Re: [PATCH] DTLS version + 2 bytes length rsa key exchange

Tue, 20 Jun 2006 06:36:02 -0700 

hi,

this little patch to correct version problem and add the 2 bytes
before rsa key exchange...

I am searching how I can add replay in this implementation, if someone
have an idea I will thank him and I will follow advices to create the
patch.... (I don't know well openssl implem)

regards,


--
++++++++++++++++++++++++++
+ Authesserre Samuel            +
+ 12 rue de la défense passive+
+ 14000 CAEN                      +
+ FRANCE                           +
+ 06-27-28-13-32                   +
+ [EMAIL PROTECTED]          +
++++++++++++++++++++++++++

diff -ru openssl-0.9.8b/include/openssl/dtls1.h openssl-0.9.8b_patched/include/openssl/dtls1.h
--- openssl-0.9.8b/include/openssl/dtls1.h	2005-05-31 00:34:27.000000000 +0200
+++ openssl-0.9.8b_patched/include/openssl/dtls1.h	2006-06-16 08:53:48.033483744 +0200
@@ -67,9 +67,9 @@
 extern "C" {
 #endif
 
-#define DTLS1_VERSION			0x0100
-#define DTLS1_VERSION_MAJOR		0x01
-#define DTLS1_VERSION_MINOR		0x00
+#define DTLS1_VERSION			0xFEFF
+#define DTLS1_VERSION_MAJOR		0xFE
+#define DTLS1_VERSION_MINOR		0xFF
 
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
 
diff -ru openssl-0.9.8b/ssl/d1_clnt.c openssl-0.9.8b_patched/ssl/d1_clnt.c
--- openssl-0.9.8b/ssl/d1_clnt.c	2005-12-05 18:32:19.000000000 +0100
+++ openssl-0.9.8b_patched/ssl/d1_clnt.c	2006-06-16 08:55:27.044431792 +0200
@@ -733,7 +733,7 @@
 
 			q=p;
 			/* Fix buf for TLS and beyond */
-			if (s->version > SSL3_VERSION)
+		
 				p+=2;
 			n=RSA_public_encrypt(sizeof tmp_buf,
 				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
@@ -748,12 +748,9 @@
 				}
 
 			/* Fix buf for TLS and beyond */
-			if (s->version > SSL3_VERSION)
-				{
-				s2n(n,q);
-				n+=2;
-				}
-
+			s2n(n,q);
+			n+=2;
+			
 			s->session->master_key_length=
 				s->method->ssl3_enc->generate_master_secret(s,
 					s->session->master_key,
Seulement dans openssl-0.9.8b_patched/ssl: d1_clnt.c~
diff -ru openssl-0.9.8b/ssl/d1_pkt.c openssl-0.9.8b_patched/ssl/d1_pkt.c
--- openssl-0.9.8b/ssl/d1_pkt.c	2006-02-08 20:16:32.000000000 +0100
+++ openssl-0.9.8b_patched/ssl/d1_pkt.c	2006-06-16 08:55:55.442114688 +0200
@@ -486,9 +486,9 @@
 	SSL3_RECORD *rr;
 	SSL_SESSION *sess;
 	unsigned char *p;
-	short version;
+	unsigned short version;
 	DTLS1_BITMAP *bitmap;
-    unsigned int is_next_epoch;
+	unsigned int is_next_epoch;
 
 	rr= &(s->s3->rrec);
 	sess=s->session;
Seulement dans openssl-0.9.8b_patched/ssl: d1_pkt.c~
diff -ru openssl-0.9.8b/ssl/dtls1.h openssl-0.9.8b_patched/ssl/dtls1.h
--- openssl-0.9.8b/ssl/dtls1.h	2005-05-31 00:34:27.000000000 +0200
+++ openssl-0.9.8b_patched/ssl/dtls1.h	2006-06-16 08:53:48.033483744 +0200
@@ -67,9 +67,9 @@
 extern "C" {
 #endif
 
-#define DTLS1_VERSION			0x0100
-#define DTLS1_VERSION_MAJOR		0x01
-#define DTLS1_VERSION_MINOR		0x00
+#define DTLS1_VERSION			0xFEFF
+#define DTLS1_VERSION_MAJOR		0xFE
+#define DTLS1_VERSION_MINOR		0xFF
 
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
 
Seulement dans openssl-0.9.8b_patched/ssl: dtls1.h~

Reply via email to