Greetings everyone: We're using OpenSSL for TLS client/server authentication, implement via EAP-FAST protocol.
We are seeing odd output when doing the tunnel establishment phase( tls full client side auth handshake) on the client side. Details are: a. we set the ciphersuite to TLS_DH_anon_WITH_AES_128_CBC_SHA (anonymous provisioning) b. send correctly the ClientHello with the above ciphersuite. c. server sends correctly back the server hello, accepting the ciphersuite.(ServerHello,ServerKeyExchange,ServerHeloDone) d. after parsing the response from server, client responds with a ACK for the serverHelo frame. More in-depth description: We have the following structures for keepind data: mytls_vars->ctx = SSL_CTX_new(TLSv1_method()); mytls_vars->ssl = SSL_new(mytls_vars->ctx); mytls_vars->ssl_in = BIO_new(BIO_s_mem()); mytls_vars->ssl_out = BIO_new(BIO_s_mem()); SSL_set_bio(mytls_vars->ssl, mytls_vars->ssl_in, mytls_vars-
ssl_out);
At point d, we try to get the response like this: (ssl3_connect(....)) BIO_get_mem_ptr(mytls_vars->ssl_out, &retData); mytls_vars->tlsoutdata = retData->data; mytls_vars->tlsoutsize = retData->length; We see that retData->length is zero. Digging deeper, and looking at the ((BIO_F_BUFFER_CTX*)mytls_vars->ssl-
wbio->ptr)->obuf pointer we can see here, all the response frames
buffered that should be sent instead of ACK. (ClientKeyExchange,ChangeCipherSpec,EncrHandshake) After we "prepare" the response for point c, we have the following responses for BIO_pending ( mytls_vars->ssl_out) = 0; BIO_wpending ( mytls_vars->ssl_out) = 0; BIO_pending ( mytls_vars->ssl->wbio ) = 0; BIO_wpending ( mytls_vars->ssl->wbio ) = 326; 326 is the size of the data that should have been sent and dumping memory at the obuf from wbio->ptr, the response is clearly indicating the 3 tls records (ClientKeyExchange,ChangeCipherSpec,EncrHandshake) All the links between mytls_vars->ssl->wbio and mytls_vars->ssl_out seem to be correctly set, i.e: wbio->next = ssl_out. ssl_out->next = NULL; ssl_out->prev = wbio. The same behavior happens if we skip step a (set of cipher suite) and let server choose. Any help on the above would be highly appreciated. -Areg