Hi, The alert message currently contains extra bytes in the payload.
Proposed patch below
Thanks,
Alex.
Index: ssl/d1_pkt.c
===================================================================
RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.9
diff -u -w -B -b -r1.4.2.9 d1_pkt.c
--- ssl/d1_pkt.c 3 Oct 2007 10:18:06 -0000 1.4.2.9
+++ ssl/d1_pkt.c 18 Oct 2007 00:12:44 -0000
@@ -1576,7 +1576,7 @@
{
int i,j;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
- unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message
seq +frag_off */
+ unsigned char buf[DTLS1_AL_HEADER_LENGTH];
unsigned char *ptr = &buf[0];
s->s3->alert_dispatch=0;
@@ -1585,6 +1585,10 @@
*ptr++ = s->s3->send_alert[0];
*ptr++ = s->s3->send_alert[1];
+#if 0
+ /* XXX: this is a possible improvement in the future */
+ /* now check if it's a missing record */
+
if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
{
s2n(s->d1->handshake_read_seq, ptr);
@@ -1600,6 +1604,7 @@
#endif
l2n3(s->d1->r_msg_hdr.frag_off, ptr);
}
+#endif
i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
if (i <= 0)
Index: ssl/dtls1.h
===================================================================
RCS file: /data1/Repository/openssl/ssl/dtls1.h,v
retrieving revision 1.4.2.3
diff -u -w -B -b -r1.4.2.3 dtls1.h
--- ssl/dtls1.h 1 Oct 2007 06:28:48 -0000 1.4.2.3
+++ ssl/dtls1.h 18 Oct 2007 00:12:12 -0000
@@ -84,7 +84,8 @@
#define DTLS1_CCS_HEADER_LENGTH 1
-#define DTLS1_AL_HEADER_LENGTH 7
+#define DTLS1_AL_HEADER_LENGTH 2
+ /* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */
typedef struct dtls1_bitmap_st
Hi,The alert message currently contains extra bytes in the payload.
Proposed patch below
Thanks,
Alex.
Index: ssl/d1_pkt.c
===================================================================
RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.9
diff -u -w -B -b -r1.4.2.9 d1_pkt.c
--- ssl/d1_pkt.c 3 Oct 2007 10:18:06 -0000 1.4.2.9
+++ ssl/d1_pkt.c 18 Oct 2007 00:12:44 -0000
@@ -1576,7 +1576,7 @@
{
int i,j;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
- unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
+ unsigned char buf[DTLS1_AL_HEADER_LENGTH];
unsigned char *ptr = &buf[0];
s->s3->alert_dispatch=0;
@@ -1585,6 +1585,10 @@
*ptr++ = s->s3->send_alert[0];
*ptr++ = s->s3->send_alert[1];
+#if 0
+ /* XXX: this is a possible improvement in the future */
+ /* now check if it's a missing record */
+
if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
{
s2n(s->d1->handshake_read_seq, ptr);
@@ -1600,6 +1604,7 @@
#endif
l2n3(s->d1->r_msg_hdr.frag_off, ptr);
}
+#endif
i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
if (i <= 0)
Index: ssl/dtls1.h
===================================================================
RCS file: /data1/Repository/openssl/ssl/dtls1.h,v
retrieving revision 1.4.2.3
diff -u -w -B -b -r1.4.2.3 dtls1.h
--- ssl/dtls1.h 1 Oct 2007 06:28:48 -0000 1.4.2.3
+++ ssl/dtls1.h 18 Oct 2007 00:12:12 -0000
@@ -84,7 +84,8 @@
#define DTLS1_CCS_HEADER_LENGTH 1
-#define DTLS1_AL_HEADER_LENGTH 7
+#define DTLS1_AL_HEADER_LENGTH 2
+ /* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */
typedef struct dtls1_bitmap_st
