PR: 2160

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.

ssl/d1_srvr.c

@@ -1525,9 +1525,10 @@ int dtls1_send_newsession_ticket(SSL *s)
 		p += hlen;
 		/* Now write out lengths: p points to end of data written */
 		/* Total length */
-		len = p - (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+		len = p - (unsigned char *)(s->init_buf->data);
+		/* Ticket length */
 		p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
-		s2n(len - 18, p);  /* Ticket length */
+		s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
 
 		/* number of bytes to write */
 		s->init_num= len;

ssl/ssl_asn1.c

@@ -394,7 +394,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 			((unsigned long)os.data[1]<< 8L)|
 			 (unsigned long)os.data[2];
 		}
-	else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
+	else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
 		{
 		if (os.length != 2)
 			{
@@ -415,7 +415,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	ret->cipher_id=id;
 
 	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
-	if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
+	if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
 		i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
 	else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
 		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;

ssl/ssl_sess.c

@@ -543,7 +543,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		p=buf;
 		l=ret->cipher_id;
 		l2n(l,p);
-		if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
+		if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
 		else 
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));