From f36c3885b500786449f85cf8a89c2a925506a4ed Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 17 Jun 2020 11:37:39 +0100 Subject: [PATCH 1/1] Return the cookie_len value from generate_cookie_callback The generate_cookie_callback was failing to pass back the generated cookie length to the caller. This results in DTLS connection failures from s_server. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12179) --- apps/lib/s_cb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index d021c868c3..5bddde5b03 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -745,6 +745,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, EVP_MAC *hmac = NULL; EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[3], *p = params; + size_t mac_len; /* Initialize a random secret */ if (!cookie_initialized) { @@ -808,10 +809,11 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, BIO_printf(bio_err, "HMAC context update failed\n"); goto end; } - if (!EVP_MAC_final(ctx, cookie, NULL, (size_t)cookie_len)) { + if (!EVP_MAC_final(ctx, cookie, &mac_len, DTLS1_COOKIE_LENGTH)) { BIO_printf(bio_err, "HMAC context final failed\n"); goto end; } + *cookie_len = (int)mac_len; res = 1; end: OPENSSL_free(buffer); @@ -840,7 +842,8 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, size_t *cookie_len) { - unsigned int temp; + unsigned int temp = 0; + int res = generate_cookie_callback(ssl, cookie, &temp); *cookie_len = temp; return res; -- 2.34.1