[openssl-dev] [openssl.org #3703] 1.0.2 regression with Cisco DTLS_BAD_VER
Short, Todd
tshort at akamai.com
Wed Feb 18 16:43:46 UTC 2015
The Cisco ASA uses hardware-assist for IPSec/TLS/SSL/DTLS, and most of that work was done before DTLS was standardized. This is also the reason why Cisco ASA support for TLSv1.1/v1.2 is a long time coming. The Cisco ASA VPN team is very small, and they’ve lost people on the VPN team recently.
The Cisco ASA has recently updated to OpenSSL 1.0.1 (right before Heartbleed broke out), so it really depends on what version of the ASA code you are running.
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// “One if by land, two if by sea, three if by the Internet."
On Feb 17, 2015, at 4:48 PM, David Woodhouse via RT <rt at openssl.org<mailto:rt at openssl.org>> wrote:
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS.
$DEITY knows why Cisco haven't moved to the standard version of DTLS by
now. The RFC was published in 2006, and since you can tell the
difference on the wire it's *trivial* to have the server accept both and
upgrade the clients piecemeal. The ocserv server manages this.
But it isn't our place to marvel at Cisco's incompetence (like the fact
that their DTLS implementation is still dropping out-of-order received
packets, 6½ years after I fixed RT#1752). Our place is to try to be
compatible with it. And this commit broke that, causing the OpenConnect
VPN client to abort:
Connected vpntest0 as 192.168.1.13, using SSL
d1_both.c(1112): OpenSSL internal error, assertion failed: s->d1->w_msg_hdr.msg_len + DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num
Aborted (core dumped)
---
The patch below fixes it. Tested in 1.0.2, but I haven't tested with
HEAD yet because I need to work out how to set up the DTLS session to be
"resumed" — none of this compiles any more...
../dtls.c: In function 'start_dtls_handshake':
../dtls.c:141:24: error: dereferencing pointer to incomplete type
vpninfo->dtls_session->ssl_version = 0x0100; /* DTLS1_BAD_VER */
^
../dtls.c:145:23: error: dereferencing pointer to incomplete type
vpninfo->dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
^
../dtls.c:146:30: error: dereferencing pointer to incomplete type
memcpy(vpninfo->dtls_session->master_key, vpninfo->dtls_secret,
^
../dtls.c:149:23: error: dereferencing pointer to incomplete type
vpninfo->dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
^
../dtls.c:150:30: error: dereferencing pointer to incomplete type
memcpy(vpninfo->dtls_session->session_id, vpninfo->dtls_session_id,
^
../dtls.c:170:23: error: dereferencing pointer to incomplete type
vpninfo->dtls_session->cipher = dtls_cipher;
^
../dtls.c:171:23: error: dereferencing pointer to incomplete type
vpninfo->dtls_session->cipher_id = dtls_cipher->id;
^
../dtls.c:171:48: error: dereferencing pointer to incomplete type
vpninfo->dtls_session->cipher_id = dtls_cipher->id;
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 2553c3d..1116416 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1108,8 +1108,9 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
memcpy(frag->fragment, s->init_buf->data, s->init_num);
if (is_ccs) {
+ /* For DTLS_BAD_VER the header length is non-standard */
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+ ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
} else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
--
dwmw2
<smime.p7s>_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150218/840ac366/attachment-0001.html>
More information about the openssl-dev
mailing list