Re: DTLS PSK in FIPS mode

Fri, 25 Oct 2013 05:32:29 -0700 

Hi again,

in d1_pkt.c:574
(s->rstate != SSL_ST_READ_BODY) || (s->packet_length <
DTLS1_RT_HEADER_LENGTH)) seems to be false at times. When the program
reaches *p == SSL3_MT_CLIENT_HELLO further down it fails (since p is
initialized to NULL).

if I add

if (NULL == p) {
   p = s->packet;
}

before *p == SSL3_MT_CLIENT_HELLO, it works.

Should I report a bug?

Fredrik




On Fri, Oct 25, 2013 at 2:03 PM, Fredrik Jansson <
fredrik.jansson...@gmail.com> wrote:

> Hi!
>
>
> I am trying to use DTLS with PSK (cipher: SSL_TXT_PSK). Everything works
> well if I don't set OpenSSL in FIPS mode (FIPS_mode_set(1)).
>
>
> If I do, I get crashes as below where p =0;
>
>
> Program received signal SIGSEGV, Segmentation fault.
>
> [Switching to Thread 0x7fffddffb700 (LWP 15278)]
>
> 0x00007ffff752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at d1_pkt.c:680
>
> 680    *p == SSL3_MT_CLIENT_HELLO) &&
>
> (gdb) bt
>
> #0  0x00007ffff752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at
> d1_pkt.c:680
>
> #1  0x00007ffff752ef7f in dtls1_read_bytes (s=0x7fffc8000c00, type=22,
> buf=0x7fffddffa990 "\300\251\377\335\377\177", len=12, peek=0) at
> d1_pkt.c:838
>
> #2  0x00007ffff75327cd in dtls1_get_message_fragment (s=0x7fffc8000c00,
> st1=8465, stn=8466, max=16384, ok=0x7fffddffaa44) at d1_both.c:788
>
> #3  0x00007ffff7531699 in dtls1_get_message (s=0x7fffc8000c00, st1=8465,
> stn=8466, mt=1, max=16384, ok=0x7fffddffaa44) at d1_both.c:436
>
> #4  0x00007ffff7503a53 in ssl3_get_client_hello (s=0x7fffc8000c00) at
> s3_srvr.c:941
>
> #5  0x00007ffff752712c in dtls1_accept (s=0x7fffc8000c00) at d1_srvr.c:298
>
> #6  0x00007ffff7536e85 in SSL_accept (s=0x7fffc8000c00) at ssl_lib.c:940
>
> #7  0x00007ffff752dd38 in dtls1_listen (s=0x7fffc8000c00,
> client=0x7fffddffacf0) at d1_lib.c:477
>
> #8  0x00007ffff752d715 in dtls1_ctrl (s=0x7fffc8000c00, cmd=75, larg=0,
> parg=0x7fffddffacf0) at d1_lib.c:263
>
> #9  0x00007ffff7537422 in SSL_ctrl (s=0x7fffc8000c00, cmd=75, larg=0,
> parg=0x7fffddffacf0) at ssl_lib.c:1106
>
> #10 0x00000000009b64a9 in (anonymous namespace)::listenThread
> (serverAddr=...) at
> /home/frja/srv_trunk/src/product/service/dtls/unix/dtlsserver.cpp:586
>
>
> This is only a problem when combining PSK and FIPS, if I do either FIPS or
> PSK it works.
>
>
> Can anyone please help me out?
>
>
> Fredrik
>

Reply via email to