[openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method
Matt Caswell
matt at openssl.org
Mon Jul 27 22:28:09 UTC 2015
On 27/07/15 22:51, Jouni Malinen wrote:
> On Mon, Jul 27, 2015 at 05:03:45PM +0100, Matt Caswell wrote:
>> I have just committed a fix for this issue:
>> https://github.com/openssl/openssl/commit/f0348c842e75a77f643e7d34cb88609145b2d320
>
>> The above links are for the 1.0.2 commits. Equivalent commits have also
>> been pushed for 1.0.1. For master I have only added the test as the bug
>> did not exist in master (the version negotiation rewrite fixed it).
>
> Thanks! I can confirm that the 1.0.2 changes allow me to remove the
> EAP-FAST workaround (force TLSv1_method() to be used).
>
> I had not yet been able to test EAP-FAST with the master branch snapshot
> since there were number of API changes that broke the mechanism I used
> for key derivation. Now that I took a new look at this, most of the
> needed accessors have apparently be added. I think I still may need
> something to be able to figure out the keyblock size to be able to skip
> over it in EAP-FAST key derivation. Anyway, this was sufficiently close
> to be able to run some more tests. With couple more fixes and hardcoded
> keyblock size for testing purposes, it looks like EAP-FAST with
> authenticated provisioning worked. Unauthenticated provisioning case was
> failing due to "ssl3_client_hello:no ciphers available", but I'd assume
> that to be caused by some change in the enabled ciphers (this mode is
> trying to use ADH-AES128-SHA).
The master branch implements "security levels". The default security
level does not allow anon ciphersuites. I suspect this may be your problem.
>
>
> While this is somewhat beyond the scope of this thread, I'd appreciate
> any guidance on how to figure out keyblock size from the current
> negotiation with the master branch OpenSSL snapshot. I used to use
> ssl->s3->tmp.new_mac_secret_size and EVP_CIPHER_{key,iv}_length(). The
> latter are still present, the former is not. Though,
> ssl->enc_read_ctx->cipher is not available for EVP_CIPHER_*().
> Alternative version used EVP_MD_CTX_md(ssl->read_hash) followed by
> EVP_MD_size(). That is not available either.
Can you use:
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
and
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
to then call:
EVP_MD_size(EVP_get_digestbynid(nid));
Matt
More information about the openssl-dev
mailing list