Prepare moving away from memmove() on incoming HS
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 12a8ff5..22787fd 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1069,6 +1069,8 @@
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
{
@@ -1774,6 +1776,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
@@ -2098,6 +2102,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
@@ -2222,6 +2228,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
@@ -2648,6 +2656,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index a1c2c4d..81e3d0d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3018,6 +3018,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
@@ -3310,6 +3312,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
ssl->state++;
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b8946cd..08b26b3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2408,22 +2408,6 @@
}
#endif
- /*
- * For DTLS, we move data so that is looks like TLS handshake format to
- * other functions.
- * Except on server after the initial handshake (wait until after
- * update_checksum() in ssl_parse_client_hello()).
- */
-#if defined(POLARSSL_SSL_PROTO_DTLS)
- if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
- ! ( ssl->endpoint == SSL_IS_SERVER &&
- ssl->state == SSL_HANDSHAKE_OVER ) )
- {
- memmove( ssl->in_msg + 4, ssl->in_msg + 12, ssl->in_hslen - 12 );
- ssl->in_hslen -= 8;
- }
-#endif /* POLARSSL_SSL_PROTO_DTLS */
-
return( 0 );
}
@@ -2625,16 +2609,8 @@
SSL_DEBUG_MSG( 2, ( "=> read record" ) );
- /*
- * With DTLS, we cheated on in_hslen to make the handshake message look
- * like TLS format, restore the truth now
- */
-#if defined(POLARSSL_SSL_PROTO_DTLS)
- if( ssl->in_hslen != 0 && ssl->transport == SSL_TRANSPORT_DATAGRAM )
- ssl->in_hslen += 8;
-#endif
-
- if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
+ /* Temporarily disabled */
+ if( ( 0 ) && ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
{
/*
* Get next Handshake message in the current record
@@ -3001,6 +2977,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
ssl->state++;
#if defined(POLARSSL_SSL_PROTO_SSL3)
@@ -3813,6 +3791,8 @@
return( ret );
}
+ ssl_hs_rm_dtls_hdr( ssl );
+
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
@@ -5041,7 +5021,7 @@
if( ssl->endpoint == SSL_IS_CLIENT &&
( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
- ssl->in_hslen != 4 ) )
+ ssl->in_hslen != ssl_hs_hdr_len( ssl ) ) )
{
SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );