Switch to RFC-compliant version encoding in DTLS.

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index bf189f11c3c9fe389b216c9192a46ff5569ec686..8cde57509c3bf7c0d6f7c233036082d4e1d7abe5 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -526,7 +526,7 @@ int dtls1_get_record(SSL *s)
        SSL3_RECORD *rr;
        SSL_SESSION *sess;
        unsigned char *p;
-       short version;
+       unsigned short version;
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
 

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index d299ba618fea23ed3e9c326abf79be36f484188b..0cfcf99971d0af6587beda45702cb4025ca4c5e2 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,7 +121,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -626,15 +625,16 @@ int dtls1_send_hello_verify_request(SSL *s)
                *(p++) = s->version & 0xFF;
 
                *(p++) = (unsigned char) s->d1->cookie_len;
-       if (s->ctx->app_gen_cookie_cb != NULL &&
-           s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-               &(s->d1->cookie_len)) == 0)
-               {
-               SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-               return 0;
-               }
-       /* else the cookie is assumed to have 
-        * been initialized by the application */
+
+               if (s->ctx->app_gen_cookie_cb != NULL &&
+                   s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+                       &(s->d1->cookie_len)) == 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               /* else the cookie is assumed to have 
+                * been initialized by the application */
 
                memcpy(p, s->d1->cookie, s->d1->cookie_len);
                p += s->d1->cookie_len;

diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index c5b1b9cab57863658ba8170fbcfb8f9da64abbfd..fdf97052de040abd3660dd7403198a1bc3193687 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -67,9 +67,7 @@
 extern "C" {
 #endif
 
-#define DTLS1_VERSION                  0x0100
-#define DTLS1_VERSION_MAJOR            0x01
-#define DTLS1_VERSION_MINOR            0x00
+#define DTLS1_VERSION                  0xFEFF
 
 #if 0
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index cc01cb109fd535b9aac70afb56a9915f7cd7f882..d2f2688bd70e98e343c00495291400639672305c 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -774,7 +774,8 @@ int ssl3_get_client_hello(SSL *s)
        s->client_version=(((int)p[0])<<8)|(int)p[1];
        p+=2;
 
-       if (s->client_version < s->version)
+       if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+           (s->version != DTLS1_VERSION && s->client_version < s->version))
                {
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
                if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
@@ -825,7 +826,7 @@ int ssl3_get_client_hello(SSL *s)
 
        p+=j;
 
-       if (SSL_version(s) == DTLS1_VERSION)
+       if (s->version == DTLS1_VERSION)
                {
                /* cookie stuff */
                cookie_len = *(p++);
@@ -1821,7 +1822,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                        rsa=pkey->pkey.rsa;
                        }
 
-               /* TLS */
+               /* TLS and [incidentally] DTLS{0xFEFF} */
                if (s->version > SSL3_VERSION)
                        {
                        n2s(p,i);