> http://cvs.openssl.org/chngview?cn=22334 is interim solution,
> proper solution will be provided at later point (if found appropriate).
Thanks, this circumvents the DTLS issue.
The TLS empty fragments issue remains, but this patch hints at
the cause. I think the problem is here, (s3_pkt.c, circa line 664):
if ( (sess == NULL) ||
(s->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->write_hash) == NULL))
clear=1;
if (clear)
mac_size=0;
else
{
mac_size=EVP_MD_CTX_size(s->write_hash);
if (mac_size < 0)
goto err;
}
/* 'create_empty_fragment' is true only when this function calls itself */
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
{
/* countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt) */
... If I'm reading things correctly, the cipher workarounds mean
EVP_MD_CTX_md(s->write_hash) is always NULL so this code skips the
empty fragments countermeasure. Debug printfs verify that "clear"
differs in good/bad test runs.
I'm guessing this test is here to prevent unwanted empty fragments
before the handshake is complete, but it looks like the logic is
flawed.
I notice similar logic in ssl3_get_record(), (unrelated to empty
fragments). That may be broken also.
Regards,
John
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
