[openssl-dev] [openssl.org #3657] OpenSSL 1.0.1k DTLS handshake no longer works

Eugen-Andrei Gavriloaie shiretu at gmail.com
Wed Jan 14 21:03:11 UTC 2015


And from an Ubuntu box (apparently, it runs 1.0.1f)

shiretu at ubuntu:/tmp$ gcc -std=c99 dtls_bug.c -lssl -lcrypto -o dtls_bug

shiretu at ubuntu:/tmp$ ./dtls_bug 
dtls_bug: dtls_bug.c:110: main: Assertion `pSSLBuffer->length != 0' failed.
Aborted (core dumped)

shiretu at ubuntu:/tmp$ uname -a
Linux ubuntu 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

shiretu at ubuntu:/tmp$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

shiretu at ubuntu:/tmp$ ldd dtls_bug
	linux-vdso.so.1 =>  (0x00007fff0fbe7000)
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fec11f22000)
	libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fec11b3f000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fec11779000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fec11575000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fec12189000)



> On Jan 14, 2015, at 22:21, Eugen-Andrei Gavriloaie via RT <rt at openssl.org> wrote:
> 
> Hi all,
> 
> I believe I have found a bug which is only present in the latest versions (1.0.1k)
> 
> I have created a simple C test which does the following things in this order:
> 
> 1. initialize the SSL library
> 2. creates an X509 key and cert
> 3. creates an DTLS server SSL context
> 4. Setup 2 memory BIO instances on the SSL context
> 5. Feed the input BIO with a hardcoded "Client Hello" packet
> 6. Call SSL_accept
> 
> Wanted:
> The output BIO should contain a packet ("Server Hello") to be sent over the wire
> 
> Observed:
> The output BIO is empty, the handshake never succeeds
> 
> Same file test app linked with OpenSSL 1.0.1j works as expected, the output is generated.
> 
> I have attached the C file.
> 
> Best regards,
> Andrei
> 
> 
> <dtls_bug.c>
> 
> 
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev



More information about the openssl-dev mailing list