I don't mind digging in and trying to figure out why the crash.. but could somebody point me in the right direction? Thanks, Mike
CONNECTED(00000003) depth=0 /C=US/ST=Minnesota/L=Tonka/O=IWP/OU=t1/CN=Mike/emailaddress=m...@go.metrstate.edu verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=Minnesota/L=Tonka/O=IWP/OU=t1/CN=Mike/emailaddress=...@go.metrstate.edu verify return:1 *** glibc detected *** /home/mike/openssl-1.0.0-stable-SNAP-20090821/apps/openssl: double free or corruption (!prev): 0x09c64410 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb7ea1624] /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7ea3826] /home/mike/openssl-1.0.0-stable-SNAP-20090821/apps/openssl[0x80c5365] ======= Memory map: ======== 08048000-081f5000 r-xp 00000000 03:01 707408 /home/mike/openssl-1.0.0-stable-SNAP-20090821/apps/openssl 081f5000-08200000 rwxp 001ad000 03:01 707408 /home/mike/openssl-1.0.0-stable-SNAP-20090821/apps/openssl 08200000-08205000 rwxp 08200000 00:00 0 09c34000-09c7c000 rwxp 09c34000 00:00 0 [heap] b7d00000-b7d21000 rwxp b7d00000 00:00 0 b7d21000-b7e00000 ---p b7d21000 00:00 0 b7e19000-b7e25000 r-xp 00000000 03:01 2793475 /lib/libgcc_s.so.1 b7e25000-b7e26000 rwxp 0000b000 03:01 2793475 /lib/libgcc_s.so.1 b7e32000-b7e33000 rwxp b7e32000 00:00 0 b7e33000-b7f88000 r-xp 00000000 03:01 2802825 /lib/i686/cmov/libc-2.7.so b7f88000-b7f89000 r-xp 00155000 03:01 2802825 /lib/i686/cmov/libc-2.7.so b7f89000-b7f8b000 rwxp 00156000 03:01 2802825 /lib/i686/cmov/libc-2.7.so b7f8b000-b7f8e000 rwxp b7f8b000 00:00 0 b7f8e000-b7f90000 r-xp 00000000 03:01 2802828 /lib/i686/cmov/libdl-2.7.so b7f90000-b7f92000 rwxp 00001000 03:01 2802828 /lib/i686/cmov/libdl-2.7.so b7f9d000-b7fa0000 rwxp b7f9d000 00:00 0 b7fa0000-b7fa1000 r-xp b7fa0000 00:00 0 [vdso] b7fa1000-b7fbb000 r-xp 00000000 03:01 2793474 /lib/ld-2.7.so b7fbb000-b7fbd000 rwxp 0001a000 03:01 2793474 /lib/ld-2.7.so bfba8000-bfbbd000 rwxp bffeb000 00:00 0 [stack] --- On Wed, 9/30/09, Michael D <bsd_m...@yahoo.com> wrote: > From: Michael D <bsd_m...@yahoo.com> > Subject: RE: trying to understand ECDHE operations > To: openssl-users@openssl.org > Date: Wednesday, September 30, 2009, 12:11 PM > Ok, I reran my tests again...This > time I added the -named_curve > parameter...and do indeed get 50 byte key for the > prime192v1 curve. > > However, if I run the server with my certificate and key, > the > client crashes processing the certificate. > > One more question. If the public key is in the > certificate, why > does the server send a server key exchange? > > Thank you everybody for your help. > > -Mike > > > --- On Tue, 9/29/09, Michael D <bsd_m...@yahoo.com> > wrote: > > > From: Michael D <bsd_m...@yahoo.com> > > Subject: RE: trying to understand ECDHE operations > > To: openssl-users@openssl.org > > Date: Tuesday, September 29, 2009, 6:52 PM > > Dave, > > > > Thank you very much for your efforts. > > I must be doing something incorrect, as today I tried > to > > re-run > > what I had done before, and the Linux PC running the > > s_client > > crashes processing the certificate. I am running > > snapshot > > builds. > > > > If you don't mind me pestering a bit more, how did you > run > > > > the test? > > > > Thanks, I appreciate your help. > > Mike > > > > > > > > --- On Mon, 9/28/09, Dave Thompson <dave.thomp...@princetonpayments.com> > > wrote: > > > > > From: Dave Thompson <dave.thomp...@princetonpayments.com> > > > Subject: RE: trying to understand ECDHE > operations > > > To: openssl-users@openssl.org > > > Date: Monday, September 28, 2009, 7:16 PM > > > > From: owner-openssl-us...@openssl.org > > > On Behalf Of Michael D > > > > Sent: Friday, 25 September, 2009 09:32 > > > > > > > Thank you for your reply. > > > > Maybe we can drill down on the client key > > exchange > > > message first. > > > > Looking at the rfc I see it should hold: > > > > ECPoint ecdh_Yc; > > > > > > > > But for the prime192 curve, I would have > expected > > an > > > > uncompressed point to be only 48 bytes. > > > > > > > > The size of the client key exchange message > is > > 66 > > > bytes. > > > > > > > > What is in the remaining bytes? > > > > > > > First, a caveat: I set up a test to verify my > > > understanding, > > > and found (to my surprise) that s_server at > least > > doesn't > > > try > > > to use the same curve for kECDHE as for aECDSA; > it's > > a > > > separate > > > choice, and defaults to sectp163r2. Are you sure > > either > > > your > > > server or your client is selecting (forcing) > > prime192r1 for > > > > > > keyagreement AS WELL AS signing/authentication? > > > > > > That said, I get *49* bytes of ECDH data (Yc), > plus a > > > 1-byte > > > length prefix totalling 50, in a > ClientKeyExchange > > message > > > > > > totalling 54, in a (clear) handshake record > totalling > > 59. > > > Combined with other records/messages into a TCP > > segment > > > etc. > > > > > > If that's not what you got, you did something > > different. > > > > > > > > > > > > > > > ______________________________________________________________________ > > > OpenSSL Project > > > > > > http://www.openssl.org > > > User Support Mailing List > > > openssl-users@openssl.org > > > Automated List Manager > > > > > > majord...@openssl.org > > > > > > ______________________________________________________________________ > > OpenSSL Project > > > > http://www.openssl.org > > User Support Mailing List > > openssl-users@openssl.org > > Automated List Manager > > > > majord...@openssl.org > > > ______________________________________________________________________ > OpenSSL Project > > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > > majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
