Hi again, in d1_pkt.c:574 (s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) seems to be false at times. When the program reaches *p == SSL3_MT_CLIENT_HELLO further down it fails (since p is initialized to NULL).
if I add if (NULL == p) { p = s->packet; } before *p == SSL3_MT_CLIENT_HELLO, it works. Should I report a bug? Fredrik On Fri, Oct 25, 2013 at 2:03 PM, Fredrik Jansson < fredrik.jansson...@gmail.com> wrote: > Hi! > > > I am trying to use DTLS with PSK (cipher: SSL_TXT_PSK). Everything works > well if I don't set OpenSSL in FIPS mode (FIPS_mode_set(1)). > > > If I do, I get crashes as below where p =0; > > > Program received signal SIGSEGV, Segmentation fault. > > [Switching to Thread 0x7fffddffb700 (LWP 15278)] > > 0x00007ffff752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at d1_pkt.c:680 > > 680 *p == SSL3_MT_CLIENT_HELLO) && > > (gdb) bt > > #0 0x00007ffff752ebe0 in dtls1_get_record (s=0x7fffc8000c00) at > d1_pkt.c:680 > > #1 0x00007ffff752ef7f in dtls1_read_bytes (s=0x7fffc8000c00, type=22, > buf=0x7fffddffa990 "\300\251\377\335\377\177", len=12, peek=0) at > d1_pkt.c:838 > > #2 0x00007ffff75327cd in dtls1_get_message_fragment (s=0x7fffc8000c00, > st1=8465, stn=8466, max=16384, ok=0x7fffddffaa44) at d1_both.c:788 > > #3 0x00007ffff7531699 in dtls1_get_message (s=0x7fffc8000c00, st1=8465, > stn=8466, mt=1, max=16384, ok=0x7fffddffaa44) at d1_both.c:436 > > #4 0x00007ffff7503a53 in ssl3_get_client_hello (s=0x7fffc8000c00) at > s3_srvr.c:941 > > #5 0x00007ffff752712c in dtls1_accept (s=0x7fffc8000c00) at d1_srvr.c:298 > > #6 0x00007ffff7536e85 in SSL_accept (s=0x7fffc8000c00) at ssl_lib.c:940 > > #7 0x00007ffff752dd38 in dtls1_listen (s=0x7fffc8000c00, > client=0x7fffddffacf0) at d1_lib.c:477 > > #8 0x00007ffff752d715 in dtls1_ctrl (s=0x7fffc8000c00, cmd=75, larg=0, > parg=0x7fffddffacf0) at d1_lib.c:263 > > #9 0x00007ffff7537422 in SSL_ctrl (s=0x7fffc8000c00, cmd=75, larg=0, > parg=0x7fffddffacf0) at ssl_lib.c:1106 > > #10 0x00000000009b64a9 in (anonymous namespace)::listenThread > (serverAddr=...) at > /home/frja/srv_trunk/src/product/service/dtls/unix/dtlsserver.cpp:586 > > > This is only a problem when combining PSK and FIPS, if I do either FIPS or > PSK it works. > > > Can anyone please help me out? > > > Fredrik >