On Sep 15, 2011, at 6:57 PM, Paul Witty wrote: > The code which reproduces the crash (not necessarily minimal): > > SSL_CTX * dtls_context = SSL_CTX_new(DTLSv1_method()); > SSL_CTX_set_read_ahead(dtls_context, 1); > SSL_CTX_set_cipher_list(dtls_context, "DEFAULT:!LOW:!EXP:!MD5"); > SSL_CTX_set_options(dtls_context, SSL_OP_NO_TICKET); > SSL * client_ssl = SSL_new(dtls_context); > SSL_set_options(client_ssl_context, SSL_OP_NO_QUERY_MTU); > BIO * client_ip_bio = BIO_new(BIO_s_mem()); > BIO * client_op_bio = BIO_new(BIO_s_mem()); > BIO_set_callback(client_op_bio, bio_callback); > BIO_set_callback_arg(client_op_bio, NULL); > SSL_set_bio(client_ssl, client_ip_bio, client_op_bio); > SSL_set_verify(client_ssl, SSL_VERIFY_PEER, dtls_verify_callback); > SSL_set_connect_state(client_ssl); > SSL_set_mtu (client_ssl, 1400); > SSL_do_handshake(client_ssl); Hi Paul,
I think this is what Robin found. Could you give the patch provided by Robin in http://rt.openssl.org/Ticket/Display.html?id=2602 a try? It should fix your issue. Best regards Michael > > -- > > Paul > > On 12/09/11 14:45, Robin Seggelmann wrote: >> Hi Paul, >> >> On Sep 9, 2011, at 4:56 PM, Paul Witty wrote: >> >>> Since updating to OpenSSL 1.0.0e from 1.0.0d, I've been suffering a crash >>> when connecting with DTLS. I've tracked this down to trying to perform a >>> memcpy of (unsigned int)-13 in do_dtls1_write (where a length of -13 is >>> passed all the way down from dtls1_do_Write, which seems to be because the >>> MTU on the DTLS context is 0, despite having manually set it to a non-zero >>> value. Further investigation shows that the change to dtls1_clear is >>> clearing everything in the DTLS1_STATE, which includes my previously >>> configured MTU. Preserving the value of the MTU across the memset in >>> dtls1_clear fixes the issue. >> I just looked into this and I guess you're right. Currently, DTLS1_STATE is >> always cleared and thus the MTU set to 0 before starting the initial >> handshake. By default, the MTU will be retrieved from the socket of the BIO >> object, if possible, or the default value is used later on. If >> SSL_OP_NO_QUERY_MTU is set to prevent the retrieval from the BIO object to >> provide the MTU manually, it will use the MTU stored in DTLS1_STATE as it >> is, that is 0, which makes no sense whatsoever. >> >> So the MTU stored in DTLS1_STATE must not be cleared if SSL_OP_NO_QUERY_MTU >> is set, otherwise there is no proper way to set the MTU manually. I'll >> provide a patch shortly. >> >> Thanks for the report! >> >> Best regards >> Robin >> >> >> >> >> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
