Joshua Rogers 688e4f4a5f dtls: fix DTLSv1_listen msg_callback to report HelloVerifyRequest ...

DTLSv1_listen built the HelloVerifyRequest in wbuf but invoked
msg_callback with buf and DTLS1_RT_HEADER_LENGTH, and version 0.
That caused incorrect logging and could disclose the ClientHello
to write callbacks. Use wbuf and the actual record version for the
record header, and add a second callback that reports the handshake
message bytes. No change to on-wire behavior.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28916)

2025-12-11 12:54:09 +01:00

29 KiB

Raw Permalink Blame History

View Raw