libintel-accel-1.4

Thu, 14 Jun 2012 09:26:44 -0700 

http://www.openssl.org/contrib/intel-accel-1.4.tar.gz


I'm attempting to use the libintel-accel-1.4 ENGINE with my OpenSSL 0.9.8x 
application.

I'm running into a few snags:

1) Why does the sha1_md structure in e_intel_accel.c (L268) set the 
required_pkey_type to EVP_PKEY_NULL_method?  This seems to be causing my 
application to generate the following error(s) during SSL handshakes:

information: X509_sign
error signing cert
digitial envelope routines:EVP_SignFinal:wrong public key type
asn1 encoding routines:ASN1_item_sign:EVP lib

All of the other ENGINE implementations that I'm familiar with set 
required_pkey_type to EVP_PKEY_RSA_method for SHA-1.

2) After applying the tls-aead-0.9.8.diff changes to the OpenSSL code, my 
application seg faults during the handshake phase:

#0 0x28242b24 in EVP_MD_size (md=0x0)

In tls1_setup_key_block (~L484):

num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);

EVP_MD_size tries to access a NULL pointer (hash).

It was set to NULL by the AEAD code changes in ssl_cipher_get_evp():

if(s->ssl_version >= TLS1_VERSION &&
 (c->algorithms & SSL_ENC_MASK) == SSL_RC4 &&
 (c->algorithms & SSL_MAC_MASK) == SSL_MD5 &&
 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
*enc = evp, *md = NULL;
else if (s->ssl_version >= TLS1_VERSION &&
 (c->algorithms & SSL_ENC_MASK) == SSL_AES &&
 (c->algorithms & SSL_MAC_MASK) == SSL_SHA1 &&
 (evp=EVP_get_cipherbyname(
c->alg_bits==128?"AES-128-CBC-HMAC-SHA1":
 "AES-256-CBC-HMAC-SHA1")))
*enc = evp, *md = NULL;
return(1);
}

I scanned the 1.0.1c code to see how this works there, and it looks like 
EVP_MD_size() now checks for NULL before referencing it, but also, the 
"num=EVP_CIPHER_key_length..." line above doesn't even call EVP_MD_size 
anymore.  It uses a "mac_secret_size" value in the calculation.  That field 
does not seem to be present in the 0.9.8 branch.

Are there some other required changes missing from the "tls-aead-0.9.8.diff" 
file?

Thanks for any help.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to