[openssl.org #2360] Resolved: PATCH: SEGV for invalid args to openssl pkeyutl

2010-11-11 Thread Stephen Henson via RT 
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [PATCH] Fix debug-vc-win32 build (use tmp32.dbg instead of tmp32)

2010-11-11 Thread Dr. Stephen Henson 
On Fri, Oct 29, 2010, Bogdan Harjoc wrote:

 Attached is a minor patch that fixes debug builds with MSVC on win32.
 

A fix for this was applied to CVS a while ago which should be in snapshots and
will appear in the next release.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: [openssl.org #2367] bug report

2010-11-11 Thread Zohar Sacks via RT 
10X

-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org] 
Sent: Thursday, November 11, 2010 4:59 PM
To: zohar.sa...@gmail.com
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2367] bug report

 [zohar.sa...@gmail.com - Tue Nov 02 13:37:26 2010]:
 
 Hi,
 
 OS: winxp
 
 Compiler: vc2005
 
 Version Openssl 1.0.0a
 
 When building with debug  (debug-VC-WIN32)
 
 The system creates a temp folder  named tmp32dll.dbg but the make
looks for
 folder named tmp32dll.
 

This was fixed in CVS a while ago and will appear in snapshots and the
next releases.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org



__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [PATCH] Add debug-VC-WIN64 build targets

2010-11-11 Thread Dr. Stephen Henson 
On Fri, Oct 29, 2010, Bogdan Harjoc wrote:

 Attached is a Configure patch for generating debug VC-WIN64 build
 targets (to have identical WIN64 and WIN32 targets).
 

Patch applied, thanks for the report.

Please send patches and but reports to RT in future.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

1.0.0a s_server with GOST certificate can't compute sha1 digest???

2010-11-11 Thread Andrey Kulikov 
Hello,

I'm trying to make s_server and s_client work with GOST encryption
using ccgost engine and certificates with GOST algos.
But it unable to work, complaining to bad mac computing.
(If I use RSA-based certificates, everything works just fine.)

Openssl 1.0.0a, Linux i386

I have ccgost statically linked in openssl.
I've add following lines to openssl config file:
=
openssl_conf = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
=

Then execute
export OPENSSL_CONF=path to /openssl.cnf

Generate key and self-signed certificate using GOST algos.

#Generate private key
./apps/openssl genpkey -engine gost -algorithm gost2001 -pkeyopt
paramset:A -out botkey.p8
# Create self-sign certificate
./apps/openssl req -config ./apps/openssl.cnf -x509 -days 1095 -subj
'/C=RU/CN=csp_srv/o=lapu...@mail.ru' -engine gost -new -key botkey.p8
-out botcert.pem

# Dump ASN format files to check that it what we expect
openssl asn1parse -in botkey.p8
openssl asn1parse -in botcert.pem


When start s_server

 ./apps/openssl s_server -www -engine gost -accept 4333  -state -cert
botcert.pem -key botkey.p8

./apps/openssl s_client -engine gost -ssl3  -connect localhost:4333

Client output (truncated):

.
3076867724:error:1411D144:SSL routines:ssl3_handshake_mac:digest
requred for handshake isn't computed:s3_enc.c:669:
3076867724:error:1411D144:SSL routines:ssl3_handshake_mac:digest
requred for handshake isn't computed:s3_enc.c:669:
3076867724:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
record mac:s3_pkt.c:1193:SSL alert number 20
3076867724:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:590:
---
..
---
New, TLSv1/SSLv3, Cipher is GOST2001-GOST89-GOST89
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : SSLv3
Cipher: GOST2001-GOST89-GOST89
Session-ID: 214A3B31604763646B6E6A1DC0B793BC5979C454C25AE2ED2EE3947AA08078B0
Session-ID-ctx:
Master-Key:
93B1DB1A2B5A40CFB2E3328280FB200B044CF446E73353B735328253D690F88A01AEB9E004BC06085E4C81770269EBD7
Key-Arg   : None
PSK identity: None
PSK identity hint: None
Start Time: 1289516998
Timeout   : 7200 (sec)
Verify return code: 18 (self signed certificate)


Server output (truncated):

...
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client key exchange A
SSL3 alert write:fatal:bad record mac
SSL_accept:error in SSLv3 read certificate verify A
SSL_accept:error in SSLv3 read certificate verify A
3076998796:error:1411D144:SSL routines:ssl3_handshake_mac:digest
requred for handshake isn't computed:s3_enc.c:669:
3076998796:error:1411D144:SSL routines:ssl3_handshake_mac:digest
requred for handshake isn't computed:s3_enc.c:669:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:8808C074:lib(136):GOST_IMIT_FINAL:mac key not
set:gost_crypt.c:564:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:88073074:lib(136):GOST_IMIT_UPDATE:mac key not
set:gost_crypt.c:527:
3076998796:error:8808C074:lib(136):GOST_IMIT_FINAL:mac key not
set:gost_crypt.c:564:
3076998796:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption
failed or bad record mac:s3_pkt.c:478:
ACCEPT



The problem is in ssl3_final_finish_mac function (ssl/s3_enc.c:636),
called somewhere from ssl3_do_change_cipher_spec().
It try to compute  NID_md5 and NID_sha1 digests, but in
SSL-s3-handshake_dgst[] there is only one digest -
NID_id_GostR3411_94. So we got that errors.


Could please someone advice, what the root cause of this situation,
and how to deal with it?
How to get s_server and s_client working with GOST certificates?

Best wishes,
Andrey
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org