Prepare for DTLS handshake reassembly

2025-11-04 04:32:24 -05:00 · 2014-08-20 10:43:01 +02:00 · 2014-08-20 10:43:01 +02:00 · ed79a4bb14
commit ed79a4bb14
parent edcbe549fd
1 changed files with 40 additions and 16 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2124,20 +2124,55 @@ int ssl_write_record( ssl_context *ssl )
    return( 0 );
 }

+#if defined(POLARSSL_SSL_PROTO_DTLS)
+static int ssl_reassemble_dtls_handshake( ssl_context *ssl )
+{
+    if( ssl->handshake == NULL )
+    {
+        SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) );
+        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
+    SSL_DEBUG_MSG( 1, ( "TODO (WIP)" ) );
+    return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
 static int ssl_prepare_handshake_record( ssl_context *ssl )
 {
    ssl->in_hslen  = ssl->transport == SSL_TRANSPORT_DATAGRAM ? 12 : 4;
-    ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
+    ssl->in_hslen += ( ssl->in_msg[1] << 16 ) |
+                     ( ssl->in_msg[2] << 8  ) |
+                       ssl->in_msg[3];

    SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
                        " %d, type = %d, hslen = %d",
                        ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );

-    /* We don't handle handshake messages larger than one record (for now) */
-    if( ssl->in_msg[1] != 0 ||
-        ssl->in_msglen < ssl->in_hslen )
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
    {
-        SSL_DEBUG_MSG( 1, ( "handshake fragmentation not supported" ) );
+        int ret;
+
+        // TODO: DTLS: check message_seq
+
+        /* Is this message fragmented? */
+        if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
+            memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
+        {
+            if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 )
+            {
+                SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret );
+                return( ret );
+            }
+        }
+    }
+    else
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+    /* With TLS we don't handle fragmentation (for now) */
+    if( ssl->in_msglen < ssl->in_hslen )
+    {
+        SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
    }

@ -2155,17 +2190,6 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
        ! ( ssl->endpoint == SSL_IS_SERVER &&
            ssl->state == SSL_HANDSHAKE_OVER ) )
    {
-        // TODO: DTLS: check message_seq
-
-        /* For now we don't support fragmentation, so make sure
-         * fragment_offset == 0 and fragment_length == length */
-        if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
-            memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
-        {
-            SSL_DEBUG_MSG( 1, ( "handshake fragmentation not supported" ) );
-            return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-        }
-
        memmove( ssl->in_msg + 4, ssl->in_msg + 12, ssl->in_hslen - 12 );
        ssl->in_hslen -= 8;
    }