yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 07:15:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Drop unexpected ApplicationData

Browse source 
This is likely to happen on resumption if client speaks first at the
application level.
This commit is contained in:
Manuel Pégourié-Gonnard 2014-10-02 14:17:18 +02:00 committed by Paul Bakker
parent f1e0df3ccd
commit df9a0a8460
2 changed files with 24 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
library/ssl_tls.c
View file

@ -2939,6 +2939,28 @@ static int ssl_parse_record_header( ssl_context *ssl )
return( POLARSSL_ERR_SSL_INVALID_RECORD ); return( POLARSSL_ERR_SSL_INVALID_RECORD );
} }
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
{
/* Drop unexpected ChangeCipherSpec messages */
if( ssl->in_msgtype == SSL_MSG_CHANGE_CIPHER_SPEC &&
ssl->state != SSL_CLIENT_CHANGE_CIPHER_SPEC &&
ssl->state != SSL_SERVER_CHANGE_CIPHER_SPEC )
{
SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
/* Drop unexpected ApplicationData records */
if( ssl->in_msgtype == SSL_MSG_APPLICATION_DATA &&
ssl->state != SSL_HANDSHAKE_OVER )
{
SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
}
#endif
/* Check version */ /* Check version */
if( major_ver != ssl->major_ver ) if( major_ver != ssl->major_ver )
{ {
@ -3284,20 +3306,6 @@ read_record_header:
} }
} }
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
{
/* Drop unexpected ChangeCipherSpec messages */
if( ssl->in_msgtype == SSL_MSG_CHANGE_CIPHER_SPEC &&
ssl->state != SSL_CLIENT_CHANGE_CIPHER_SPEC &&
ssl->state != SSL_SERVER_CHANGE_CIPHER_SPEC )
{
SSL_DEBUG_MSG( 2, ( "dropping unexpected ChangeCipherSpec" ) );
return( POLARSSL_ERR_NET_WANT_READ );
}
}
#endif
SSL_DEBUG_MSG( 2, ( "<= read record" ) ); SSL_DEBUG_MSG( 2, ( "<= read record" ) );
return( 0 ); return( 0 );

3
tests/ssl-opt.sh
View file

@ -959,7 +959,8 @@ run_test "Renegotiation: DTLS, client-initiated" \
run_test "Renegotiation: DTLS, server-initiated" \ run_test "Renegotiation: DTLS, server-initiated" \
"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
read_timeout=1000 max_resend=2" \
0 \ 0 \
-c "client hello, adding renegotiation extension" \ -c "client hello, adding renegotiation extension" \
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \