[Pkg-openssl-devel] Bug#335703: marked as forwarded (libssl0.9.8: OpenSSL fails to handle fragmented handshake messages using DTLS)

Debian Bug Tracking System owner at bugs.debian.org
Wed Nov 16 19:03:22 UTC 2005 

Your message dated Wed, 16 Nov 2005 19:56:34 +0100
with message-id <437B80E2.60607 at users.sourceforge.net>
has caused the Debian Bug report #335703,
regarding libssl0.9.8: OpenSSL fails to handle fragmented handshake messages using DTLS
to be marked as having been forwarded to the upstream software
author(s) rt at openssl.org.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

---------------------------------------
Received: (at 335703-forwarded) by bugs.debian.org; 16 Nov 2005 18:56:38 +0000
>From mikma at users.sourceforge.net Wed Nov 16 10:56:38 2005
Return-path: <mikma at users.sourceforge.net>
Received: from 84-217-27-241.tn.glocalnet.net ([84.217.27.241] helo=mulder.hem.za.org)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1EcSST-0000dg-TM
	for 335703-forwarded at bugs.debian.org; Wed, 16 Nov 2005 10:56:38 -0800
Received: from skinner.hem.za.org ([fec0::202:44ff:fe1d:d021])
	by mulder.hem.za.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.50)
	id 1EcSST-0007az-Sf; Wed, 16 Nov 2005 19:56:37 +0100
Received: from localhost ([127.0.0.1])
	by skinner.hem.za.org with esmtp (Exim 4.52)
	id 1EcSSQ-0004LI-NW; Wed, 16 Nov 2005 19:56:34 +0100
Message-ID: <437B80E2.60607 at users.sourceforge.net>
Date: Wed, 16 Nov 2005 19:56:34 +0100
From: Mikael Magnusson <mikma at users.sourceforge.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051007 Debian/1.7.12-1
X-Accept-Language: sv, en, en-us
MIME-Version: 1.0
To: rt at openssl.org
CC: 335703-forwarded at bugs.debian.org
Subject: [bug report][patch] Handling of fragmented DTLS handshake messages
Content-Type: multipart/mixed;
 boundary="------------070805010405090506040309"
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

This is a multi-part message in MIME format.
--------------070805010405090506040309
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

OpenSSL 0.9.8 doesn't seem to handle fragmented DTLS handshake 
(certificate) messages correctly.

As seen in the following example s_client fails to connect to s_server 
using the DTLS protocol if the MTU it set to 1500 (default for 
Ethernet). The same commands succeeds when using a large MTU, for 
example 65000.

$ openssl s_server -accept 5069 -dtls1 -cert 
/etc/apache/ssl.crt/snakeoil-dsa.crt -key 
/etc/apache/ssl.key/snakeoil-dsa.key -CAfile 
/etc/apache/ssl.crt/snakeoil-ca-dsa.crt -mtu 1500
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ERROR
3407:error:143F8412:SSL routines:DTLS1_READ_BYTES:sslv3 alert bad 
certificate:d1_pkt.c:943:SSL alert number 42
shutting down SSL
CONNECTION CLOSED
ACCEPT


$ openssl s_client -host localhost -port 5069 -dtls1
CONNECTED(00000003)
3409:error:0D07209B:asn1 encoding routines:ASN1_get_object:too 
long:asn1_lib.c:142:
3409:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object 
header:tasn_dec.c:1269:
3409:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:653:
3409:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:704:
3409:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
error:tasn_dec.c:743:Field=subject, Type=X509_CINF
3409:error:0D08303A:asn1 encoding 
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 
error:tasn_dec.c:743:Field=cert_info, Type=X509
3409:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 
lib:s3_clnt.c:866:

The attached patch solves the problem for me.

This is reported as bug #335703 in the Debian BTS. Please keep Cc to 
335703-forwarded at bugs.debian.org in answers to this message.

/Mikael

--------------070805010405090506040309
Content-Type: text/x-diff;
 name="openssl_dtls2.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssl_dtls2.patch"

diff -ur openssl-SNAP-20051028.orig/ssl/d1_both.c openssl-SNAP-20051028/ssl/d1_both.c
--- openssl-SNAP-20051028.orig/ssl/d1_both.c	2005-07-26 07:00:26.000000000 +0200
+++ openssl-SNAP-20051028/ssl/d1_both.c	2005-10-29 10:28:49.000000000 +0200
@@ -724,11 +724,13 @@
     /* case (3): received a immediately useful fragment.  Determine the 
      * possible overlap and copy the fragment.
      */
-    overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off;
         
     /* retain the header for the first fragment */
     if ( s->init_num > DTLS1_HM_HEADER_LENGTH)
         {
+        s->init_num -= DTLS1_HM_HEADER_LENGTH;
+        overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off;
+
         memmove(&(s->init_buf->data[s->init_num]),
             &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH + overlap]),
             frag_len - overlap);
@@ -736,7 +738,10 @@
         s->init_num += frag_len - overlap;
         }
     else
+        {
+        overlap = 0;
         s->init_num += frag_len;
+        }
 
     dtls1_process_handshake_fragment(s, frag_len - overlap);
 

--------------070805010405090506040309--

More information about the Pkg-openssl-devel mailing list