Provide partial support for fragmented DTLS ClientHellos
authorMatt Caswell <matt@openssl.org>
Wed, 4 Nov 2015 13:53:57 +0000 (13:53 +0000)
committerMatt Caswell <matt@openssl.org>
Fri, 5 Feb 2016 20:47:36 +0000 (20:47 +0000)
commit4b1043ef1b54b0cf27d00cff9ff9a63f2c523e63
treefa752a3d529b5ef61fda3b92322a0e8a9b232e8f
parent7d1d48a2d0a08567f5c8e14d50d89a9b47c02f1d
Provide partial support for fragmented DTLS ClientHellos

The recently rewriten DTLSv1_listen code does not support fragmented
ClientHello messages because fragment reassembly requires server state
which is against the whole point of DTLSv1_listen. This change adds some
partial support for fragmented ClientHellos. It requires that the cookie
must be within the initial fragment. That way any non-initial ClientHello
fragments can be dropped and fragment reassembly is not required.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
ssl/d1_lib.c