Hi,
I noticed that the DTLS record layer MAC is computed using wrong input.
* Instead of using DTLS version , it's using TLS version.
* DTLS record layer epoch is also missing.
Please find patch file attached.
I am looking forward to 0.9.8f as it is closing the non-RFC compliance gap.
When will it be released?
Thanks,
Alex.
Index: t1_enc.c
===================================================================
RCS file: /data1/Repository/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.3
diff -r1.35.2.3 t1_enc.c
721a722
> unsigned char dtls_sequence[8];
723,736c724,737
< if (send)
< {
< rec= &(ssl->s3->wrec);
< mac_sec= &(ssl->s3->write_mac_secret[0]);
< seq= &(ssl->s3->write_sequence[0]);
< hash=ssl->write_hash;
< }
< else
< {
< rec= &(ssl->s3->rrec);
< mac_sec= &(ssl->s3->read_mac_secret[0]);
< seq= &(ssl->s3->read_sequence[0]);
< hash=ssl->read_hash;
< }
---
> if (send)
> {
> rec= &(ssl->s3->wrec);
> mac_sec= &(ssl->s3->write_mac_secret[0]);
> seq= &(ssl->s3->write_sequence[0]);
> hash=ssl->write_hash;
> }
> else
> {
> rec= &(ssl->s3->rrec);
> mac_sec= &(ssl->s3->read_mac_secret[0]);
> seq= &(ssl->s3->read_sequence[0]);
> hash=ssl->read_hash;
> }
741,742c742,743
< buf[1]=TLS1_VERSION_MAJOR;
< buf[2]=TLS1_VERSION_MINOR;
---
> buf[1]=SSL_version(ssl) >> 8;
> buf[2]=SSL_version(ssl) & 0xff;
749c750,768
< HMAC_Update(&hmac,seq,8);
---
>
> if(SSL_version(ssl) == DTLS1_VERSION)
> {
> bzero(dtls_sequence, 8);
> seq = dtls_sequence;
> if (send)
> {
> s2n(ssl->d1->w_epoch, seq);
> memcpy(seq, &(ssl->s3->write_sequence[2]), 6);
> }
> else
> {
> s2n(ssl->d1->r_epoch, seq);
> memcpy(seq, &(ssl->s3->read_sequence[2]), 6);
> }
> seq = dtls_sequence;
> }
>
> HMAC_Update(&hmac,seq,8);
763c782
< {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
---
> {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->input[z]); printf("\n"); }
