Commit 688e4f4a5f for openssl.org
commit 688e4f4a5f5cb8d287ad1efbc0017cf6be628c17
Author: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sun Oct 12 06:19:29 2025 +0800
dtls: fix DTLSv1_listen msg_callback to report HelloVerifyRequest
DTLSv1_listen built the HelloVerifyRequest in wbuf but invoked
msg_callback with buf and DTLS1_RT_HEADER_LENGTH, and version 0.
That caused incorrect logging and could disclose the ClientHello
to write callbacks. Use wbuf and the actual record version for the
record header, and add a second callback that reports the handshake
message bytes. No change to on-wire behavior.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28916)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 4a4eebb27d..1f77ede0cb 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -731,10 +731,17 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
&wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
3);
- if (s->msg_callback)
- s->msg_callback(1, version, SSL3_RT_HEADER, wbuf,
- DTLS1_RT_HEADER_LENGTH, ssl,
- s->msg_callback_arg);
+ if (s->msg_callback) {
+ /* Report the outgoing DTLS record header */
+ s->msg_callback(1, (int)version, SSL3_RT_HEADER,
+ wbuf, DTLS1_RT_HEADER_LENGTH,
+ ssl, s->msg_callback_arg);
+ /* Report the HelloVerifyRequest handshake message */
+ s->msg_callback(1, (int)version, SSL3_RT_HANDSHAKE,
+ wbuf + DTLS1_RT_HEADER_LENGTH,
+ wreclen - DTLS1_RT_HEADER_LENGTH,
+ ssl, s->msg_callback_arg);
+ }
if ((tmpclient = BIO_ADDR_new()) == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);