Hi,
The alert message currently contains extra bytes in the payload.
Proposed patch below
Thanks,
Alex.
Index: ssl/d1_pkt.c
===
RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.9
diff -u -w -B -b -r1.4.2.9 d1_pkt.c
--- ssl/d1_pkt.c3 Oct 2007 10:18:06 - 1.4.2.9
+++ ssl/d1_pkt.c18 Oct 2007 00:12:44 -
@@ -1576,7 +1576,7 @@
{
int i,j;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
- unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message
seq +frag_off */
+ unsigned char buf[DTLS1_AL_HEADER_LENGTH];
unsigned char *ptr = buf[0];
s-s3-alert_dispatch=0;
@@ -1585,6 +1585,10 @@
*ptr++ = s-s3-send_alert[0];
*ptr++ = s-s3-send_alert[1];
+#if 0
+/* XXX: this is a possible improvement in the future */
+ /* now check if it's a missing record */
+
if (s-s3-send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
{
s2n(s-d1-handshake_read_seq, ptr);
@@ -1600,6 +1604,7 @@
#endif
l2n3(s-d1-r_msg_hdr.frag_off, ptr);
}
+#endif
i = do_dtls1_write(s, SSL3_RT_ALERT, buf[0], sizeof(buf), 0);
if (i = 0)
Index: ssl/dtls1.h
===
RCS file: /data1/Repository/openssl/ssl/dtls1.h,v
retrieving revision 1.4.2.3
diff -u -w -B -b -r1.4.2.3 dtls1.h
--- ssl/dtls1.h 1 Oct 2007 06:28:48 - 1.4.2.3
+++ ssl/dtls1.h 18 Oct 2007 00:12:12 -
@@ -84,7 +84,8 @@
#define DTLS1_CCS_HEADER_LENGTH 1
-#define DTLS1_AL_HEADER_LENGTH 7
+#define DTLS1_AL_HEADER_LENGTH 2
+/* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */
typedef struct dtls1_bitmap_st
Hi,The alert message currently contains extra bytes in the payload.Proposed patch belowThanks,Alex.Index: ssl/d1_pkt.c===
RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,vretrieving revision 1.4.2.9diff -u -w -B -b -r1.4.2.9 d1_pkt.c--- ssl/d1_pkt.c 3 Oct 2007 10:18:06 -
1.4.2.9+++ ssl/d1_pkt.c 18 Oct 2007 00:12:44 -@@ -1576,7 +1576,7 @@ { int i,j; void (*cb)(const SSL *ssl,int type,int val)=NULL;- unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
+ unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = buf[0]; s-s3-alert_dispatch=0;@@ -1585,6 +1585,10 @@ *ptr++ = s-s3-send_alert[0];
*ptr++ = s-s3-send_alert[1];+#if 0+ /* XXX: this is a possible improvement in the future */+ /* now check if its a missing record */+ if (s-s3-send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
{ s2n(s-d1-handshake_read_seq, ptr);@@ -1600,6 +1604,7 @@#endif l2n3(s-d1-r_msg_hdr.frag_off, ptr); }+#endif
i = do_dtls1_write(s, SSL3_RT_ALERT, buf[0], sizeof(buf), 0); if (i = 0)Index: ssl/dtls1.h===RCS file: /data1/Repository/openssl/ssl/dtls1.h,v
retrieving revision 1.4.2.3diff -u -w -B -b -r1.4.2.3 dtls1.h--- ssl/dtls1.h 1 Oct 2007 06:28:48 - 1.4.2.3+++ ssl/dtls1.h 18 Oct 2007 00:12:12 -
@@ -84,7 +84,8 @@#define DTLS1_CCS_HEADER_LENGTH 1-#define DTLS1_AL_HEADER_LENGTH 7+#define DTLS1_AL_HEADER_LENGTH 2+ /* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */
typedef struct dtls1_bitmap_st