BIO Data access problem with OpenSSL 0.9.8d

Tue, 30 Jan 2007 15:58:11 -0800 

Greetings everyone:

We're using OpenSSL for TLS client/server authentication, implement
via EAP-FAST protocol.

We are seeing odd output when doing the tunnel establishment
phase( tls full client side auth handshake)  on the client side.

Details are:
      a. we set the ciphersuite to TLS_DH_anon_WITH_AES_128_CBC_SHA
(anonymous provisioning)
      b. send correctly the ClientHello with the above ciphersuite.
      c. server sends correctly back the server hello, accepting the
ciphersuite.(ServerHello,ServerKeyExchange,ServerHeloDone)
      d. after parsing the response from server, client responds with a ACK
for the serverHelo frame.


More in-depth description:
      We have the following structures for keepind data:

      mytls_vars->ctx = SSL_CTX_new(TLSv1_method());
      mytls_vars->ssl = SSL_new(mytls_vars->ctx);
      mytls_vars->ssl_in = BIO_new(BIO_s_mem());
      mytls_vars->ssl_out = BIO_new(BIO_s_mem());
      SSL_set_bio(mytls_vars->ssl, mytls_vars->ssl_in, mytls_vars-

ssl_out);


      At point d, we try to get the response like this:
      (ssl3_connect(....))
      BIO_get_mem_ptr(mytls_vars->ssl_out, &retData);
      mytls_vars->tlsoutdata = retData->data;
      mytls_vars->tlsoutsize = retData->length;

      We see that retData->length is zero.


Digging deeper, and looking at the ((BIO_F_BUFFER_CTX*)mytls_vars->ssl-

wbio->ptr)->obuf pointer we can see here, all the response frames

buffered that should be sent instead of ACK.
(ClientKeyExchange,ChangeCipherSpec,EncrHandshake)
      After we "prepare" the response for point c, we have the following
responses for
      BIO_pending ( mytls_vars->ssl_out) = 0;
      BIO_wpending ( mytls_vars->ssl_out) = 0;
      BIO_pending ( mytls_vars->ssl->wbio ) = 0;
      BIO_wpending ( mytls_vars->ssl->wbio ) = 326;
      326 is the size of the data that should have been sent and dumping
memory at the obuf from wbio->ptr, the response is clearly indicating
the 3 tls records (ClientKeyExchange,ChangeCipherSpec,EncrHandshake)

      All the links between mytls_vars->ssl->wbio and mytls_vars->ssl_out
seem to be correctly set, i.e:
      wbio->next = ssl_out.
      ssl_out->next = NULL;
      ssl_out->prev = wbio.

The same behavior happens if we skip step a (set of cipher suite) and
let server choose.

Any help on the above would be highly appreciated.

-Areg

Reply via email to