> http://www.openssl.org/contrib/intel-accel-1.4.tar.gz > > > I'm attempting to use the libintel-accel-1.4 ENGINE with my OpenSSL > 0.9.8x application. > > I'm running into a few snags: > > 1) Why does the sha1_md structure in e_intel_accel.c (L268) set the > required_pkey_type to EVP_PKEY_NULL_method?
This was fixed. There are two patches at http://cvs.openssl.org/rlog?f=openssl-addons/intel-accel/e_intel_accel.c. > 2) After applying the tls-aead-0.9.8.diff changes to the OpenSSL > code, my application seg faults during the handshake phase: > > #0 0x28242b24 in EVP_MD_size (md=0x0) > > In tls1_setup_key_block (~L484): > > num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); > > EVP_MD_size tries to access a NULL pointer (hash). > > It was set to NULL by the AEAD code changes in ssl_cipher_get_evp(): > > ... > (c->algorithms & SSL_ENC_MASK) == SSL_RC4 && > (c->algorithms & SSL_MAC_MASK) == SSL_MD5 && > (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) > *enc = evp, *md = NULL; > else if (s->ssl_version >= TLS1_VERSION && > (c->algorithms & SSL_ENC_MASK) == SSL_AES && > (c->algorithms & SSL_MAC_MASK) == SSL_SHA1 && > (evp=EVP_get_cipherbyname( > c->alg_bits==128?"AES-128-CBC-HMAC-SHA1": > "AES-256-CBC-HMAC-SHA1"))) > *enc = evp, *md = NULL; > return(1); > } > > I scanned the 1.0.1c code to see how this works there, and it looks like > EVP_MD_size() now checks for NULL before referencing it, but also, the > "num=EVP_CIPHER_key_length..." line above doesn't even call EVP_MD_size > anymore. It uses a "mac_secret_size" value in the calculation. That field > does not seem to be present in the 0.9.8 branch. > > Are there some other required changes missing from the "tls-aead-0.9.8.diff" > file? Obviously. Would *md = EVP_md_null() instead of NULL in ssl_cipher_get_evp() do the trick... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
