On Tue, 2008-09-23 at 23:12 -0700, nagendra modadugu wrote: > Hi David, unfortunately I've been out of touch with the developments > to DTLS for some time. I forwarded your message to Eric Rescorla > who worked with Cisco to get their implementation working.
Thanks. > I suspect that Cisco has proprietary patches that they haven't disclosed > (or don't know how to). Hm, I was hoping that it wasn't any deliberate "proprietary patches", but rather just an incompatibility because they were using a pre-RFC snapshot of the protocol. Why use a standard protocol but then hack it up with extra proprietary nonsense? At the worst, I should be able to reverse-engineer the library I have. Most functions will be identical, and once I have it down to a list of known-different functions I can take a closer look at each one. Armed with the unmodified source code and a disassembler it shouldn't be particularly hard to work out the differences. But that's a pain, especially as I'm mostly clueless about the protocol so wouldn't be able to make many educated guesses -- it'd all be brainless grunt-work. So far, I've noticed that their library is calling tls1_change_cipher_state() for a second time during my test case (both after receiving the Server Hello, while the real OpenSSL only does so once. [EMAIL PROTECTED] anyconnect]$ LD_LIBRARY_PATH=. ./dtls-test Found AES128-SHA cipher at 28 SSL_SESSION is 200 bytes EVP_CipherInit_ex 0x980d5f0 0x27e7a0 (nid 1a3) (nil) 0x980d5b8 0x980d5d8 0 Key:0000: 0b 33 d2 ef 9a 99 d6 d5 01 0f c5 83 6c 2f 8b 49 IV:0000: d0 8f 1f 6b 5f 20 28 9a 99 e8 2c 88 c8 41 78 bf EVP_CipherInit_ex 0x980d778 0x27e7a0 (nid 1a3) (nil) 0x980d5a8 0x980d5c8 2 Key:0000: cf f5 ef f9 fe f9 09 af 7b b9 8b df 11 1e 23 14 IV:0000: 9e 73 c8 be 5a 93 fc ad b5 37 c1 11 eb d0 fa 65 Success Child done. [EMAIL PROTECTED] anyconnect]$ LD_LIBRARY_PATH=/home/dwmw2/working/openssl-0.9.8e ./dtls-test Found AES128-SHA cipher at 29 SSL_SESSION is 200 bytes EVP_CipherInit_ex 0x8df2640 0x2957a0 (nid 1a3) (nil) 0x8df2608 0x8df2628 0 Key:0000: 0b 33 d2 ef 9a 99 d6 d5 01 0f c5 83 6c 2f 8b 49 IV:0000: d0 8f 1f 6b 5f 20 28 9a 99 e8 2c 88 c8 41 78 bf Child done. DTLS connection returned 0 13867:error:14101119:SSL routines:DTLS1_PROCESS_RECORD:decryption failed or bad record mac:d1_pkt.c:466: -- dwmw2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
