From: Jonathan Bastien-Filiatrault Date: Sun, 5 Sep 2010 06:27:25 +0000 (-0400) Subject: dtls: Add _gnutls_recv_hello_verify_request. X-Git-Tag: gnutls_2_99_0~237 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a63df83e829c4b3d73c601a63e1cfdb7a177392b;p=thirdparty%2Fgnutls.git dtls: Add _gnutls_recv_hello_verify_request. Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index f77ea8533d..bf46a7fcd0 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -76,6 +76,9 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, opaque * header, uint16_t header_size, opaque * dataptr, uint32_t datalen); +static int +_gnutls_recv_hello_verify_request (gnutls_session_t session, + opaque * data, int datalen); /* Clears the handshake hash buffers and handles. @@ -1586,6 +1589,18 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, return ret; } + break; + case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: + ret = _gnutls_recv_hello_verify_request (session, dataptr, length32); + gnutls_free (dataptr); + + if (ret < 0) + break; + else + /* Signal our caller we have received a verification cookie + and ClientHello needs to be sent again. */ + ret = 1; + break; case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: if (length32 == 0) @@ -2391,6 +2406,51 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen) return 0; } +static int +_gnutls_recv_hello_verify_request (gnutls_session_t session, + opaque * data, int datalen) +{ + ssize_t len = datalen; + size_t pos = 0; + uint8_t cookie_len; + + if (!_gnutls_is_dtls (session) + || session->security_parameters.entity == GNUTLS_SERVER) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET; + } + + /* TODO: determine if we need to do anything with the server version field */ + DECR_LEN (len, 2); + pos += 2; + + DECR_LEN (len, 1); + cookie_len = data[pos]; + pos++; + + if (cookie_len > DTLS_MAX_COOKIE_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + DECR_LEN (len, cookie_len); + + session->internals.dtls.cookie_len = cookie_len; + memcpy (session->internals.dtls.cookie, &data[pos], cookie_len); + + pos += cookie_len; + + if (len != 0) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + return 0; +} + /* The packets in gnutls_handshake (it's more broad than original TLS handshake) * * Client Server