[openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

Julien Vermillard jvermillard at gmail.com
Mon Aug 29 16:37:10 UTC 2016 

I patched s_server to send a fake OCSP content (4 bytes).
I suppose the server will just push that to the client and the client
should fail complaining it's not a correct OCSP response.
But the server crash with:
ssl/statem/statem_dtls.c:127: OpenSSL internal error: assertion failed:
s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH

Command line used:

./openssl s_server -dtls1_2 -port 5684  -cipher
ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8
-CAfile ca.pem -cert server.pem -key server.key -chainCAfile bundle.pem
-status -status_verbose -mtu 1200

and
./openssl s_client -dtls1_2 -port 5684 -psk 73656372657450534b -host
localhost -cipher
ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8
-CAfile ca.pem -verify_hostname "IMEI:1234567890" -cert client.pem -key
client.key -chainCAfile bundle-client.pem -status


I attached also the test certificate and keys.

--
Julien Vermillard

On Mon, Aug 29, 2016 at 6:17 PM, Julien Vermillard <jvermillard at gmail.com>
wrote:

> It's a mix of C and Go, so it's really not minimal, but I'll try to modify
> s_server to see if I can reproduce it.
>
> --
> Julien Vermillard
>
> On Mon, Aug 29, 2016 at 6:13 PM, Matt Caswell <matt at openssl.org> wrote:
>
>>
>>
>> On 29/08/16 17:08, Julien Vermillard wrote:
>> > I have a DTLS 1.2 server based on last master (commit
>> > d196305aa0de1fc38837c27cb1ea6e60af9dd98d)
>> > I try to add ocsp stapling support (based on code in s_server.c).
>> >
>> > Basicaly in my callback I set the OCSP response by:
>> >
>> >
>> >     if (SSL_set_tlsext_status_ocsp_resp(s,dataPtr,respLen) == 0) {
>> >         return SSL_TLSEXT_ERR_NOACK;
>> >     } else {
>> >         return SSL_TLSEXT_ERR_OK;
>> >     }
>> >
>> > but if my server manage to get an OCSP response it crash with this
>> message:
>> >
>> > ssl/statem/statem_dtls.c:127: OpenSSL internal error: assertion failed:
>> > s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH
>> >
>> > Any clue?
>>
>> Do you have some minimal reproducer?
>>
>> Matt
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-simple-response.patch
Type: text/x-patch
Size: 4340 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bundle.pem
Type: application/x-x509-ca-cert
Size: 2722 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0005.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ca.pem
Type: application/x-x509-ca-cert
Size: 753 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0006.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.key
Type: application/x-iwork-keynote-sffkey
Size: 241 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.pem
Type: application/x-x509-ca-cert
Size: 1025 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0007.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bundle-client.pem
Type: application/x-x509-ca-cert
Size: 2678 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0008.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.key
Type: application/x-iwork-keynote-sffkey
Size: 241 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.pem
Type: application/x-x509-ca-cert
Size: 985 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/45806e10/attachment-0009.crt>

More information about the openssl-users mailing list