]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
dtls: Add _gnutls_recv_hello_verify_request.
authorJonathan Bastien-Filiatrault <joe@x2a.org>
Sun, 5 Sep 2010 06:27:25 +0000 (02:27 -0400)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 17 Feb 2011 21:51:32 +0000 (22:51 +0100)
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
lib/gnutls_handshake.c

index f77ea8533df621b72505682ca8d17c87aa4bf41d..bf46a7fcd0d182ba3d1158f202e35378602f9986 100644 (file)
@@ -76,6 +76,9 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session,
                                   opaque * header, uint16_t header_size,
                                   opaque * dataptr, uint32_t datalen);
 
+static int
+_gnutls_recv_hello_verify_request (gnutls_session_t session,
+                                  opaque * data, int datalen);
 
 
 /* Clears the handshake hash buffers and handles.
@@ -1586,6 +1589,18 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data,
           return ret;
         }
 
+      break;
+    case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
+      ret = _gnutls_recv_hello_verify_request (session, dataptr, length32);
+      gnutls_free (dataptr);
+
+      if (ret < 0)
+       break;
+      else
+       /* Signal our caller we have received a verification cookie
+          and ClientHello needs to be sent again. */
+       ret = 1;
+
       break;
     case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
       if (length32 == 0)
@@ -2391,6 +2406,51 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen)
   return 0;
 }
 
+static int
+_gnutls_recv_hello_verify_request (gnutls_session_t session,
+                                  opaque * data, int datalen)
+{
+  ssize_t len = datalen;
+  size_t pos = 0;
+  uint8_t cookie_len;
+
+  if (!_gnutls_is_dtls (session)
+      || session->security_parameters.entity == GNUTLS_SERVER)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_UNEXPECTED_PACKET;
+    }
+
+  /* TODO: determine if we need to do anything with the server version field */
+  DECR_LEN (len, 2);
+  pos += 2;
+
+  DECR_LEN (len, 1);
+  cookie_len = data[pos];
+  pos++;
+
+  if (cookie_len > DTLS_MAX_COOKIE_SIZE)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+    }
+
+  DECR_LEN (len, cookie_len);
+
+  session->internals.dtls.cookie_len = cookie_len;
+  memcpy (session->internals.dtls.cookie, &data[pos], cookie_len);
+
+  pos += cookie_len;
+
+  if (len != 0)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+    }
+
+  return 0;
+}
+
 /* The packets in gnutls_handshake (it's more broad than original TLS handshake)
  *
  *     Client                                               Server