Re: Bug in ssl3_get_client_key_exchange?

Thu, 28 Apr 2005 15:48:50 -0700 

Hi Nils,

I will try to add the patch and recompile tomorrow. The reason I was saying the point compression was "enabling" ECC is because without it the server cannot load the ECC certificate. Or maybe I am missing something...

I will let you know how this works.
Thanks,
Irina

Nils Larsch wrote:

Irina Souiki wrote:

Hi,

This is my first email message to the list, please bear with me if this is not the right place to send it in.

I was wondering if someone else experienced problems handshaking with the s_server using an ECDSA certificate for client authentication. The following ciphersuite is being used : ECDH-ECDSA-DES-CBC-SHA. The server crashes with segfault right after it receives the empty client key exchange.

I have tried both snapshots from yesterday and the 23rd of april. About a year ago, this was working fine, but I do not have a copy of that source.
I have built the source using -DOPENSSL_EC_BIN_PT_COMP flag to enable 


the macro OPENSSL_EC_BIN_PT_COMP does not enable ecc, ecc is enabled by
default, it enables binary point compression which is patented in
certain countries.

ECC, but I could not build it using the debug flag, hence the lack of
details on this crash. I could only trace it to the function ssl3_get_client_key_exchange() and the CTX_FREE call.

Your help would be greatly appreciated. I have hex dumps if someone is interested. 


the attached should fix the segfault

Nils

------------------------------------------------------------------------

Index: crypto/bn/bn_ctx.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/bn/bn_ctx.c,v
retrieving revision 1.15
diff -u -r1.15 bn_ctx.c
--- crypto/bn/bn_ctx.c  19 Sep 2004 04:43:46 -0000      1.15
+++ crypto/bn/bn_ctx.c  28 Apr 2005 22:23:58 -0000
@@ -230,7 +230,10 @@

void BN_CTX_free(BN_CTX *ctx)
{
+ if (ctx == NULL)
+ return;
#ifdef BN_CTX_DEBUG
+ {
BN_POOL_ITEM *pool = ctx->pool.head;
fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
ctx->stack.size, ctx->pool.size);
@@ -242,6 +245,7 @@
pool = pool->next;
}
fprintf(stderr,"\n");
+ }
#endif
BN_STACK_finish(&ctx->stack);
BN_POOL_finish(&ctx->pool);



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to