commit e89bcf05da039f0c035372a198f55d33e2e3a579
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Feb 18 18:50:02 2014 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:07 2014 +0200
tree 2b7df2d98bee38a242f4becb9f423196cba66383
parent ce441b3442c8a4b7fae863e903abb0dcc0000e05

Write new DTLS handshake fields correctly

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 07bbd3d..9f73c07 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1203,6 +1203,8 @@
     else
         n = ssl->in_msglen;
 
+    SSL_DEBUG_BUF( 4, "record contents", buf, n );
+
     ssl->handshake->update_checksum( ssl, buf, n );
 
     /*
@@ -1211,7 +1213,17 @@
 #if defined(POLARSSL_SSL_PROTO_DTLS)
     if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
     {
-        // TODO: DTLS: actually use the additional fields before removing them!
+        // TODO: DTLS: check message_seq
+
+        /* For now we don't support fragmentation, so make sure
+         * fragment_offset == 0 and fragment_length == length */
+        if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
+            memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
+        {
+            SSL_DEBUG_MSG( 1, ( "handshake fragmentation not supported" ) );
+            return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+        }
+
 
         memmove( buf + 4, buf + 12, n - 12 );
         n -= 8;
@@ -1233,8 +1245,6 @@
      *   42+y . 41+z  compression algs
      *    ..  .  ..   extensions
      */
-    SSL_DEBUG_BUF( 4, "record contents", buf, n );
-
     SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d",
                    buf[0] ) );
     SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",