Fixed in 1.0.1f and 1.0.0l:
http://www.openssl.org/news/vulnerabilities.html#2013-6450
th.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@ope
Attaching simpler (in C) sample to reproduce the issue.
1. build the sample
2. run in console
3. it will first negotiate DTLS between server and client (both in the same
process)
4. then it will try to renegotiate (immediately after negotiation finished)
5. client's flight containing Certificate,
Attaching simpler (in C) sample to reproduce the issue.
1. build the sample
2. run in console
3. it will first negotiate DTLS between server and client (both in the same
process)
4. then it will try to renegotiate (immediately after negotiation finished)
5. client's flight containing Certificate,
Attaching slightly modified sample which reproduces the problem (previous
one did not work sometimes).
Can be built as
g++ -o dtlstest main.cpp -std=c++11 -lssl -lcrypto -lpthread -g
On Wed, Dec 18, 2013 at 3:06 PM, Dmitry Sobinov via RT wrote:
> Got some more info on this bug. It's a memory us
Attaching slightly modified sample which reproduces the problem (previous
one did not work sometimes).
Can be built as
g++ -o dtlstest main.cpp -std=c++11 -lssl -lcrypto -lpthread -g
On Wed, Dec 18, 2013 at 3:06 PM, Dmitry Sobinov via RT wrote:
> Got some more info on this bug. It's a memory us
Got some more info on this bug. It's a memory use after free.
There's a problem with ssl_st::write_hash. It's cached
in dtls1_buffer_message() function for each handshake message and got freed
and replaced by new hash context when forming Change Cipher Spec message
(in ssl_replace_hash(), see stac
Got some more info on this bug. It's a memory use after free.
There's a problem with ssl_st::write_hash. It's cached
in dtls1_buffer_message() function for each handshake message and got freed
and replaced by new hash context when forming Change Cipher Spec message
(in ssl_replace_hash(), see stac
Hello
While testing renegotiations for DTLS-SRTP, found a crash on Windows.
OpenSSL version is 1.0.1e, also tested on the latest 1.0.1 snapshot. There
were 2 possible stack traces:
AddLiveService.dll!EVP_MD_size(const env_md_st * md) Line 273 C
> AddLiveService.dll!dtls1_do_write(ssl_st * s, in