On Fri, 2009-10-30 at 18:11 +0100, Robin Seggelmann via RT wrote:
> DTLS fragmentation doesn't consider the additional data required with
> using encryption, so the packet size then exceeds the MTU when
> fragmentation is performed. This patch subtracts the size of the mac
> and the additional encryption bytes of the maximum possible length for
> a fragment, if necessary.
>
> Thanks to Daniel Mentz for finding this bug.
>
...
> + if (s->write_hash)
> + mac_size = EVP_MD_CTX_size(s->write_hash);
> + else
> + mac_size = 0;
> +
This was applied to the 0.9.8 branch too, where it causes a SEGV. It
should be EVP_MD_size() there.
Index: ssl/d1_both.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_both.c,v
retrieving revision 1.4.2.21
diff -u -p -r1.4.2.21 d1_both.c
--- ssl/d1_both.c 2 Nov 2009 13:36:56 -0000 1.4.2.21
+++ ssl/d1_both.c 3 Nov 2009 20:41:54 -0000
@@ -226,7 +226,7 @@ int dtls1_do_write(SSL *s, int type)
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash)
- mac_size = EVP_MD_CTX_size(s->write_hash);
+ mac_size = EVP_MD_size(s->write_hash);
else
mac_size = 0;
--
David Woodhouse Open Source Technology Centre
[email protected] Intel Corporation
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
