL_HANDSHAKE_OVER )
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+ /*
+ * For DTLS, we move data so that is looks like
+ * TLS handshake format to other functions.
+ */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+ if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+ {
+ // TODO: DTLS: actually use the additional fields before removing them!
+
+ memmove( ssl->in_msg + 4, ssl->in_msg + 12, ssl->in_hslen - 12 );
+ ssl->in_hslen -= 8;
+ }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
return( 0 );
}
@@ -2042,8 +2065,16 @@
SSL_DEBUG_MSG( 2, ( "=> read record" ) );
- if( ssl->in_hslen != 0 &&
- ssl->in_hslen < ssl->in_msglen )
+ /*
+ * With DTLS, we cheated on in_hslen to make the handshake message look
+ * like TLS format, restore the truth now
+ */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+ if( ssl->in_hslen != 0 && ssl->transport == SSL_TRANSPORT_DATAGRAM )
+ ssl->in_hslen += 8;
+#endif
+
+ if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
{
/*
* Get next Handshake message in the current record