[openssl.org #2160] [PATCH] DTLS Sessionticket extension bugs

Sun, 31 Jan 2010 12:57:33 -0800 

The Sessionticket extension doesn't work with DTLS. The NewSessionTicket 
message of the server is truncated because of a wrong calculation of the length 
and the server is also unable to parse the ticket attached to a ClientHello 
because DTLS is considered as an unknown protocol version.

Regards,
Robin


Index: ssl/d1_srvr.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/d1_srvr.c,v
retrieving revision 1.20.2.14
diff -u -r1.20.2.14 d1_srvr.c
--- ssl/d1_srvr.c       26 Jan 2010 19:46:29 -0000      1.20.2.14
+++ ssl/d1_srvr.c       31 Jan 2010 18:09:17 -0000
@@ -1525,9 +1667,10 @@
                p += hlen;
                /* Now write out lengths: p points to end of data written */
                /* Total length */
-               len = p - (unsigned char 
*)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+               len = p - (unsigned char *)(s->init_buf->data);
+               /* Ticket length */
                p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) 
+ 4;
-               s2n(len - 18, p);  /* Ticket length */
+               s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
 
                /* number of bytes to write */
                s->init_num= len;
Index: ssl/ssl_asn1.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/ssl_asn1.c,v
retrieving revision 1.36.2.5
diff -u -r1.36.2.5 ssl_asn1.c
--- ssl/ssl_asn1.c      30 Oct 2009 14:06:18 -0000      1.36.2.5
+++ ssl/ssl_asn1.c      31 Jan 2010 18:09:20 -0000
@@ -394,7 +394,7 @@
                        ((unsigned long)os.data[1]<< 8L)|
                         (unsigned long)os.data[2];
                }
-       else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
+       else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
                {
                if (os.length != 2)
                        {
        
Index: ssl/ssl_sess.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.74.2.1
diff -u -r1.74.2.1 ssl_sess.c
--- ssl/ssl_sess.c      19 Apr 2009 18:03:13 -0000      1.74.2.1
+++ ssl/ssl_sess.c      31 Jan 2010 18:09:22 -0000
@@ -538,7 +538,7 @@
                p=buf;
                l=ret->cipher_id;
                l2n(l,p);
-               if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
+               if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
                else 
                        ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));

Attachment: dtls-sessionticket-bug-1.0.0.patch
Description: Binary data

Attachment: dtls-sessionticket-bug-0.9.8.patch
Description: Binary data

Reply via email to