There appear to be several problems with this patch, see inline: > [seggelm...@fh-muenster.de - Mon Aug 31 17:04:19 2009]: > > This patch fixes several issues with DTLS cookies. > [snip] >
cookie_secret is defined: > +unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; > +int cookie_initialized=0; > Then you call: > + if (!RAND_bytes((unsigned char*) &cookie_secret, > COOKIE_SECRET_LENGTH)) Shouldn't that (and several other places too) be cookie_secret and not &cookie_secret? > > --- crypto/bio/bio.h 24 Jul 2009 11:25:13 -0000 1.80 > +++ crypto/bio/bio.h 31 Aug 2009 13:24:35 -0000 > @@ -157,9 +157,10 @@ > * previous write > * operation */ > > -#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the > data */ > +#define BIO_CTRL_DGRAM_GET_PEER 44 > +#define BIO_CTRL_DGRAM_SET_PEER 45 /* Destination for the > data */ > > -#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake > timeout to > +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 46 /* Next DTLS handshake > timeout to The above changes the values of some ctrls which have appeared in a released version of OpenSSL i.e. 0.9.8k. That is a definite no-no as it breaks binary compatibility. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
