Hi, The alert message currently contains extra bytes in the payload.
Proposed patch below Thanks, Alex. Index: ssl/d1_pkt.c =================================================================== RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,v retrieving revision 1.4.2.9 diff -u -w -B -b -r1.4.2.9 d1_pkt.c --- ssl/d1_pkt.c 3 Oct 2007 10:18:06 -0000 1.4.2.9 +++ ssl/d1_pkt.c 18 Oct 2007 00:12:44 -0000 @@ -1576,7 +1576,7 @@ { int i,j; void (*cb)(const SSL *ssl,int type,int val)=NULL; - unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */ + unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; s->s3->alert_dispatch=0; @@ -1585,6 +1585,10 @@ *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; +#if 0 + /* XXX: this is a possible improvement in the future */ + /* now check if it's a missing record */ + if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { s2n(s->d1->handshake_read_seq, ptr); @@ -1600,6 +1604,7 @@ #endif l2n3(s->d1->r_msg_hdr.frag_off, ptr); } +#endif i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); if (i <= 0) Index: ssl/dtls1.h =================================================================== RCS file: /data1/Repository/openssl/ssl/dtls1.h,v retrieving revision 1.4.2.3 diff -u -w -B -b -r1.4.2.3 dtls1.h --- ssl/dtls1.h 1 Oct 2007 06:28:48 -0000 1.4.2.3 +++ ssl/dtls1.h 18 Oct 2007 00:12:12 -0000 @@ -84,7 +84,8 @@ #define DTLS1_CCS_HEADER_LENGTH 1 -#define DTLS1_AL_HEADER_LENGTH 7 +#define DTLS1_AL_HEADER_LENGTH 2 + /* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */ typedef struct dtls1_bitmap_stHi,
The alert message currently contains extra bytes in the payload.
Proposed patch below
Thanks,
Alex.
Index: ssl/d1_pkt.c
===================================================================
RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.9
diff -u -w -B -b -r1.4.2.9 d1_pkt.c
--- ssl/d1_pkt.c 3 Oct 2007 10:18:06 -0000 1.4.2.9
+++ ssl/d1_pkt.c 18 Oct 2007 00:12:44 -0000
@@ -1576,7 +1576,7 @@
{
int i,j;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
- unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
+ unsigned char buf[DTLS1_AL_HEADER_LENGTH];
unsigned char *ptr = &buf[0];
s->s3->alert_dispatch=0;
@@ -1585,6 +1585,10 @@
*ptr++ = s->s3->send_alert[0];
*ptr++ = s->s3->send_alert[1];
+#if 0
+ /* XXX: this is a possible improvement in the future */
+ /* now check if it's a missing record */
+
if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
{
s2n(s->d1->handshake_read_seq, ptr);
@@ -1600,6 +1604,7 @@
#endif
l2n3(s->d1->r_msg_hdr.frag_off, ptr);
}
+#endif
i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
if (i <= 0)
Index: ssl/dtls1.h
===================================================================
RCS file: /data1/Repository/openssl/ssl/dtls1.h,v
retrieving revision 1.4.2.3
diff -u -w -B -b -r1.4.2.3 dtls1.h
--- ssl/dtls1.h 1 Oct 2007 06:28:48 -0000 1.4.2.3
+++ ssl/dtls1.h 18 Oct 2007 00:12:12 -0000
@@ -84,7 +84,8 @@
#define DTLS1_CCS_HEADER_LENGTH 1
-#define DTLS1_AL_HEADER_LENGTH 7
+#define DTLS1_AL_HEADER_LENGTH 2
+ /* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */
typedef struct dtls1_bitmap_st