Closed lazovskiy closed 7 years ago
beldmit
commented
7 years ago The openssl API has significantly changed since the engine was adopted to the openssl-pre-1.1.0. I will fix the compilation and add the -Werror to avoid building bullshit incompatible with the API.
beldmit
commented
7 years ago Please try the current state of the openssl_1_1_0 branch.
lazovskiy
commented
7 years ago Thank you!
Now error moved to:
Core was generated by `/usr/local/bin/openssl s_client -CAfile /usr/share/ca-certificates/extra/VipNet'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f5c85d65158 in BN_is_zero (a=0x0) at crypto/bn/bn_lib.c:922
922 return a->top == 0;
(gdb) bt full
#0 0x00007f5c85d65158 in BN_is_zero (a=0x0) at crypto/bn/bn_lib.c:922
No locals.
#1 0x00007f5c85269bdc in gost_ec_verify (dgst=0x7fffab34d960 "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\260\331\064\253\377\177", dgst_len=32, sig=0x16e5250,
ec=0x16d1a40) at /usr/src/engine/gost_ec_sign.c:348Also, there is an issue that prevents compiling gost12sum.c and gostsum12.c: error: format not a string literal and no format arguments
diff --git a/gost12sum.c b/gost12sum.c
index 0fdaf4f..6d45cf5 100644
--- a/gost12sum.c
+++ b/gost12sum.c
@@ -260,7 +260,7 @@ int get_line(FILE *f, char *hash, char *filename, int verbose)
return 1;
nextline:
if (verbose)
- printf(filename);
+ printf("%s", filename);
}
return 0;
}
diff --git a/gostsum12.c b/gostsum12.c
index 9eab476..4657a11 100644
--- a/gostsum12.c
+++ b/gostsum12.c
@@ -251,7 +251,7 @@ int get_line(FILE *f, char *hash, char *filename, int verbose)
return 1;
nextline:
if (verbose)
- printf(filename);
+ printf("%s", filename);
}
return 0;
}I'm sorry. My bad. The issue with segfault persists at the same point.
beldmit
commented
7 years ago Could you please provide the actual backtrace?
lazovskiy
commented
7 years ago Configure & build:
/usr/src/engine/build# cmake -DOPENSSL_PATH=/usr/src/openssl-1.1.0c -DCMAKE_BUILD_TYPE=Debug ..
-- The C compiler identification is GNU 5.4.0
-- The CXX compiler identification is GNU 5.4.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /usr/src/engine/build
/usr/src/engine/build# make
Scanning dependencies of target gost_engine
[ 3%] Building C object CMakeFiles/gost_engine.dir/e_gost_err.c.o
[ 6%] Building C object CMakeFiles/gost_engine.dir/gost_asn1.c.o
[ 10%] Building C object CMakeFiles/gost_engine.dir/gost_crypt.c.o
[ 13%] Building C object CMakeFiles/gost_engine.dir/gost_ctl.c.o
[ 17%] Building C object CMakeFiles/gost_engine.dir/gost_eng.c.o
[ 20%] Building C object CMakeFiles/gost_engine.dir/gost_keywrap.c.o
[ 24%] Building C object CMakeFiles/gost_engine.dir/gost_params.c.o
[ 27%] Building C object CMakeFiles/gost_engine.dir/gost_ec_keyx.c.o
[ 31%] Building C object CMakeFiles/gost_engine.dir/gost_ec_sign.c.o
[ 34%] Building C object CMakeFiles/gost_engine.dir/gost89.c.o
[ 37%] Building C object CMakeFiles/gost_engine.dir/gost_ameth.c.o
[ 41%] Building C object CMakeFiles/gost_engine.dir/gost_md.c.o
[ 44%] Building C object CMakeFiles/gost_engine.dir/gost_md2012.c.o
[ 48%] Building C object CMakeFiles/gost_engine.dir/gost_pmeth.c.o
[ 51%] Building C object CMakeFiles/gost_engine.dir/gosthash.c.o
[ 55%] Building C object CMakeFiles/gost_engine.dir/gost_grasshopper_core.c.o
[ 58%] Building C object CMakeFiles/gost_engine.dir/gost_grasshopper_defines.c.o
[ 62%] Building C object CMakeFiles/gost_engine.dir/gost_grasshopper_galois_precompiled.c.o
[ 65%] Building C object CMakeFiles/gost_engine.dir/gost_grasshopper_precompiled.c.o
[ 68%] Building C object CMakeFiles/gost_engine.dir/gost_grasshopper_cipher.c.o
[ 72%] Building C object CMakeFiles/gost_engine.dir/gost_grasshopper_mac.c.o
[ 75%] Building C object CMakeFiles/gost_engine.dir/gosthash2012.c.o
[ 79%] Linking C shared library ../bin/libgost_engine.so
[ 79%] Built target gost_engine
Scanning dependencies of target gostsum12
[ 82%] Building C object CMakeFiles/gostsum12.dir/gostsum12.c.o
[ 86%] Linking C executable ../bin/gostsum12
[ 86%] Built target gostsum12
Scanning dependencies of target gost12sum
[ 89%] Building C object CMakeFiles/gost12sum.dir/gost12sum.c.o
[ 93%] Linking C executable ../bin/gost12sum
[ 93%] Built target gost12sum
Scanning dependencies of target gostsum
[ 96%] Building C object CMakeFiles/gostsum.dir/gostsum.c.o
[100%] Linking C executable ../bin/gostsum
[100%] Built target gostsum
/usr/src/engine/build# ls -la ../bin/
gost12sum gostsum gostsum12 libgost_engine.so
root@infoline:/usr/src/engine/build# ls -la ../bin/libgost_engine.so
-rwxr-xr-x 1 root root 475624 Nov 21 12:54 ../bin/libgost_engine.so
root@infoline:/usr/src/engine/build#/usr/local/ssl/openssl.cnf:
openssl_conf = openssl_def
...
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
dynamic_path = /usr/src/engine/bin/libgost_engine.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSetOpenSSL version:
# /usr/local/bin/openssl version
OpenSSL 1.1.0c 10 Nov 2016Cmd:
# /usr/local/bin/openssl s_client -CAfile /usr/share/ca-certificates/extra/VipNet-CA.crt -state -connect 10.0.99.50:443
CONNECTED(00000003)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
depth=1 OGRN = 0000000000000, street = "\D1\83\D0\BB. \D0\A8\D0\BE\D1\82\D0\BC\D0\B0\D0\BD\D0\B0, \D0\B4\D0\BE\D0\BC 56", SNILS = 77777777777, INN = 001111111111, GN = \D0\9F\D1\80\D0\B8\D0\BE\D0\B1\D1\80\D0\B5\D1\82\D0\B5\D0\BD\D0\BD\D0\BE\D0\B5 \D0\B8\D0\BC\D1\8F, SN = \D0\A4\D0\B0\D0\BC\D0\B8\D0\BB\D0\B8\D1\8F, C = RU, L = \D0\9F\D0\B5\D1\82\D1\80\D0\BE\D0\B7\D0\B0\D0\B2\D0\BE\D0\B4\D1\81\D0\BA, ST = 10 \D0\9A\D0\B0\D1\80\D0\B5\D0\BB\D0\B8\D1\8F \D0\A0\D0\B5\D1\81\D0\BF\D1\83\D0\B1\D0\BB\D0\B8\D0\BA\D0\B0, emailAddress = test@infoline-rk.ru, O = \D0\9E\D0\9E\D0\9E \"\D0\98\D0\BD\D1\84\D0\BE\D0\BB\D0\B0\D0\B9\D0\BD\", OU = \D0\A3\D0\B4\D0\BE\D1\81\D1\82\D0\BE\D0\B2\D0\B5\D1\80\D1\8F\D1\8E\D1\89\D0\B8\D0\B9 \D0\B8 \D0\BA\D0\BB\D1\8E\D1\87\D0\B5\D0\B2\D0\BE\D0\B9 \D1\86\D0\B5\D0\BD\D1\82\D1\80, title = \D0\90\D0\B4\D0\BC\D0\B8\D0\BD\D0\B8\D1\81\D1\82\D1\80\D0\B0\D1\82\D0\BE\D1\80, CN = \D0\90\D0\B4\D0\BC\D0\B8\D0\BD\D0\B8\D1\81\D1\82\D1\80\D0\B0\D1\82\D0\BE\D1\80 \D1\81\D0\B5\D1\82\D0\B8 1817
verify return:1
Segmentation fault (core dumped)Fresh core file:
# ls -la core
-rw------- 1 root root 1036288 Nov 21 12:59 coreFull backtrace:
(gdb) bt full
#0 0x00007f1183dfc158 in BN_is_zero (a=0x0) at crypto/bn/bn_lib.c:922
No locals.
#1 0x00007f1183300bdc in gost_ec_verify (dgst=0x7fffb3ae6ca0 "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\360l\256\263\377\177", dgst_len=32, sig=0x268c210,
ec=0x2678a40) at /usr/src/engine/gost_ec_sign.c:348
ctx = 0x268cd80
group = 0x26792a0
order = 0x268f0c0
md = 0x0
e = 0x268f0d8
R = 0x268f150
v = 0x268f168
z1 = 0x268f0f0
z2 = 0x268f108
sig_s = 0x0
sig_r = 0x0
X = 0x268f138
tmp = 0x268f120
C = 0x0
pub_key = 0x2677210
ok = 0
#2 0x00007f1183306202 in pkey_gost_ec_cp_verify (ctx=0x268c360,
sig=0x268ab70 "\247ԍ\246i-\340U(\241\351b\336\004<\r\221\244\205e$\365\337F\325\304\305\345\311\334\005\022\322\b\227\177\323\367\005\265\365\327\345e2\274\250\345~\342\264\301q\b·\353Hṙ\035\002\321P",
siglen=64, tbs=0x7fffb3ae6ca0 "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\360l\256\263\377\177", tbs_len=32) at /usr/src/engine/gost_pmeth.c:453
ok = 0
pub_key = 0x26784c0
s = 0x268c210
#3 0x00007f1183eb7370 in EVP_PKEY_verify (ctx=0x268c360,
sig=0x268ab70 "\247ԍ\246i-\340U(\241\351b\336\004<\r\221\244\205e$\365\337F\325\304\305\345\311\334\005\022\322\b\227\177\323\367\005\265\365\327\345e2\274\250\345~\342\264\301q\b·\353Hṙ\035\002\321P",
siglen=64, tbs=0x7fffb3ae6ca0 "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\360l\256\263\377\177", tbslen=32) at crypto/evp/pmeth_fn.c:97
No locals.
#4 0x00007f1183eb432c in EVP_DigestVerifyFinal (ctx=0x268c1d0,
sig=0x268ab70 "\247ԍ\246i-\340U(\241\351b\336\004<\r\221\244\205e$\365\337F\325\304\305\345\311\334\005\022\322\b\227\177\323\367\005\265\365\327\345e2\274\250\345~\342\264\301q\b·\353Hṙ\035\002\321P",
siglen=64) at crypto/evp/m_sigver.c:168
md = "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\360l\256\263\377\177\000\000\223<\354\203\021\177\000\000\000\000\000\000\244\000\000\000\340\212\366\203\021\177\000"
r = 1
mdlen = 32
vctx = 0
#5 0x00007f1183dbb962 in ASN1_item_verify (it=0x7f11841f2380 <X509_CINF_it>, a=0x2675b78, signature=0x2675b88, asn=0x2675af0, pkey=0x26784c0) at crypto/asn1/a_verify.c:172
ctx = 0x268c1d0
buf_in = 0x268f0c0 "\320\314h\002"
ret = -1
inl = 1696
mdnid = 809
pknid = 811
#6 0x00007f1183f49aac in X509_verify (a=0x2675af0, r=0x26784c0) at crypto/x509/x_all.c:26
No locals.
#7 0x00007f1183f4426a in internal_verify (ctx=0x268aea0) at crypto/x509/x509_vfy.c:1719
pkey = 0x26784c0
n = 0
xi = 0x2674320
xs = 0x2675af0
#8 0x00007f1183f411d6 in verify_chain (ctx=0x268aea0) at crypto/x509/x509_vfy.c:233
err = 0
ok = 1
#9 0x00007f1183f41417 in X509_verify_cert (ctx=0x268aea0) at crypto/x509/x509_vfy.c:293
dane = 0x0
ret = 0
---Type <return> to continue, or q <return> to quit---
#10 0x00007f1184237c50 in ssl_verify_cert_chain (s=0x2674990, sk=0x2677c60) at ssl/ssl_cert.c:439
x = 0x2675af0
i = 0
verify_store = 0x2673220
ctx = 0x268aea0
param = 0x268a4f0
#11 0x00007f1184250c85 in tls_process_server_certificate (s=0x2674990, pkt=0x7fffb3ae6f70) at ssl/statem/statem_clnt.c:1226
al = 0
i = 0
ret = 0
exp_idx = 0
cert_list_len = 1780
cert_len = 1777
x = 0x0
certstart = 0x2679f2a "0\202\006\355\060\202\006\234\240\003\002\001\002\002\020\001\321\361\201eE\277@"
certbytes = 0x267a61b ""
sk = 0x2677c60
pkey = 0x0
#12 0x00007f118424f981 in ossl_statem_client_process_message (s=0x2674990, pkt=0x7fffb3ae6f70) at ssl/statem/statem_clnt.c:624
st = 0x26749d8
#13 0x00007f118424df1b in read_state_machine (s=0x2674990) at ssl/statem/statem.c:589
st = 0x26749d8
ret = 1
mt = 11
len = 1783
transition = 0x7f118424ee39 <ossl_statem_client_read_transition>
pkt = {curr = 0x267a61b "", remaining = 0}
process_message = 0x7f118424f8ef <ossl_statem_client_process_message>
post_process_message = 0x7f118424fa24 <ossl_statem_client_post_process_message>
max_message_size = 0x7f118424f83a <ossl_statem_client_max_message_size>
cb = 0x4489bc <apps_ssl_info_callback>
#14 0x00007f118424d9bc in state_machine (s=0x2674990, server=0) at ssl/statem/statem.c:385
buf = 0x0
Time = 1479722366
cb = 0x4489bc <apps_ssl_info_callback>
st = 0x26749d8
ret = -1
ssret = 1
#15 0x00007f118424d4b1 in ossl_statem_connect (s=0x2674990) at ssl/statem/statem.c:170
No locals.
#16 0x00007f1184228201 in ssl3_write_bytes (s=0x2674990, type=23, buf_=0x265e630, len=0) at ssl/record/rec_layer_s3.c:377
buf = 0x265e630 "xB\261\203\021\177"
tot = 0
n = 0
split_send_fragment = 0
maxpipes = 0
max_send_fragment = 0
nw = 0
u_len = 0
wb = 0x2674d68
i = 0
#17 0x00007f1184234c1d in ssl3_write (s=0x2674990, buf=0x265e630, len=0) at ssl/s3_lib.c:3822
No locals.
#18 0x00007f1184241faa in SSL_write (s=0x2674990, buf=0x265e630, num=0) at ssl/ssl_lib.c:1605
No locals.
#19 0x000000000044f81d in s_client_main (argc=0, argv=0x7fffb3ae7d90) at apps/s_client.c:2226
sbio = 0x2678570
key = 0x0
---Type <return> to continue, or q <return> to quit---
con = 0x2674990
ctx = 0x2672af0
chain = 0x0
cert = 0x0
vpm = 0x2654bb0
exc = 0x0
cctx = 0x2654c30
ssl_args = 0x0
dane_tlsa_domain = 0x0
dane_tlsa_rrset = 0x0
dane_ee_no_name = 0
crls = 0x0
meth = 0x7f1184485b40 <TLS_client_method_data.20660>
CApath = 0x0
CAfile = 0x7fffb3ae985b "/usr/share/ca-certificates/extra/VipNet-CA.crt"
cbuf = 0x265e630 "xB\261\203\021\177"
sbuf = 0x2668600 ""
mbuf = 0x266a610 ""
proxystr = 0x0
connectstr = 0x2654ce0 "10.0.99.50:443"
cert_file = 0x0
key_file = 0x0
chain_file = 0x0
chCApath = 0x0
chCAfile = 0x0
host = 0x2654d00 "10.0.99.50"
port = 0x2654d20 "443"
inrand = 0x0
passarg = 0x0
pass = 0x0
vfyCApath = 0x0
vfyCAfile = 0x0
sess_in = 0x0
sess_out = 0x0
crl_file = 0x0
p = 0x7f11846a8040 "hAk\204\021\177"
xmpphost = 0x0
ehlo = 0x47fcb5 "mail.example.com"
timeout = {tv_sec = 0, tv_usec = 0}
timeoutp = 0x0
readfds = {__fds_bits = {0 <repeats 16 times>}}
writefds = {__fds_bits = {8, 0 <repeats 15 times>}}
noCApath = 0
noCAfile = 0
build_chain = 0
cbuf_len = 0
cbuf_off = 0
cert_format = 32773
key_format = 32773
crlf = 0
full_log = 1
mbuf_len = 0
prexit = 0
sdebug = 0
reconnect = 0
verify = 0
vpmtouched = 0
ret = 1
in_init = 1
i = 1
nbio_test = 0
s = 3
k = 32767
width = 4
state = 1
sbuf_len = 0
sbuf_off = 0
cmdletters = 1
socket_family = 0
socket_type = 1
starttls_proto = 0
crl_format = 32773
crl_download = 0
write_tty = 0
read_tty = 1
write_ssl = 1
read_ssl = 1
tty_on = 0
ssl_pending = 0
at_eof = 0
read_buf_len = 0
fallback_scsv = 0
randamt = 0
o = OPT_EOF
enable_timeouts = 0
socket_mtu = 0
ssl_client_engine = 0x0
e = 0x0
servername = 0x0
alpn_in = 0x0
tlsextcbp = {biodebug = 0x0, ack = 0}
ssl_config = 0x0
serverinfo_types = {256, 0, 0, 0, 36633, 67, 0, 0, 30672, 45998, 32767, 0, 27648, 105, 0, 0, 30512, 45998, 32767, 0, 5216, 33772, 32529, 0, 24941, 25460, 104, 0, 30544, 45998, 32767, 0, 30672, 45998,
32767, 0, 17520, 613, 0, 0, 0, 0, 7, 0, 19072, 613, 0, 0, 9520, 614, 0, 0, 32, 0, 0, 0, 46304, 2370, 0, 0, 36585, 67, 0, 0, 30576, 45998, 32767, 0, 3567, 33772, 32529, 0, 30672, 45998, 32767, 0,
17520, 613, 0, 0, 46304, 2370, 0, 0, 19072, 613, 0, 0, 27648, 105, 0, 0, 40704, 23418, 44744, 47530, 30608, 45998, 32767, 0}
serverinfo_count = 0
start = 0
len = 12
next_proto_neg_in = 0x0
srppass = 0x0
srp_lateuser = 0
srp_arg = {srppassin = 0x0, srplogin = 0x0, msg = 0, debug = 0, amp = 0, strength = 1024}
ctlog_file = 0x0
ct_validation = 0
min_version = 0
max_version = 0
prot_opt = 0
no_prot_opt = 0
async = 0
split_send_fragment = 0
max_pipelines = 0
connect_type = use_inet
count4or6 = 0
c_nbio = 0
c_msg = 0
c_ign_eof = 0
c_brief = 0
c_tlsextdebug = 0
c_status_req = 0
bio_c_msg = 0x0
__PRETTY_FUNCTION__ = "s_client_main"
#20 0x0000000000438c2b in do_cmd (prog=0x2654470, argc=6, argv=0x7fffb3ae7d90) at apps/openssl.c:471
f = {type = FT_none, name = 0x7fffb3ae984a "s_client", func = 0x7fffb3ae7800, help = 0x43801c <lh_FUNCTION_retrieve+35>}
fp = 0x696c00 <functions+1152>
#21 0x000000000043835c in main (argc=6, argv=0x7fffb3ae7d90) at apps/openssl.c:177
f = {type = 2972705047, name = 0x6a2fe0 <prog> "s_client", func = 0x17, help = 0x7f1184496c44 <check_match+324>}
fp = 0x0
prog = 0x2654470
copied_argv = 0x0
p = 0x0
pname = 0x6a2fe0 <prog> "s_client"
buf = "\370\017v\203\021\177\000\000\036\005\000\000\000\000\000\000\350\224j\204\021\177\000\000\200=u\203\021\177\000\000\370\017v\203\021\177\000\000{tI\204\021\177\000\000\036\005\000\000\000\000\000\000\370\017v\203\021\177\000\000\350\224j\204\021\177\000\000xy\256\263\377\177\000\000ty\256\263\377\177\000\000\021nI\204\021\177\000\000@z\256\263\377\177\000\000j\257Ճ\021\177\000\000P\321Ӄ\021\177\000\000xy\256\263\377\177\000\000\256`\207\377\000\000\000\000\202\035\376\003\000\000\000\000.\000\000\000\000\000\000\000DlI\204\021\177\000\000\370\017v\203\021\177\000\000F\b\000\000\000\000\000\000\350\224j\204\021\177\000\000\200=u\203\021\177\000\000\370\017v\203\021\177\000\000{t"...
prompt = 0x7f1183b1bfdd "__libc_pthread_init"
arg = {size = 0, argc = 32529, argv = 0x0}
first = 166
n = 0
i = 32529
ret = 0Work in progress. Hope to fix it this year.
beldmit
commented
7 years ago Please try the current master. At least one bug was fixed.
lazovskiy
commented
7 years ago Thank you. Now segfault moved to the next point:
#0 0x00007fbec93b57c0 in BUF_reverse (out=0x3e <error: Cannot access memory at address 0x3e>,
in=0x1b30b11 "\273\255\360,\266\364\266qH܁\343nf\257d\250\t\310\364\360\002H*\377\355\016o\252\367\226͖Ѽi\343\060{ Up\020\310\025]\326\213\r\375\070\301$\nHkl\306U\350\032\005U\340\v\263\001", size=64)
at crypto/buffer/buffer.c:153
i = 0
#1 0x00007fbec88a85ea in pub_encode_gost_ec (pub=0x1b33610, pk=0x1b33dd0) at /usr/src/engine/gost_ameth.c:748
algobj = 0x7fbec9792178 <nid_objs+32440>
octet = 0x0
pval = 0x0
buf = 0x0
databuf = 0x1b30b10 "ƻ\255\360,\266\364\266qH܁\343nf\257d\250\t\310\364\360\002H*\377\355\016o\252\367\226͖Ѽi\343\060{ Up\020\310\025]\326\213\r\375\070\301$\nHkl\306U\350\032\005U\340\v\263\001"
data_len = 64
ret = -1
pub_key = 0x1b2f290
X = 0x1b31ce0
Y = 0x1b31d00
order = 0x1b33850
ec = 0x1b33340
ptype = -1
#2 0x00007fbec94f1478 in X509_PUBKEY_set (x=0x1b2db18, pkey=0x1b33dd0) at crypto/x509/x_pubkey.c:71
pk = 0x1b33610
#3 0x00007fbec88a37b4 in pkey_GOST_ECcp_encrypt (pctx=0x1b30360, out=0x7ffeb3eacd90 "\240\203Sɾ\177", out_len=0x7ffeb3eacd40,
key=0x1b1bb90 "8k\224.\342\224\304\a\216\213SJ\273|\264\337\v\330o\364Z\022`$\a\217\215m\322A\377+0", key_len=32) at /usr/src/engine/gost_ec_keyx.c:233
gkt = 0x1b31280
pubk = 0x1b2e570
data = 0x1b1baf0
pkey_nid = 811
crypt_params_obj = 0x7fbec9792380 <nid_objs+32960>
param = 0x7fbec8aeedc0 <gost_cipher_list>
ukm = "\333\303\335\360\063\340;E"
shared_key = "8P\355\006\223\372\351M\271=i7\026,ӖD\351\346\301\001\030P\001\223\375VlZ<\265", <incomplete sequence \330>
crypted_key = "\333\303\335\360\063\340;E\376\034\210\241\236\330Ì\205\251\035\351\370\301\345ߧ\322M;Gn8\207\226u\016`[\362\377\211Y\343\000d"
ret = 0
key_is_ephemeral = 1
cctx = {k = {1740831568, 244336925, 1571963334, 1251808304, 1682003472, 3140754411, 201111593, 1969822288}, k87 = {2969567232, 3170893824, 2986344448, 3103784960, 3070230528, 3120562176, 3053453312,
2952790016, 3087007744, 3154116608, 3019898880, 3036676096, 3204448256, 3003121664, 3137339392, 3187671040, 2701131776, 2902458368, 2717908992, 2835349504, 2801795072, 2852126720, 2785017856,
2684354560, 2818572288, 2885681152, 2751463424, 2768240640, 2936012800, 2734686208, 2868903936, 2919235584, 4043309056, 4244635648, 4060086272, 4177526784, 4143972352, 4194304000, 4127195136,
4026531840, 4160749568, 4227858432, 4093640704, 4110417920, 4278190080, 4076863488, 4211081216, 4261412864, 1358954496, 1560281088, 1375731712, 1493172224, 1459617792, 1509949440, 1442840576,
1342177280, 1476395008, 1543503872, 1409286144, 1426063360, 1593835520, 1392508928, 1526726656, 1577058304, 16777216, 218103808, 33554432, 150994944, 117440512, 167772160, 100663296, 0, 134217728,
201326592, 67108864, 83886080, 251658240, 50331648, 184549376, 234881024, 3238002688, 3439329280, 3254779904, 3372220416, 3338665984, 3388997632, 3321888768, 3221225472, 3355443200, 3422552064,
3288334336, 3305111552, 3472883712, 3271557120, 3405774848, 3456106496, 3774873600, 3976200192, 3791650816, 3909091328, 3875536896, 3925868544, 3858759680, 3758096384, 3892314112, 3959422976,
3825205248, 3841982464, 4009754624, 3808428032, 3942645760, 3992977408, 2164260864, 2365587456, 2181038080, 2298478592, 2264924160, 2315255808, 2248146944, 2147483648, 2281701376, 2348810240,
2214592512, 2231369728, 2399141888, 2197815296, 2332033024, 2382364672, 1627389952, 1828716544, 1644167168, 1761607680, 1728053248, 1778384896, 1711276032, 1610612736, 1744830464, 1811939328,
1677721600, 1694498816, 1862270976, 1660944384, 1795162112, 1845493760, 553648128, 754974720, 570425344, 687865856, 654311424, 704643072, 637534208, 536870912, 671088640, 738197504, 603979776,
620756992, 788529152, 587202560, 721420288, 771751936, 822083584, 1023410176, 838860800, 956301312, 922746880, 973078528, 905969664, 805306368, 939524096, 1006632960, 872415232, 889192448,
1056964608, 855638016, 989855744, 1040187392, 2432696320, 2634022912, 2449473536, 2566914048, 2533359616, 2583691264, 2516582400, 2415919104, 2550136832, 2617245696, 2483027968, 2499805184,
2667577344, 2466250752, 2600468480, 2650800128, 285212672, 486539264, 301989888, 419430400, 385875968, 436207616, 369098752, 268435456...}, k65 = {3866624, 3473408, 3211264, 3735552, 3670016,
3997696, 4128768, 3145728, 4063232, 3407872, 3276800, 3342336, 3932160, 3604480, 3801088, 3538944, 11206656, 10813440, 10551296, 11075584, 11010048, 11337728, 11468800, 10485760, 11403264,
10747904, 10616832, 10682368, 11272192, 10944512, 11141120, 10878976, 14352384, 13959168, 13697024, 14221312, 14155776, 14483456, 14614528, 13631488, 14548992, 13893632, 13762560, 13828096,
14417920, 14090240, 14286848, 14024704, 13303808, 12910592, 12648448, 13172736, 13107200, 13434880, 13565952, 12582912, 13500416, 12845056, 12713984, 12779520, 13369344, 13041664, 13238272,
12976128, 1769472, 1376256, 1114112, 1638400, 1572864, 1900544, 2031616, 1048576, 1966080, 1310720, 1179648, 1245184, 1835008, 1507328, 1703936, 1441792, 2818048, 2424832, 2162688, 2686976,
2621440, 2949120, 3080192, 2097152, 3014656, 2359296, 2228224, 2293760, 2883584, 2555904, 2752512, 2490368, 720896, 327680, 65536, 589824, 524288, 851968, 983040, 0, 917504, 262144, 131072, 196608,
786432, 458752, 655360, 393216, 12255232, 11862016, 11599872, 12124160, 12058624, 12386304, 12517376, 11534336, 12451840, 11796480, 11665408, 11730944, 12320768, 11993088, 12189696, 11927552,
8060928, 7667712, 7405568, 7929856, 7864320, 8192000, 8323072, 7340032, 8257536, 7602176, 7471104, 7536640, 8126464, 7798784, 7995392, 7733248, 5963776, 5570560, 5308416, 5832704, 5767168, 6094848,
6225920, 5242880, 6160384, 5505024, 5373952, 5439488, 6029312, 5701632, 5898240, 5636096, 10158080, 9764864, 9502720, 10027008, 9961472, 10289152, 10420224, 9437184, 10354688, 9699328, 9568256,
9633792, 10223616, 9895936, 10092544, 9830400, 4915200, 4521984, 4259840, 4784128, 4718592, 5046272, 5177344, 4194304, 5111808, 4456448, 4325376, 4390912, 4980736, 4653056, 4849664, 4587520,
9109504, 8716288, 8454144, 8978432, 8912896, 9240576, 9371648, 8388608...}, k43 = {60928, 58368, 58880, 57856, 60160, 58112, 60672, 59392, 60416, 61184, 58624, 59904, 57344, 59136, 57600, 59648,
32256, 29696, 30208, 29184, 31488, 29440, 32000, 30720, 31744, 32512, 29952, 31232, 28672, 30464, 28928, 30976, 44544, 41984, 42496, 41472, 43776, 41728, 44288, 43008, 44032, 44800, 42240, 43520,
40960, 42752, 41216, 43264, 52736, 50176, 50688, 49664, 51968, 49920, 52480, 51200, 52224, 52992, 50432, 51712, 49152, 50944, 49408, 51456, 56832, 54272, 54784, 53760, 56064, 54016, 56576, 55296,
56320, 57088, 54528, 55808, 53248, 55040, 53504, 55552, 7680, 5120, 5632, 4608, 6912, 4864, 7424, 6144, 7168, 7936, 5376, 6656, 4096, 5888, 4352, 6400, 15872, 13312, 13824, 12800, 15104, 13056,
15616, 14336, 15360, 16128, 13568, 14848, 12288, 14080, 12544, 14592, 40448, 37888, 38400, 37376, 39680, 37632, 40192, 38912, 39936, 40704, 38144, 39424, 36864, 38656, 37120, 39168, 3584, 1024,
1536, 512, 2816, 768, 3328, 2048, 3072, 3840, 1280, 2560, 0, 1792, 256, 2304, 11776, 9216, 9728, 8704, 11008, 8960, 11520, 10240, 11264, 12032, 9472, 10752, 8192, 9984, 8448, 10496, 48640, 46080,
46592, 45568, 47872, 45824, 48384, 47104, 48128, 48896, 46336, 47616, 45056, 46848, 45312, 47360, 19968, 17408, 17920, 16896, 19200, 17152, 19712, 18432, 19456, 20224, 17664, 18944, 16384, 18176,
16640, 18688, 65024, 62464, 62976, 61952, 64256, 62208, 64768, 63488...}, k21 = {57, 54, 51, 50, 56, 59, 49, 55, 58, 52, 62, 63, 60, 48, 61, 53, 121, 118, 115, 114, 120, 123, 113, 119, 122, 116,
126, 127, 124, 112, 125, 117, 233, 230, 227, 226, 232, 235, 225, 231, 234, 228, 238, 239, 236, 224, 237, 229, 153, 150, 147, 146, 152, 155, 145, 151, 154, 148, 158, 159, 156, 144, 157, 149, 137,
134, 131, 130, 136, 139, 129, 135, 138, 132, 142, 143, 140, 128, 141, 133, 169, 166, 163, 162, 168, 171, 161, 167, 170, 164, 174, 175, 172, 160, 173, 165, 249, 246, 243, 242, 248, 251, 241, 247,
250, 244, 254, 255, 252, 240, 253, 245, 9, 6, 3, 2, 8, 11, 1, 7, 10, 4, 14, 15, 12, 0, 13, 5, 89, 86, 83, 82, 88, 91, 81, 87, 90, 84, 94, 95, 92, 80, 93, 85, 41, 38, 35, 34, 40, 43, 33, 39, 42, 36,
46, 47, 44, 32, 45, 37, 105, 102, 99, 98, 104, 107, 97, 103, 106, 100, 110, 111, 108, 96, 109, 101, 201, 198, 195, 194, 200, 203, 193, 199, 202, 196, 206, 207, 204, 192, 205, 197, 185, 182, 179,
178, 184, 187, 177, 183...}}
sec_key = 0x1b33dd0
#4 0x00007fbec945b73f in EVP_PKEY_encrypt (ctx=0x1b30360, out=0x7ffeb3eacd90 "\240\203Sɾ\177", outlen=0x7ffeb3eacd40,
in=0x1b1bb90 "8k\224.\342\224\304\a\216\213SJ\273|\264\337\v\330o\364Z\022`$\a\217\215m\322A\377+0", inlen=32) at crypto/evp/pmeth_fn.c:165
No locals.
#5 0x00007fbec97f7fb3 in tls_construct_cke_gost (s=0x1b18990, p=0x7ffeb3eaced0, len=0x7ffeb3eacec8, al=0x7ffeb3eacecc) at ssl/statem/statem_clnt.c:2425
pkey_ctx = 0x1b30360
peer_cert = 0x1b19af0
msglen = 255
md_len = 32
shared_ukm = "\333\303\335\360\063\340;E]\243\372H\002*`\250\240>\006\355\255\063;\274\065\364\315\362\304u9;"
tmp = "\240\203Sɾ\177\000\000\000\000\000\000\a\000\000\000\001\000\000\000\376\177\000\000\327nGɾ\177\000\000\260\316\352\263\001\000\000\000\001\000\000\000\a\000\000\000\a\000\000\000\000@\000\000\a\000\000\000\000\000\000\000 ߱\001\000\000\000\000\000\031\067\024G\341\023%\340\316\352\263\376\177\000\000\364\247\067ɾ\177\000\000\316\317G\000\000\000\000\000@\342\256\001\000\000\000\000\a\000\000\000\000\000\000\000\a\000\000\000/\000\000\000 \000\000\000\060\000\000\000\360\316\352\263\376\177\000\000\060\316\352\263\376\177\000\000\000\031\067\024G\341\023% ߱\001\000\000\000\000\320\n\263\001\000\000\000\000\255\317G\000\000\000\000\000\300\220\201ɾ\177\000\000\001", '\000' <repeats 15 times>...
ukm_hash = 0x0
dgst_nid = 982
pms = 0x1b1bb90 "8k\224.\342\224\304\a\216\213SJ\273|\264\337\v\330o\364Z\022`$\a\217\215m\322A\377+0"
pmslen = 32
#6 0x00007fbec97f843e in tls_construct_client_key_exchange (s=0x1b18990) at ssl/statem/statem_clnt.c:2513
p = 0x1b1df25 ""
len = -914422912
pskhdrlen = 0
alg_k = 16
al = -1
#7 0x00007fbec97f37a6 in ossl_statem_client_construct_message (s=0x1b18990) at ssl/statem/statem_clnt.c:525
st = 0x1b189d8
#8 0x00007fbec97f22cb in write_state_machine (s=0x1b18990) at ssl/statem/statem.c:763
st = 0x1b189d8
ret = 1
transition = 0x7fbec97f3250 <ossl_statem_client_write_transition>
pre_work = 0x7fbec97f3470 <ossl_statem_client_pre_work>
post_work = 0x7fbec97f3545 <ossl_statem_client_post_work>
construct_message = 0x7fbec97f372a <ossl_statem_client_construct_message>
cb = 0x4489bc <apps_ssl_info_callback>
#9 0x00007fbec97f19f8 in state_machine (s=0x1b18990, server=0) at ssl/statem/statem.c:394
buf = 0x0
Time = 1481543829
cb = 0x4489bc <apps_ssl_info_callback>
st = 0x1b189d8
ret = -1
ssret = 1
#10 0x00007fbec97f14b1 in ossl_statem_connect (s=0x1b18990) at ssl/statem/statem.c:170
No locals.
#11 0x00007fbec97cc201 in ssl3_write_bytes (s=0x1b18990, type=23, buf_=0x1b02630, len=0) at ssl/record/rec_layer_s3.c:377
buf = 0x1b02630 "x\202\vɾ\177"
tot = 0
n = 0
split_send_fragment = 0
maxpipes = 0
max_send_fragment = 0
nw = 0
u_len = 0
wb = 0x1b18d68
i = 0
#12 0x00007fbec97d8c1d in ssl3_write (s=0x1b18990, buf=0x1b02630, len=0) at ssl/s3_lib.c:3822
No locals.
#13 0x00007fbec97e5faa in SSL_write (s=0x1b18990, buf=0x1b02630, num=0) at ssl/ssl_lib.c:1605
No locals.
#14 0x000000000044f81d in s_client_main (argc=0, argv=0x7ffeb3eadd70) at apps/s_client.c:2226
sbio = 0x1b1c570
key = 0x0
con = 0x1b18990
ctx = 0x1b16af0
chain = 0x0
cert = 0x0
vpm = 0x1af8bb0
exc = 0x0
cctx = 0x1af8c30
ssl_args = 0x0
dane_tlsa_domain = 0x0
dane_tlsa_rrset = 0x0
dane_ee_no_name = 0
crls = 0x0
meth = 0x7fbec9a29b40 <TLS_client_method_data.20660>
CApath = 0x0
CAfile = 0x7ffeb3eae827 "/usr/share/ca-certificates/extra/VipNet-CA.crt"
cbuf = 0x1b02630 "x\202\vɾ\177"
sbuf = 0x1b0c600 ""
mbuf = 0x1b0e610 ""
proxystr = 0x0
connectstr = 0x1af8ce0 "10.0.99.50:443"
cert_file = 0x0
key_file = 0x0
chain_file = 0x0
chCApath = 0x0
chCAfile = 0x0
host = 0x1af8d00 "10.0.99.50"
port = 0x1af8d20 "443"
inrand = 0x0
passarg = 0x0
pass = 0x0
vfyCApath = 0x0
vfyCAfile = 0x0
sess_in = 0x0
sess_out = 0x0
crl_file = 0x0
p = 0x7fbec9c4a040 "h\201\305ɾ\177"
xmpphost = 0x0
ehlo = 0x47fcb5 "mail.example.com"
timeout = {tv_sec = 0, tv_usec = 0}
timeoutp = 0x0
readfds = {__fds_bits = {0 <repeats 16 times>}}
writefds = {__fds_bits = {8, 0 <repeats 15 times>}}
noCApath = 0
noCAfile = 0
build_chain = 0
cbuf_len = 0
cbuf_off = 0
cert_format = 32773
key_format = 32773
crlf = 0
full_log = 1
mbuf_len = 0
prexit = 0
sdebug = 0
reconnect = 0
verify = 0
vpmtouched = 0
ret = 1
in_init = 1
i = 1
nbio_test = 0
s = 3
k = 32766
width = 4
state = 1
sbuf_len = 0
sbuf_off = 0
cmdletters = 1
socket_family = 0
socket_type = 1
starttls_proto = 0
crl_format = 32773
crl_download = 0
write_tty = 0
read_tty = 1
write_ssl = 1
read_ssl = 1
tty_on = 0
ssl_pending = 0
at_eof = 0
read_buf_len = 0
fallback_scsv = 0
randamt = 0
o = OPT_EOF
enable_timeouts = 0
socket_mtu = 0
ssl_client_engine = 0x0
e = 0x0
servername = 0x0
alpn_in = 0x0
tlsextcbp = {biodebug = 0x0, ack = 0}
ssl_config = 0x0
serverinfo_types = {256, 0, 0, 0, 36633, 67, 0, 0, 55216, 46058, 32766, 0, 27648, 105, 0, 0, 55056, 46058, 32766, 0, 21600, 51526, 32702, 0, 24941, 25460, 104, 0, 55088, 46058, 32766, 0, 55216, 46058,
32766, 0, 33904, 431, 0, 0, 0, 0, 7, 0, 35456, 431, 0, 0, 25904, 432, 0, 0, 32, 0, 0, 0, 46304, 2370, 0, 0, 36585, 67, 0, 0, 55120, 46058, 32766, 0, 19951, 51526, 32702, 0, 55216, 46058, 32766, 0,
33904, 431, 0, 0, 46304, 2370, 0, 0, 35456, 431, 0, 0, 27648, 105, 0, 0, 6400, 5175, 57671, 9491, 55152, 46058, 32766, 0}
serverinfo_count = 0
start = 0
len = 12
next_proto_neg_in = 0x0
srppass = 0x0
srp_lateuser = 0
srp_arg = {srppassin = 0x0, srplogin = 0x0, msg = 0, debug = 0, amp = 0, strength = 1024}
ctlog_file = 0x0
ct_validation = 0
min_version = 0
max_version = 0
prot_opt = 0
no_prot_opt = 0
async = 0
split_send_fragment = 0
max_pipelines = 0
connect_type = use_inet
count4or6 = 0
c_nbio = 0
c_msg = 0
c_ign_eof = 0
c_brief = 0
c_tlsextdebug = 0
c_status_req = 0
bio_c_msg = 0x0
__PRETTY_FUNCTION__ = "s_client_main"
#15 0x0000000000438c2b in do_cmd (prog=0x1af8470, argc=6, argv=0x7ffeb3eadd70) at apps/openssl.c:471
f = {type = FT_none, name = 0x7ffeb3eae816 "s_client", func = 0x7ffeb3ead7e0, help = 0x43801c <lh_FUNCTION_retrieve+35>}
fp = 0x696c00 <functions+1152>
#16 0x000000000043835c in main (argc=6, argv=0x7ffeb3eadd70) at apps/openssl.c:177
f = {type = 2972705047, name = 0x6a2fe0 <prog> "s_client", func = 0x17, help = 0x7fbec9a3ac44 <check_match+324>}
fp = 0x0
prog = 0x1af8470
copied_argv = 0x0
p = 0x0
pname = 0x6a2fe0 <prog> "s_client"
buf = "\370O\320Ⱦ\177\000\000\036\005\000\000\000\000\000\000\350\264\304ɾ\177\000\000\200}\317Ⱦ\177\000\000\370O\320Ⱦ\177\000\000{\264\243ɾ\177\000\000\036\005\000\000\000\000\000\000\370O\320Ⱦ\177\000\000\350\264\304ɾ\177\000\000X\331\352\263\376\177\000\000T\331\352\263\376\177\000\000\021\256\243ɾ\177\000\000 \332\352\263\376\177\000\000j\357/ɾ\177\000\000P\021.ɾ\177\000\000X\331\352\263\376\177\000\000\256`\207\377\000\000\000\000\202\035\376\003\000\000\000\000.\000\000\000\000\000\000\000D\254\243ɾ\177\000\000\370O\320Ⱦ\177\000\000F\b\000\000\000\000\000\000\350\264\304ɾ\177\000\000\200}\317Ⱦ\177\000\000\370O\320Ⱦ\177\000\000{\264\243ɾ\177\000\000F\b\000\000\000\000\000\000"...
prompt = 0x7fbec90bffc5 "__libc_pthread_init"
arg = {size = 0, argc = 32702, argv = 0x0}
first = 166
n = 0
i = 32702
ret = 0Please try now.
lazovskiy
commented
7 years ago Now openssl exits normally:
# /usr/local/bin/openssl s_client -CAfile /usr/share/ca-certificates/extra/VipNet-CA.crt -state -connect 10.0.99.50:443
CONNECTED(00000003)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
depth=1 OGRN = 0000000000000, street = "\D1\83\D0\BB. \D0\A8\D0\BE\D1\82\D0\BC\D0\B0\D0\BD\D0\B0, \D0\B4\D0\BE\D0\BC 56", SNILS = 77777777777, INN = 001111111111, GN = \D0\9F\D1\80\D0\B8\D0\BE\D0\B1\D1\80\D0\B5\D1\82\D0\B5\D0\BD\D0\BD\D0\BE\D0\B5 \D0\B8\D0\BC\D1\8F, SN = \D0\A4\D0\B0\D0\BC\D0\B8\D0\BB\D0\B8\D1\8F, C = RU, L = \D0\9F\D0\B5\D1\82\D1\80\D0\BE\D0\B7\D0\B0\D0\B2\D0\BE\D0\B4\D1\81\D0\BA, ST = 10 \D0\9A\D0\B0\D1\80\D0\B5\D0\BB\D0\B8\D1\8F \D0\A0\D0\B5\D1\81\D0\BF\D1\83\D0\B1\D0\BB\D0\B8\D0\BA\D0\B0, emailAddress = test@infoline-rk.ru, O = \D0\9E\D0\9E\D0\9E \"\D0\98\D0\BD\D1\84\D0\BE\D0\BB\D0\B0\D0\B9\D0\BD\", OU = \D0\A3\D0\B4\D0\BE\D1\81\D1\82\D0\BE\D0\B2\D0\B5\D1\80\D1\8F\D1\8E\D1\89\D0\B8\D0\B9 \D0\B8 \D0\BA\D0\BB\D1\8E\D1\87\D0\B5\D0\B2\D0\BE\D0\B9 \D1\86\D0\B5\D0\BD\D1\82\D1\80, title = \D0\90\D0\B4\D0\BC\D0\B8\D0\BD\D0\B8\D1\81\D1\82\D1\80\D0\B0\D1\82\D0\BE\D1\80, CN = \D0\90\D0\B4\D0\BC\D0\B8\D0\BD\D0\B8\D1\81\D1\82\D1\80\D0\B0\D1\82\D0\BE\D1\80 \D1\81\D0\B5\D1\82\D0\B8 1817
verify return:1
depth=0 CN = vcaws
verify return:1
SSL_connect:SSLv3/TLS read server certificate
SSL_connect:SSLv3/TLS read server certificate request
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client certificate
SSL_connect:SSLv3/TLS write client key exchange
SSL_connect:SSLv3/TLS write change cipher spec
SSL_connect:SSLv3/TLS write finished
SSL_connect:error in SSLv3/TLS write finished
140302602839808:error:0608308E:digital envelope routines:EVP_PKEY_get0_EC_KEY:expecting a ec key:crypto/evp/p_lib.c:319:
---
Certificate chain
0 s:/CN=vcaws
i:/OGRN=0000000000000/street=\xD1\x83\xD0\xBB. \xD0\xA8\xD0\xBE\xD1\x82\xD0\xBC\xD0\xB0\xD0\xBD\xD0\xB0, \xD0\xB4\xD0\xBE\xD0\xBC 56/SNILS=77777777777/INN=001111111111/GN=\xD0\x9F\xD1\x80\xD0\xB8\xD0\xBE\xD0\xB1\xD1\x80\xD0\xB5\xD1\x82\xD0\xB5\xD0\xBD\xD0\xBD\xD0\xBE\xD0\xB5 \xD0\xB8\xD0\xBC\xD1\x8F/SN=\xD0\xA4\xD0\xB0\xD0\xBC\xD0\xB8\xD0\xBB\xD0\xB8\xD1\x8F/C=RU/L=\xD0\x9F\xD0\xB5\xD1\x82\xD1\x80\xD0\xBE\xD0\xB7\xD0\xB0\xD0\xB2\xD0\xBE\xD0\xB4\xD1\x81\xD0\xBA/ST=10 \xD0\x9A\xD0\xB0\xD1\x80\xD0\xB5\xD0\xBB\xD0\xB8\xD1\x8F \xD0\xA0\xD0\xB5\xD1\x81\xD0\xBF\xD1\x83\xD0\xB1\xD0\xBB\xD0\xB8\xD0\xBA\xD0\xB0/emailAddress=test@infoline-rk.ru/O=\xD0\x9E\xD0\x9E\xD0\x9E "\xD0\x98\xD0\xBD\xD1\x84\xD0\xBE\xD0\xBB\xD0\xB0\xD0\xB9\xD0\xBD"/OU=\xD0\xA3\xD0\xB4\xD0\xBE\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD0\xB5\xD1\x80\xD1\x8F\xD1\x8E\xD1\x89\xD0\xB8\xD0\xB9 \xD0\xB8 \xD0\xBA\xD0\xBB\xD1\x8E\xD1\x87\xD0\xB5\xD0\xB2\xD0\xBE\xD0\xB9 \xD1\x86\xD0\xB5\xD0\xBD\xD1\x82\xD1\x80/title=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80/CN=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80 \xD1\x81\xD0\xB5\xD1\x82\xD0\xB8 1817
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG7TCCBpygAwIBAgIQAdHxgWVFv0AAAAABBxkAATAIBgYqhQMCAgMwggIEMRgw
FgYFKoUDZAESDTAwMDAwMDAwMDAwMDAxKDAmBgNVBAkMH9GD0LsuINCo0L7RgtC8
0LDQvdCwLCDQtNC+0LwgNTYxFjAUBgUqhQNkAxILNzc3Nzc3Nzc3NzcxGjAYBggq
hQMDgQMBARIMMDAxMTExMTExMTExMSowKAYDVQQqDCHQn9GA0LjQvtCx0YDQtdGC
0LXQvdC90L7QtSDQuNC80Y8xFzAVBgNVBAQMDtCk0LDQvNC40LvQuNGPMQswCQYD
VQQGEwJSVTEhMB8GA1UEBwwY0J/QtdGC0YDQvtC30LDQstC+0LTRgdC6MS8wLQYD
VQQIDCYxMCDQmtCw0YDQtdC70LjRjyDQoNC10YHQv9GD0LHQu9C40LrQsDEiMCAG
CSqGSIb3DQEJARYTdGVzdEBpbmZvbGluZS1yay5ydTEiMCAGA1UECgwZ0J7QntCe
ICLQmNC90YTQvtC70LDQudC9IjFEMEIGA1UECww70KPQtNC+0YHRgtC+0LLQtdGA
0Y/RjtGJ0LjQuSDQuCDQutC70Y7Rh9C10LLQvtC5INGG0LXQvdGC0YAxIzAhBgNV
BAwMGtCQ0LTQvNC40L3QuNGB0YLRgNCw0YLQvtGAMTEwLwYDVQQDDCjQkNC00LzQ
uNC90LjRgdGC0YDQsNGC0L7RgCDRgdC10YLQuCAxODE3MB4XDTE2MDgwODE0MzAw
MFoXDTE3MDgwODE0MzAwMFowEDEOMAwGA1UEAwwFdmNhd3MwYzAcBgYqhQMCAhMw
EgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAjaPxDzwTYDXiPLrES/17++WWs76eXTOx
or4vSWCzor2weFPTY8scjXGwrgTpwFJY51xO8DC1yRfw7pQIPBcsg4EJADA3MTkw
MDAxo4IDzTCCA8kwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MBAGA1UdEQQJMAeCBXZjYXdzMCAGBSqFA2RvBBcMFdCh0JrQl9CYIFZpUE5ldCBD
U1AgNDCB2AYFKoUDZHAEgc4wgcsMFdCh0JrQl9CYIFZpUE5ldCBDU1AgNAxY0J/R
gNC+0LPRgNCw0LzQvdGL0Lkg0LrQvtC80L/Qu9C10LrRgSBWaVBOZXQg0KPQtNC+
0YHRgtC+0LLQtdGA0Y/RjtGI0LjQuSDRhtC10L3QvdGC0YAgNAwr0KHQpC8xMTQt
MjMyMiDQvtGCIDI1INCw0L/RgNC10LvRjyAyMDE0INCzLgwr0KHQpC8xMjgtMjMy
NCDQvtGCIDI1INCw0L/RgNC10LvRjyAyMDE0INCzLjAMBgNVHRMBAf8EAjAAMIIC
RQYDVR0jBIICPDCCAjiAFGcDxvtTmGMhR0XKjVIid/5nCEHJoYICDKSCAggwggIE
MRgwFgYFKoUDZAESDTAwMDAwMDAwMDAwMDAxKDAmBgNVBAkMH9GD0LsuINCo0L7R
gtC80LDQvdCwLCDQtNC+0LwgNTYxFjAUBgUqhQNkAxILNzc3Nzc3Nzc3NzcxGjAY
BggqhQMDgQMBARIMMDAxMTExMTExMTExMSowKAYDVQQqDCHQn9GA0LjQvtCx0YDQ
tdGC0LXQvdC90L7QtSDQuNC80Y8xFzAVBgNVBAQMDtCk0LDQvNC40LvQuNGPMQsw
CQYDVQQGEwJSVTEhMB8GA1UEBwwY0J/QtdGC0YDQvtC30LDQstC+0LTRgdC6MS8w
LQYDVQQIDCYxMCDQmtCw0YDQtdC70LjRjyDQoNC10YHQv9GD0LHQu9C40LrQsDEi
MCAGCSqGSIb3DQEJARYTdGVzdEBpbmZvbGluZS1yay5ydTEiMCAGA1UECgwZ0J7Q
ntCeICLQmNC90YTQvtC70LDQudC9IjFEMEIGA1UECww70KPQtNC+0YHRgtC+0LLQ
tdGA0Y/RjtGJ0LjQuSDQuCDQutC70Y7Rh9C10LLQvtC5INGG0LXQvdGC0YAxIzAh
BgNVBAwMGtCQ0LTQvNC40L3QuNGB0YLRgNCw0YLQvtGAMTEwLwYDVQQDDCjQkNC0
0LzQuNC90LjRgdGC0YDQsNGC0L7RgCDRgdC10YLQuCAxODE3ghAB0e5CR94skAAA
AAAHGQABMB0GA1UdIAQWMBQwCAYGKoUDZHEBMAgGBiqFA2RxAjAdBgNVHQ4EFgQU
ns76LVonK3CpA5BSsS4VkGUCDKwwCAYGKoUDAgIDA0EAp9SNpmkt4FUooeli3gQ8
DZGkhWUk9d9G1cTF5cncBRLSCJd/0/cFtfXX5WUyvKjlfuK0wXEIzofrSOG5mR0C
0Q==
-----END CERTIFICATE-----
subject=/CN=vcaws
issuer=/OGRN=0000000000000/street=\xD1\x83\xD0\xBB. \xD0\xA8\xD0\xBE\xD1\x82\xD0\xBC\xD0\xB0\xD0\xBD\xD0\xB0, \xD0\xB4\xD0\xBE\xD0\xBC 56/SNILS=77777777777/INN=001111111111/GN=\xD0\x9F\xD1\x80\xD0\xB8\xD0\xBE\xD0\xB1\xD1\x80\xD0\xB5\xD1\x82\xD0\xB5\xD0\xBD\xD0\xBD\xD0\xBE\xD0\xB5 \xD0\xB8\xD0\xBC\xD1\x8F/SN=\xD0\xA4\xD0\xB0\xD0\xBC\xD0\xB8\xD0\xBB\xD0\xB8\xD1\x8F/C=RU/L=\xD0\x9F\xD0\xB5\xD1\x82\xD1\x80\xD0\xBE\xD0\xB7\xD0\xB0\xD0\xB2\xD0\xBE\xD0\xB4\xD1\x81\xD0\xBA/ST=10 \xD0\x9A\xD0\xB0\xD1\x80\xD0\xB5\xD0\xBB\xD0\xB8\xD1\x8F \xD0\xA0\xD0\xB5\xD1\x81\xD0\xBF\xD1\x83\xD0\xB1\xD0\xBB\xD0\xB8\xD0\xBA\xD0\xB0/emailAddress=test@infoline-rk.ru/O=\xD0\x9E\xD0\x9E\xD0\x9E "\xD0\x98\xD0\xBD\xD1\x84\xD0\xBE\xD0\xBB\xD0\xB0\xD0\xB9\xD0\xBD"/OU=\xD0\xA3\xD0\xB4\xD0\xBE\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD0\xB5\xD1\x80\xD1\x8F\xD1\x8E\xD1\x89\xD0\xB8\xD0\xB9 \xD0\xB8 \xD0\xBA\xD0\xBB\xD1\x8E\xD1\x87\xD0\xB5\xD0\xB2\xD0\xBE\xD0\xB9 \xD1\x86\xD0\xB5\xD0\xBD\xD1\x82\xD1\x80/title=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80/CN=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80 \xD1\x81\xD0\xB5\xD1\x82\xD0\xB8 1817
---
Acceptable client certificate CA names
/OGRN=0000000000000/street=\xD1\x83\xD0\xBB. \xD0\xA8\xD0\xBE\xD1\x82\xD0\xBC\xD0\xB0\xD0\xBD\xD0\xB0, \xD0\xB4\xD0\xBE\xD0\xBC 56/SNILS=77777777777/INN=001111111111/GN=\xD0\x9F\xD1\x80\xD0\xB8\xD0\xBE\xD0\xB1\xD1\x80\xD0\xB5\xD1\x82\xD0\xB5\xD0\xBD\xD0\xBD\xD0\xBE\xD0\xB5 \xD0\xB8\xD0\xBC\xD1\x8F/SN=\xD0\xA4\xD0\xB0\xD0\xBC\xD0\xB8\xD0\xBB\xD0\xB8\xD1\x8F/C=RU/L=\xD0\x9F\xD0\xB5\xD1\x82\xD1\x80\xD0\xBE\xD0\xB7\xD0\xB0\xD0\xB2\xD0\xBE\xD0\xB4\xD1\x81\xD0\xBA/ST=10 \xD0\x9A\xD0\xB0\xD1\x80\xD0\xB5\xD0\xBB\xD0\xB8\xD1\x8F \xD0\xA0\xD0\xB5\xD1\x81\xD0\xBF\xD1\x83\xD0\xB1\xD0\xBB\xD0\xB8\xD0\xBA\xD0\xB0/emailAddress=test@infoline-rk.ru/O=\xD0\x9E\xD0\x9E\xD0\x9E "\xD0\x98\xD0\xBD\xD1\x84\xD0\xBE\xD0\xBB\xD0\xB0\xD0\xB9\xD0\xBD"/OU=\xD0\xA3\xD0\xB4\xD0\xBE\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD0\xB5\xD1\x80\xD1\x8F\xD1\x8E\xD1\x89\xD0\xB8\xD0\xB9 \xD0\xB8 \xD0\xBA\xD0\xBB\xD1\x8E\xD1\x87\xD0\xB5\xD0\xB2\xD0\xBE\xD0\xB9 \xD1\x86\xD0\xB5\xD0\xBD\xD1\x82\xD1\x80/title=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80/CN=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80 \xD1\x81\xD0\xB5\xD1\x82\xD0\xB8 1817
Client Certificate Types: UNKNOWN (239),, UNKNOWN (238),, GOST01 Sign
Requested Signature Algorithms: 0xEF+md_gost12_512:0xEE+md_gost12_256:0xED+md_gost94
Shared Requested Signature Algorithms: 0xEF+md_gost12_512:0xEE+md_gost12_256:0xED+md_gost94
---
SSL handshake has read 2417 bytes and written 388 bytes
Verification: OK
---
New, TLSv1.0, Cipher is GOST2012-GOST8912-GOST8912
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : GOST2012-GOST8912-GOST8912
Session-ID: 5326697F6CC7CEC9C936AB530AF9A2D3FC597EB3C7B4180302953B1C8411BFC0
Session-ID-ctx:
Master-Key: 3FB13CB346EB684626CFF06B1D4023DB80E15BA15B93FA42B259647255BAD2F094A8E973ED99210D1E29989F625753E4
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1481545815
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
#But still there is an unexpected behaviour leading to the connection close:
140302602839808:error:0608308E:digital envelope routines:EVP_PKEY_get0_EC_KEY:expecting a ec key:crypto/evp/p_lib.c:319:Also, when i try to use client certificate segfault occurs:
Core was generated by `/usr/local/bin/openssl s_client -cert client.pem -key client.key -CAfile /usr/s'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fe89a525613 in BN_num_bits (a=0x0) at crypto/bn/bn_lib.c:163
163 int i = a->top - 1;
(gdb) bt full
#0 0x00007fe89a525613 in BN_num_bits (a=0x0) at crypto/bn/bn_lib.c:163
i = 32766
#1 0x00007fe899a2d90c in store_bignum (bn=0x0, buf=0x104a888 "", len=32) at /usr/src/engine/gost_ameth.c:28
bytes = 0
#2 0x00007fe899a30efd in pack_sign_cp (s=0x1061770, order=32, sig=0x104a888 "", siglen=0x7ffea8677cb8) at /usr/src/engine/gost_pmeth.c:376
sig_r = 0x0
sig_s = 0x0
#3 0x00007fe899a3104d in pkey_gost_ec_cp_sign (ctx=0x105a2f0, sig=0x104a888 "", siglen=0x7ffea8677cb8,
tbs=0x7ffea8677cd0 "e\037\353#[-\342\206w\177\353\361Z(\206\343\025\066v\300?EZJ\036\071\305\021\321\316", <incomplete sequence \364>, tbs_len=32) at /usr/src/engine/gost_pmeth.c:415
unpacked_sig = 0x1061770
pkey = 0x103d7f0
order = 64
#4 0x00007fe89a5e220c in EVP_PKEY_sign (ctx=0x105a2f0, sig=0x104a888 "", siglen=0x7ffea8677cb8,
tbs=0x7ffea8677cd0 "e\037\353#[-\342\206w\177\353\361Z(\206\343\025\066v\300?EZJ\036\071\305\021\321\316", <incomplete sequence \364>, tbslen=32) at crypto/evp/pmeth_fn.c:64
No locals.
#5 0x00007fe89a5e1e12 in EVP_SignFinal (ctx=0x105e4d0, sigret=0x104a888 "", siglen=0x7ffea8677d48, pkey=0x103d7f0) at crypto/evp/p_sign.c:54
m = "e\037\353#[-\342\206w\177\353\361Z(\206\343\025\066v\300?EZJ\036\071\305\021\321\316O\364\000\000\000\000\000\000\000\000ʌ\\\232\350\177\000\000`\375\002\001\000\000\000\000\331\032\000\000\000\000\000"
m_len = 32
i = 0
sltmp = 64
pkctx = 0x105a2f0
#6 0x00007fe89a97fa0c in tls_construct_client_verify (s=0x1045090) at ssl/statem/statem_clnt.c:2653
p = 0x104a886 "\223\060"
pkey = 0x103d7f0
md = 0x102fd60
mctx = 0x105e4d0
u = 0
n = 2
hdatalen = 6873
hdata = 0x1061bb0
#7 0x00007fe89a97a7b7 in ossl_statem_client_construct_message (s=0x1045090) at ssl/statem/statem_clnt.c:528
st = 0x10450d8
#8 0x00007fe89a9792cb in write_state_machine (s=0x1045090) at ssl/statem/statem.c:763
st = 0x10450d8
ret = 1
transition = 0x7fe89a97a250 <ossl_statem_client_write_transition>
pre_work = 0x7fe89a97a470 <ossl_statem_client_pre_work>
post_work = 0x7fe89a97a545 <ossl_statem_client_post_work>
construct_message = 0x7fe89a97a72a <ossl_statem_client_construct_message>
cb = 0x4489bc <apps_ssl_info_callback>
#9 0x00007fe89a9789f8 in state_machine (s=0x1045090, server=0) at ssl/statem/statem.c:394
buf = 0x0
Time = 1481546049
cb = 0x4489bc <apps_ssl_info_callback>
st = 0x10450d8
ret = -1
ssret = 1
#10 0x00007fe89a9784b1 in ossl_statem_connect (s=0x1045090) at ssl/statem/statem.c:170
No locals.
#11 0x00007fe89a953201 in ssl3_write_bytes (s=0x1045090, type=23, buf_=0x102b630, len=0) at ssl/record/rec_layer_s3.c:377
buf = 0x102b630 "x\362#\232\350\177"
tot = 0
n = 0
split_send_fragment = 0
maxpipes = 0
max_send_fragment = 0
nw = 0
u_len = 0
wb = 0x1045468
i = 0
#12 0x00007fe89a95fc1d in ssl3_write (s=0x1045090, buf=0x102b630, len=0) at ssl/s3_lib.c:3822
No locals.
#13 0x00007fe89a96cfaa in SSL_write (s=0x1045090, buf=0x102b630, num=0) at ssl/ssl_lib.c:1605
No locals.
#14 0x000000000044f81d in s_client_main (argc=0, argv=0x7ffea8678c10) at apps/s_client.c:2226
sbio = 0x1046850
key = 0x103d7f0
con = 0x1045090
ctx = 0x1042b90
chain = 0x0
cert = 0x1022130
vpm = 0x1021bb0
exc = 0x0
cctx = 0x1021c30
ssl_args = 0x0
dane_tlsa_domain = 0x0
dane_tlsa_rrset = 0x0
dane_ee_no_name = 0
crls = 0x0
meth = 0x7fe89abb0b40 <TLS_client_method_data.20660>
CApath = 0x0
CAfile = 0x7ffea867982c "/usr/share/ca-certificates/extra/VipNet-CA.crt"
cbuf = 0x102b630 "x\362#\232\350\177"
sbuf = 0x1035600 ""
mbuf = 0x1037610 ""
proxystr = 0x0
connectstr = 0x1021ce0 "vcaws:443"
cert_file = 0x7ffea8679809 "client.pem"
key_file = 0x7ffea8679819 "client.key"
chain_file = 0x0
chCApath = 0x0
chCAfile = 0x0
host = 0x1021d00 "vcaws"
port = 0x1021d20 "443"
inrand = 0x0
passarg = 0x0
pass = 0x0
vfyCApath = 0x0
vfyCAfile = 0x0
sess_in = 0x0
sess_out = 0x0
crl_file = 0x0
p = 0x7fe89add1040 "h\361ݚ\350\177"
xmpphost = 0x0
ehlo = 0x47fcb5 "mail.example.com"
timeout = {tv_sec = 0, tv_usec = 0}
timeoutp = 0x0
readfds = {__fds_bits = {0 <repeats 16 times>}}
writefds = {__fds_bits = {8, 0 <repeats 15 times>}}
noCApath = 0
noCAfile = 0
build_chain = 0
cbuf_len = 0
cbuf_off = 0
cert_format = 32773
key_format = 32773
crlf = 0
full_log = 1
mbuf_len = 0
prexit = 0
sdebug = 0
reconnect = 0
verify = 0
vpmtouched = 0
ret = 1
in_init = 1
i = 1
nbio_test = 0
s = 3
k = 32766
width = 4
state = 1
sbuf_len = 0
sbuf_off = 0
cmdletters = 1
socket_family = 0
socket_type = 1
starttls_proto = 0
crl_format = 32773
crl_download = 0
write_tty = 0
read_tty = 1
write_ssl = 1
read_ssl = 1
tty_on = 0
ssl_pending = 0
at_eof = 0
read_buf_len = 0
fallback_scsv = 0
randamt = 0
o = OPT_EOF
enable_timeouts = 0
socket_mtu = 0
ssl_client_engine = 0x0
e = 0x0
servername = 0x0
alpn_in = 0x0
tlsextcbp = {biodebug = 0x0, ack = 0}
ssl_config = 0x0
serverinfo_types = {256, 0, 0, 0, 36633, 67, 0, 0, 34384, 43111, 32766, 0, 27648, 105, 0, 0, 34224, 43111, 32766, 0, 50272, 39518, 32744, 0, 24941, 25460, 104, 0, 34256, 43111, 32766, 0, 34384, 43111,
32766, 0, 5232, 258, 0, 0, 0, 0, 7, 0, 6784, 258, 0, 0, 62768, 258, 0, 0, 32, 0, 0, 0, 46304, 2370, 0, 0, 36585, 67, 0, 0, 34288, 43111, 32766, 0, 48623, 39518, 32744, 0, 34384, 43111, 32766, 0,
5232, 258, 0, 0, 46304, 2370, 0, 0, 6784, 258, 0, 0, 27648, 105, 0, 0, 54016, 30587, 49068, 23001, 34320, 43111, 32766, 0}
serverinfo_count = 0
start = 0
len = 12
next_proto_neg_in = 0x0
srppass = 0x0
srp_lateuser = 0
srp_arg = {srppassin = 0x0, srplogin = 0x0, msg = 0, debug = 0, amp = 0, strength = 1024}
ctlog_file = 0x0
ct_validation = 0
min_version = 0
max_version = 0
prot_opt = 0
no_prot_opt = 0
async = 0
split_send_fragment = 0
max_pipelines = 0
connect_type = use_inet
count4or6 = 0
c_nbio = 0
c_msg = 0
c_ign_eof = 0
c_brief = 0
c_tlsextdebug = 0
c_status_req = 0
bio_c_msg = 0x0
__PRETTY_FUNCTION__ = "s_client_main"
#15 0x0000000000438c2b in do_cmd (prog=0x1021470, argc=10, argv=0x7ffea8678c10) at apps/openssl.c:471
f = {type = FT_none, name = 0x7ffea86797fa "s_client", func = 0x7ffea8678680, help = 0x43801c <lh_FUNCTION_retrieve+35>}
fp = 0x696c00 <functions+1152>
#16 0x000000000043835c in main (argc=10, argv=0x7ffea8678c10) at apps/openssl.c:177
f = {type = 2972705047, name = 0x6a2fe0 <prog> "s_client", func = 0x17, help = 0x7fe89abc1c44 <check_match+324>}
fp = 0x0
prog = 0x1021470
copied_argv = 0x0
p = 0x0
pname = 0x6a2fe0 <prog> "s_client"
buf = "\370\277\350\231\350\177\000\000\036\005\000\000\000\000\000\000\350$ݚ\350\177\000\000\200\355\347\231\350\177\000\000\370\277\350\231\350\177\000\000{$\274\232\350\177\000\000\036\005\000\000\000\000\000\000\370\277\350\231\350\177\000\000\350$ݚ\350\177\000\000\370\207g\250\376\177\000\000\364\207g\250\376\177\000\000\021\036\274\232\350\177\000\000\300\210g\250\376\177\000\000j_H\232\350\177\000\000P\201F\232\350\177\000\000\370\207g\250\376\177\000\000\256`\207\377\000\000\000\000\202\035\376\003\000\000\000\000.\000\000\000\000\000\000\000D\034\274\232\350\177\000\000\370\277\350\231\350\177\000\000F\b\000\000\000\000\000\000\350$ݚ\350\177\000\000\200\355\347\231\350\177\000\000\370\277\350\231\350\177\000\000{$\274"...
prompt = 0x7fe89a246fc5 "__libc_pthread_init"
arg = {size = 0, argc = 32744, argv = 0x0}
first = 166
n = 0
i = 32744
ret = 0Both issues should be fixed now.
lazovskiy
commented
7 years ago Thank you.
root@infoline:~# /usr/local/bin/openssl s_client -cert client.pem -key client.key -CAfile /usr/share/ca-certificates/extra/VipNet-CA.crt -state -connect vcaws:443
Enter pass phrase for client.key:
CONNECTED(00000003)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
depth=1 OGRN = 0000000000000, street = "\D1\83\D0\BB. \D0\A8\D0\BE\D1\82\D0\BC\D0\B0\D0\BD\D0\B0, \D0\B4\D0\BE\D0\BC 56", SNILS = 77777777777, INN = 001111111111, GN = \D0\9F\D1\80\D0\B8\D0\BE\D0\B1\D1\80\D0\B5\D1\82\D0\B5\D0\BD\D0\BD\D0\BE\D0\B5 \D0\B8\D0\BC\D1\8F, SN = \D0\A4\D0\B0\D0\BC\D0\B8\D0\BB\D0\B8\D1\8F, C = RU, L = \D0\9F\D0\B5\D1\82\D1\80\D0\BE\D0\B7\D0\B0\D0\B2\D0\BE\D0\B4\D1\81\D0\BA, ST = 10 \D0\9A\D0\B0\D1\80\D0\B5\D0\BB\D0\B8\D1\8F \D0\A0\D0\B5\D1\81\D0\BF\D1\83\D0\B1\D0\BB\D0\B8\D0\BA\D0\B0, emailAddress = test@infoline-rk.ru, O = \D0\9E\D0\9E\D0\9E \"\D0\98\D0\BD\D1\84\D0\BE\D0\BB\D0\B0\D0\B9\D0\BD\", OU = \D0\A3\D0\B4\D0\BE\D1\81\D1\82\D0\BE\D0\B2\D0\B5\D1\80\D1\8F\D1\8E\D1\89\D0\B8\D0\B9 \D0\B8 \D0\BA\D0\BB\D1\8E\D1\87\D0\B5\D0\B2\D0\BE\D0\B9 \D1\86\D0\B5\D0\BD\D1\82\D1\80, title = \D0\90\D0\B4\D0\BC\D0\B8\D0\BD\D0\B8\D1\81\D1\82\D1\80\D0\B0\D1\82\D0\BE\D1\80, CN = \D0\90\D0\B4\D0\BC\D0\B8\D0\BD\D0\B8\D1\81\D1\82\D1\80\D0\B0\D1\82\D0\BE\D1\80 \D1\81\D0\B5\D1\82\D0\B8 1817
verify return:1
depth=0 CN = vcaws
verify return:1
SSL_connect:SSLv3/TLS read server certificate
SSL_connect:SSLv3/TLS read server certificate request
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client certificate
SSL_connect:SSLv3/TLS write client key exchange
SSL_connect:SSLv3/TLS write certificate verify
SSL_connect:SSLv3/TLS write change cipher spec
SSL_connect:SSLv3/TLS write finished
SSL_connect:error in SSLv3/TLS write finished
write:errno=104
---
Certificate chain
0 s:/CN=vcaws
i:/OGRN=0000000000000/street=\xD1\x83\xD0\xBB. \xD0\xA8\xD0\xBE\xD1\x82\xD0\xBC\xD0\xB0\xD0\xBD\xD0\xB0, \xD0\xB4\xD0\xBE\xD0\xBC 56/SNILS=77777777777/INN=001111111111/GN=\xD0\x9F\xD1\x80\xD0\xB8\xD0\xBE\xD0\xB1\xD1\x80\xD0\xB5\xD1\x82\xD0\xB5\xD0\xBD\xD0\xBD\xD0\xBE\xD0\xB5 \xD0\xB8\xD0\xBC\xD1\x8F/SN=\xD0\xA4\xD0\xB0\xD0\xBC\xD0\xB8\xD0\xBB\xD0\xB8\xD1\x8F/C=RU/L=\xD0\x9F\xD0\xB5\xD1\x82\xD1\x80\xD0\xBE\xD0\xB7\xD0\xB0\xD0\xB2\xD0\xBE\xD0\xB4\xD1\x81\xD0\xBA/ST=10 \xD0\x9A\xD0\xB0\xD1\x80\xD0\xB5\xD0\xBB\xD0\xB8\xD1\x8F \xD0\xA0\xD0\xB5\xD1\x81\xD0\xBF\xD1\x83\xD0\xB1\xD0\xBB\xD0\xB8\xD0\xBA\xD0\xB0/emailAddress=test@infoline-rk.ru/O=\xD0\x9E\xD0\x9E\xD0\x9E "\xD0\x98\xD0\xBD\xD1\x84\xD0\xBE\xD0\xBB\xD0\xB0\xD0\xB9\xD0\xBD"/OU=\xD0\xA3\xD0\xB4\xD0\xBE\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD0\xB5\xD1\x80\xD1\x8F\xD1\x8E\xD1\x89\xD0\xB8\xD0\xB9 \xD0\xB8 \xD0\xBA\xD0\xBB\xD1\x8E\xD1\x87\xD0\xB5\xD0\xB2\xD0\xBE\xD0\xB9 \xD1\x86\xD0\xB5\xD0\xBD\xD1\x82\xD1\x80/title=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80/CN=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80 \xD1\x81\xD0\xB5\xD1\x82\xD0\xB8 1817
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG7TCCBpygAwIBAgIQAdHxgWVFv0AAAAABBxkAATAIBgYqhQMCAgMwggIEMRgw
FgYFKoUDZAESDTAwMDAwMDAwMDAwMDAxKDAmBgNVBAkMH9GD0LsuINCo0L7RgtC8
0LDQvdCwLCDQtNC+0LwgNTYxFjAUBgUqhQNkAxILNzc3Nzc3Nzc3NzcxGjAYBggq
hQMDgQMBARIMMDAxMTExMTExMTExMSowKAYDVQQqDCHQn9GA0LjQvtCx0YDQtdGC
0LXQvdC90L7QtSDQuNC80Y8xFzAVBgNVBAQMDtCk0LDQvNC40LvQuNGPMQswCQYD
VQQGEwJSVTEhMB8GA1UEBwwY0J/QtdGC0YDQvtC30LDQstC+0LTRgdC6MS8wLQYD
VQQIDCYxMCDQmtCw0YDQtdC70LjRjyDQoNC10YHQv9GD0LHQu9C40LrQsDEiMCAG
CSqGSIb3DQEJARYTdGVzdEBpbmZvbGluZS1yay5ydTEiMCAGA1UECgwZ0J7QntCe
ICLQmNC90YTQvtC70LDQudC9IjFEMEIGA1UECww70KPQtNC+0YHRgtC+0LLQtdGA
0Y/RjtGJ0LjQuSDQuCDQutC70Y7Rh9C10LLQvtC5INGG0LXQvdGC0YAxIzAhBgNV
BAwMGtCQ0LTQvNC40L3QuNGB0YLRgNCw0YLQvtGAMTEwLwYDVQQDDCjQkNC00LzQ
uNC90LjRgdGC0YDQsNGC0L7RgCDRgdC10YLQuCAxODE3MB4XDTE2MDgwODE0MzAw
MFoXDTE3MDgwODE0MzAwMFowEDEOMAwGA1UEAwwFdmNhd3MwYzAcBgYqhQMCAhMw
EgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAjaPxDzwTYDXiPLrES/17++WWs76eXTOx
or4vSWCzor2weFPTY8scjXGwrgTpwFJY51xO8DC1yRfw7pQIPBcsg4EJADA3MTkw
MDAxo4IDzTCCA8kwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MBAGA1UdEQQJMAeCBXZjYXdzMCAGBSqFA2RvBBcMFdCh0JrQl9CYIFZpUE5ldCBD
U1AgNDCB2AYFKoUDZHAEgc4wgcsMFdCh0JrQl9CYIFZpUE5ldCBDU1AgNAxY0J/R
gNC+0LPRgNCw0LzQvdGL0Lkg0LrQvtC80L/Qu9C10LrRgSBWaVBOZXQg0KPQtNC+
0YHRgtC+0LLQtdGA0Y/RjtGI0LjQuSDRhtC10L3QvdGC0YAgNAwr0KHQpC8xMTQt
MjMyMiDQvtGCIDI1INCw0L/RgNC10LvRjyAyMDE0INCzLgwr0KHQpC8xMjgtMjMy
NCDQvtGCIDI1INCw0L/RgNC10LvRjyAyMDE0INCzLjAMBgNVHRMBAf8EAjAAMIIC
RQYDVR0jBIICPDCCAjiAFGcDxvtTmGMhR0XKjVIid/5nCEHJoYICDKSCAggwggIE
MRgwFgYFKoUDZAESDTAwMDAwMDAwMDAwMDAxKDAmBgNVBAkMH9GD0LsuINCo0L7R
gtC80LDQvdCwLCDQtNC+0LwgNTYxFjAUBgUqhQNkAxILNzc3Nzc3Nzc3NzcxGjAY
BggqhQMDgQMBARIMMDAxMTExMTExMTExMSowKAYDVQQqDCHQn9GA0LjQvtCx0YDQ
tdGC0LXQvdC90L7QtSDQuNC80Y8xFzAVBgNVBAQMDtCk0LDQvNC40LvQuNGPMQsw
CQYDVQQGEwJSVTEhMB8GA1UEBwwY0J/QtdGC0YDQvtC30LDQstC+0LTRgdC6MS8w
LQYDVQQIDCYxMCDQmtCw0YDQtdC70LjRjyDQoNC10YHQv9GD0LHQu9C40LrQsDEi
MCAGCSqGSIb3DQEJARYTdGVzdEBpbmZvbGluZS1yay5ydTEiMCAGA1UECgwZ0J7Q
ntCeICLQmNC90YTQvtC70LDQudC9IjFEMEIGA1UECww70KPQtNC+0YHRgtC+0LLQ
tdGA0Y/RjtGJ0LjQuSDQuCDQutC70Y7Rh9C10LLQvtC5INGG0LXQvdGC0YAxIzAh
BgNVBAwMGtCQ0LTQvNC40L3QuNGB0YLRgNCw0YLQvtGAMTEwLwYDVQQDDCjQkNC0
0LzQuNC90LjRgdGC0YDQsNGC0L7RgCDRgdC10YLQuCAxODE3ghAB0e5CR94skAAA
AAAHGQABMB0GA1UdIAQWMBQwCAYGKoUDZHEBMAgGBiqFA2RxAjAdBgNVHQ4EFgQU
ns76LVonK3CpA5BSsS4VkGUCDKwwCAYGKoUDAgIDA0EAp9SNpmkt4FUooeli3gQ8
DZGkhWUk9d9G1cTF5cncBRLSCJd/0/cFtfXX5WUyvKjlfuK0wXEIzofrSOG5mR0C
0Q==
-----END CERTIFICATE-----
subject=/CN=vcaws
issuer=/OGRN=0000000000000/street=\xD1\x83\xD0\xBB. \xD0\xA8\xD0\xBE\xD1\x82\xD0\xBC\xD0\xB0\xD0\xBD\xD0\xB0, \xD0\xB4\xD0\xBE\xD0\xBC 56/SNILS=77777777777/INN=001111111111/GN=\xD0\x9F\xD1\x80\xD0\xB8\xD0\xBE\xD0\xB1\xD1\x80\xD0\xB5\xD1\x82\xD0\xB5\xD0\xBD\xD0\xBD\xD0\xBE\xD0\xB5 \xD0\xB8\xD0\xBC\xD1\x8F/SN=\xD0\xA4\xD0\xB0\xD0\xBC\xD0\xB8\xD0\xBB\xD0\xB8\xD1\x8F/C=RU/L=\xD0\x9F\xD0\xB5\xD1\x82\xD1\x80\xD0\xBE\xD0\xB7\xD0\xB0\xD0\xB2\xD0\xBE\xD0\xB4\xD1\x81\xD0\xBA/ST=10 \xD0\x9A\xD0\xB0\xD1\x80\xD0\xB5\xD0\xBB\xD0\xB8\xD1\x8F \xD0\xA0\xD0\xB5\xD1\x81\xD0\xBF\xD1\x83\xD0\xB1\xD0\xBB\xD0\xB8\xD0\xBA\xD0\xB0/emailAddress=test@infoline-rk.ru/O=\xD0\x9E\xD0\x9E\xD0\x9E "\xD0\x98\xD0\xBD\xD1\x84\xD0\xBE\xD0\xBB\xD0\xB0\xD0\xB9\xD0\xBD"/OU=\xD0\xA3\xD0\xB4\xD0\xBE\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD0\xB5\xD1\x80\xD1\x8F\xD1\x8E\xD1\x89\xD0\xB8\xD0\xB9 \xD0\xB8 \xD0\xBA\xD0\xBB\xD1\x8E\xD1\x87\xD0\xB5\xD0\xB2\xD0\xBE\xD0\xB9 \xD1\x86\xD0\xB5\xD0\xBD\xD1\x82\xD1\x80/title=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80/CN=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80 \xD1\x81\xD0\xB5\xD1\x82\xD0\xB8 1817
---
Acceptable client certificate CA names
/OGRN=0000000000000/street=\xD1\x83\xD0\xBB. \xD0\xA8\xD0\xBE\xD1\x82\xD0\xBC\xD0\xB0\xD0\xBD\xD0\xB0, \xD0\xB4\xD0\xBE\xD0\xBC 56/SNILS=77777777777/INN=001111111111/GN=\xD0\x9F\xD1\x80\xD0\xB8\xD0\xBE\xD0\xB1\xD1\x80\xD0\xB5\xD1\x82\xD0\xB5\xD0\xBD\xD0\xBD\xD0\xBE\xD0\xB5 \xD0\xB8\xD0\xBC\xD1\x8F/SN=\xD0\xA4\xD0\xB0\xD0\xBC\xD0\xB8\xD0\xBB\xD0\xB8\xD1\x8F/C=RU/L=\xD0\x9F\xD0\xB5\xD1\x82\xD1\x80\xD0\xBE\xD0\xB7\xD0\xB0\xD0\xB2\xD0\xBE\xD0\xB4\xD1\x81\xD0\xBA/ST=10 \xD0\x9A\xD0\xB0\xD1\x80\xD0\xB5\xD0\xBB\xD0\xB8\xD1\x8F \xD0\xA0\xD0\xB5\xD1\x81\xD0\xBF\xD1\x83\xD0\xB1\xD0\xBB\xD0\xB8\xD0\xBA\xD0\xB0/emailAddress=test@infoline-rk.ru/O=\xD0\x9E\xD0\x9E\xD0\x9E "\xD0\x98\xD0\xBD\xD1\x84\xD0\xBE\xD0\xBB\xD0\xB0\xD0\xB9\xD0\xBD"/OU=\xD0\xA3\xD0\xB4\xD0\xBE\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD0\xB5\xD1\x80\xD1\x8F\xD1\x8E\xD1\x89\xD0\xB8\xD0\xB9 \xD0\xB8 \xD0\xBA\xD0\xBB\xD1\x8E\xD1\x87\xD0\xB5\xD0\xB2\xD0\xBE\xD0\xB9 \xD1\x86\xD0\xB5\xD0\xBD\xD1\x82\xD1\x80/title=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80/CN=\xD0\x90\xD0\xB4\xD0\xBC\xD0\xB8\xD0\xBD\xD0\xB8\xD1\x81\xD1\x82\xD1\x80\xD0\xB0\xD1\x82\xD0\xBE\xD1\x80 \xD1\x81\xD0\xB5\xD1\x82\xD0\xB8 1817
Client Certificate Types: UNKNOWN (239),, UNKNOWN (238),, GOST01 Sign
Requested Signature Algorithms: 0xEF+md_gost12_512:0xEE+md_gost12_256:0xED+md_gost94
Shared Requested Signature Algorithms: 0xEF+md_gost12_512:0xEE+md_gost12_256:0xED+md_gost94
---
SSL handshake has read 2417 bytes and written 4584 bytes
Verification: OK
---
New, TLSv1.0, Cipher is GOST2012-GOST8912-GOST8912
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : GOST2012-GOST8912-GOST8912
Session-ID: D4E72A3A8672A0B823EE77A3404E2CCFC7708AC4E4C7CD6BB7CD9C314249C698
Session-ID-ctx:
Master-Key: 6BFD536BC0E5A243C13291F88AE7E0D61EB6A92B3C11871B91342BF65245E7B489128EDC528FC584FB07101FC68E7CAE
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1481550673
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---Now I get "write:errno=104" and still connection closes
beldmit
commented
7 years ago Could you please test the branch openssl_1_0_2 with openssl 1.0.2? The error 104 is "Connection reset by peer" so I can't easily debug it.
beldmit
commented
7 years ago Could you also try with the server that does not require the certificate authorization?
beldmit
commented
7 years ago I confirm the bug is present. Work on fixing it.
beldmit
commented
7 years ago Please try now. The problem was with detecting endianess, now it should be fixed.
beldmit
commented
7 years ago No complains. Hopefully works.
Hello!
I have an issue with openssl while connecting to TLS server with GOST server certificate.
/usr/local/bin/openssl version OpenSSL 1.1.0c 10 Nov 2016
/usr/local/bin/openssl s_client -CAfile /usr/share/ca-certificates/extra/VipNet-CA.crt -state -connect 10.0.99.50:443
This seems to be triggered by insufficient checks in gost_ec_verify function. sig_r and sig_s should be checked before calling BN_is_zero():
This patch prevents NULL pointer dereference, but still behaviour is unexpected. openssl fails with 'certificate signature failure' although both server and CA certificates are valid and the command works OK when used with 'OpenSSL 1.0.2g' with gost engine bundled.