diff options
| author | Jonathan Bastien-Filiatrault <joe@x2a.org> | 2010-09-05 02:27:25 -0400 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-17 22:51:32 +0100 |
| commit | a63df83e829c4b3d73c601a63e1cfdb7a177392b (patch) | |
| tree | f72234e256d729f68121973931891ede41a6bb54 | |
| parent | df20b0001d43b2f552858b47ef059af61aea6c45 (diff) | |
| download | gnutls-a63df83e829c4b3d73c601a63e1cfdb7a177392b.tar.gz | |
dtls: Add _gnutls_recv_hello_verify_request.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | lib/gnutls_handshake.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index f77ea8533d..bf46a7fcd0 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -76,6 +76,9 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, opaque * header, uint16_t header_size, opaque * dataptr, uint32_t datalen); +static int +_gnutls_recv_hello_verify_request (gnutls_session_t session, + opaque * data, int datalen); /* Clears the handshake hash buffers and handles. @@ -1587,6 +1590,18 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, } break; + case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: + ret = _gnutls_recv_hello_verify_request (session, dataptr, length32); + gnutls_free (dataptr); + + if (ret < 0) + break; + else + /* Signal our caller we have received a verification cookie + and ClientHello needs to be sent again. */ + ret = 1; + + break; case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: if (length32 == 0) ret = 0; @@ -2391,6 +2406,51 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen) return 0; } +static int +_gnutls_recv_hello_verify_request (gnutls_session_t session, + opaque * data, int datalen) +{ + ssize_t len = datalen; + size_t pos = 0; + uint8_t cookie_len; + + if (!_gnutls_is_dtls (session) + || session->security_parameters.entity == GNUTLS_SERVER) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET; + } + + /* TODO: determine if we need to do anything with the server version field */ + DECR_LEN (len, 2); + pos += 2; + + DECR_LEN (len, 1); + cookie_len = data[pos]; + pos++; + + if (cookie_len > DTLS_MAX_COOKIE_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + DECR_LEN (len, cookie_len); + + session->internals.dtls.cookie_len = cookie_len; + memcpy (session->internals.dtls.cookie, &data[pos], cookie_len); + + pos += cookie_len; + + if (len != 0) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + return 0; +} + /* The packets in gnutls_handshake (it's more broad than original TLS handshake) * * Client Server |