hi, this little patch to correct version problem and add the 2 bytes before rsa key exchange...
I am searching how I can add replay in this implementation, if someone have an idea I will thank him and I will follow advices to create the patch.... (I don't know well openssl implem) regards, -- ++++++++++++++++++++++++++ + Authesserre Samuel + + 12 rue de la défense passive+ + 14000 CAEN + + FRANCE + + 06-27-28-13-32 + + [EMAIL PROTECTED] + ++++++++++++++++++++++++++
diff -ru openssl-0.9.8b/include/openssl/dtls1.h openssl-0.9.8b_patched/include/openssl/dtls1.h --- openssl-0.9.8b/include/openssl/dtls1.h 2005-05-31 00:34:27.000000000 +0200 +++ openssl-0.9.8b_patched/include/openssl/dtls1.h 2006-06-16 08:53:48.033483744 +0200 @@ -67,9 +67,9 @@ extern "C" { #endif -#define DTLS1_VERSION 0x0100 -#define DTLS1_VERSION_MAJOR 0x01 -#define DTLS1_VERSION_MINOR 0x00 +#define DTLS1_VERSION 0xFEFF +#define DTLS1_VERSION_MAJOR 0xFE +#define DTLS1_VERSION_MINOR 0xFF #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 diff -ru openssl-0.9.8b/ssl/d1_clnt.c openssl-0.9.8b_patched/ssl/d1_clnt.c --- openssl-0.9.8b/ssl/d1_clnt.c 2005-12-05 18:32:19.000000000 +0100 +++ openssl-0.9.8b_patched/ssl/d1_clnt.c 2006-06-16 08:55:27.044431792 +0200 @@ -733,7 +733,7 @@ q=p; /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) + p+=2; n=RSA_public_encrypt(sizeof tmp_buf, tmp_buf,p,rsa,RSA_PKCS1_PADDING); @@ -748,12 +748,9 @@ } /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) - { - s2n(n,q); - n+=2; - } - + s2n(n,q); + n+=2; + s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, Seulement dans openssl-0.9.8b_patched/ssl: d1_clnt.c~ diff -ru openssl-0.9.8b/ssl/d1_pkt.c openssl-0.9.8b_patched/ssl/d1_pkt.c --- openssl-0.9.8b/ssl/d1_pkt.c 2006-02-08 20:16:32.000000000 +0100 +++ openssl-0.9.8b_patched/ssl/d1_pkt.c 2006-06-16 08:55:55.442114688 +0200 @@ -486,9 +486,9 @@ SSL3_RECORD *rr; SSL_SESSION *sess; unsigned char *p; - short version; + unsigned short version; DTLS1_BITMAP *bitmap; - unsigned int is_next_epoch; + unsigned int is_next_epoch; rr= &(s->s3->rrec); sess=s->session; Seulement dans openssl-0.9.8b_patched/ssl: d1_pkt.c~ diff -ru openssl-0.9.8b/ssl/dtls1.h openssl-0.9.8b_patched/ssl/dtls1.h --- openssl-0.9.8b/ssl/dtls1.h 2005-05-31 00:34:27.000000000 +0200 +++ openssl-0.9.8b_patched/ssl/dtls1.h 2006-06-16 08:53:48.033483744 +0200 @@ -67,9 +67,9 @@ extern "C" { #endif -#define DTLS1_VERSION 0x0100 -#define DTLS1_VERSION_MAJOR 0x01 -#define DTLS1_VERSION_MINOR 0x00 +#define DTLS1_VERSION 0xFEFF +#define DTLS1_VERSION_MAJOR 0xFE +#define DTLS1_VERSION_MINOR 0xFF #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 Seulement dans openssl-0.9.8b_patched/ssl: dtls1.h~