>>> 2) After applying the tls-aead-0.9.8.diff changes to the OpenSSL
>>> code, my application seg faults during the handshake phase:
>>>
>>> #0 0x28242b24 in EVP_MD_size (md=0x0)
>>>
>>> In tls1_setup_key_block (~L484):
>>>
>>> num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
>>>
>>> EVP_MD_size tries to access a NULL pointer (hash).
>>>
>>> It was set to NULL by the AEAD code changes in ssl_cipher_get_evp():
>>>
>>> ...
>>> (c->algorithms & SSL_ENC_MASK) == SSL_RC4 &&
>>> (c->algorithms & SSL_MAC_MASK) == SSL_MD5 &&
>>> (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
>>> *enc = evp, *md = NULL;
>>> else if (s->ssl_version >= TLS1_VERSION &&
>>> (c->algorithms & SSL_ENC_MASK) == SSL_AES &&
>>> (c->algorithms & SSL_MAC_MASK) == SSL_SHA1 &&
>>> (evp=EVP_get_cipherbyname(
>>> c->alg_bits==128?"AES-128-CBC-HMAC-SHA1":
>>> "AES-256-CBC-HMAC-SHA1")))
>>> *enc = evp, *md = NULL;
>>> return(1);
>>> }
>>>
>>> I scanned the 1.0.1c code to see how this works there, and it looks like
>>> EVP_MD_size() now checks for NULL before referencing it, but also, the
>>> "num=EVP_CIPHER_key_length..." line above doesn't even call EVP_MD_size
>>> anymore. It uses a "mac_secret_size" value in the calculation. That field
>>> does not seem to be present in the 0.9.8 branch.
>>>
>>> Are there some other required changes missing from the
>>> "tls-aead-0.9.8.diff"
>>> file?
>>
>>Obviously. Would *md = EVP_md_null() instead of NULL in
>>ssl_cipher_get_evp() do the trick...
>>
>
>Using EVP_md_null() prevents the seg. fault. However, now the code
>generates a "Bad Record MAC" alert when a client connects using the
>"stitched" AESNI-CBC-SHA1 cipher suite. (I assume I would get the
>same error with the "stitched" RC4-HMAC-MD5 cipher suite, but I
>haven't tried it.)
Andy,
It appears that the "Bad Record MAC" is a result of EVP_md_null().
In tls1_change_cipher_state() [t1_enc.c],
~L345: i=EVP_MD_size(m)
which equals 0, when EVP_md_null() is used.
Subsequently, when execution reaches the following new code:
--- ssl/t1_enc.c 12 Jun 2010 13:18:58 -0000 1.35.2.10
+++ ssl/t1_enc.c 21 Jul 2011 20:36:43 -0000
@@ -430,6 +430,12 @@
#endif /* KSSL_DEBUG */
EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
+
+ /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
+ if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && i)
+ EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY,
+ i,mac_secret);
+
#ifdef TLS_DEBUG
printf("which = %04X\nkey=",which);
{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++)
printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
the EVP_CIPHER_CTX_ctrl() is not triggered.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
