Hi,
This is my first email message to the list, please bear with me if this is not the right place to send it in.
I was wondering if someone else experienced problems handshaking with the s_server using an ECDSA certificate for client authentication. The following ciphersuite is being used : ECDH-ECDSA-DES-CBC-SHA. The server crashes with segfault right after it receives the empty client key exchange.
I have tried both snapshots from yesterday and the 23rd of april. About a year ago, this was working fine, but I do not have a copy of that source.
I have built the source using -DOPENSSL_EC_BIN_PT_COMP flag to enable
the macro OPENSSL_EC_BIN_PT_COMP does not enable ecc, ecc is enabled by default, it enables binary point compression which is patented in certain countries.
ECC, but I could not build it using the debug flag, hence the lack of
details on this crash. I could only trace it to the function ssl3_get_client_key_exchange() and the CTX_FREE call.
Your help would be greatly appreciated. I have hex dumps if someone is interested.
the attached should fix the segfault
Nils
Index: crypto/bn/bn_ctx.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/bn/bn_ctx.c,v
retrieving revision 1.15
diff -u -r1.15 bn_ctx.c
--- crypto/bn/bn_ctx.c 19 Sep 2004 04:43:46 -0000 1.15
+++ crypto/bn/bn_ctx.c 28 Apr 2005 22:23:58 -0000
@@ -230,7 +230,10 @@
void BN_CTX_free(BN_CTX *ctx)
{
+ if (ctx == NULL)
+ return;
#ifdef BN_CTX_DEBUG
+ {
BN_POOL_ITEM *pool = ctx->pool.head;
fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
ctx->stack.size, ctx->pool.size);
@@ -242,6 +245,7 @@
pool = pool->next;
}
fprintf(stderr,"\n");
+ }
#endif
BN_STACK_finish(&ctx->stack);
BN_POOL_finish(&ctx->pool);
