some crashes on using DSA keys
Miroslav Kratochvil
exa.exa at gmail.com
Mon Apr 20 17:31:33 CEST 2009
First off. This message took me 3 tries to send correctly to the
correct mailing list. I'm very sorry for any inconvinience I did,
especially for spamming simon's mailbox with 3 almost identical copies
of that. I hope I didnt mess up anything now, and that this gets to
gnutls-devel. (shame on me!)
> It would be great if you could try to reproduce the problem using only
> gnutls-cli and gnutls-serv.
...
> Please see if you can make an unmodified 2.6.5 server crash.
ok, good news
gnutls-serv and gnutls-cli from 2.6.5 are affected too, but it shots
down only the misconfigured gnutls-cli. gnutls-serv only throws
message:
Error: A TLS packet with unexpected length was received.
I'm gonna fixed-client&unfixed-server combination in few minutes, hope
it doesn't die.
I'm posting the keys used to do this below. If you want full output of
crashed gnutls-cli, please tell me.
I run it this way:
gnutls-serv --x509cafile ca.crt --dhparams dh1024.pem --x509dsakeyfile
ssl.key --x509dsacertfile ssl.crt --require-cert
and
gnutls-cli --x509cafile ca.crt --x509keyfile c.key --x509certfile
c.crt localhost -p 5556
Keys are:
c.crt
-----BEGIN CERTIFICATE-----
MIIFJjCCBBCgAwIBAgIESeyRtTALBgkqhkiG9w0BAQUwVzELMAkGA1UEBhMCQ1ox
DjAMBgNVBAoTBXByYWhhMQswCQYDVQQLEwJuZTENMAsGA1UEBxMEdm9sZTEOMAwG
A1UECBMFbmV2aW0xDDAKBgNVBAMTA2V4YTAeFw0wOTA0MjAxNTE2MDdaFw0wOTEw
MTcxNTE2MTBaMFMxCzAJBgNVBAYTAkNaMQwwCgYDVQQKEwNhc2QxDDAKBgNVBAsT
A2FzZDEMMAoGA1UEBxMDYXNkMQwwCgYDVQQIEwNhc2QxDDAKBgNVBAMTA2FzZDCC
AqMwggIYBgcqhkjOOAQBMIICCwKCAQDEN3nB6G8hSwKVdDRwZBJHO2S4bvcfAcd7
gR8Sdk8UzPhTidThYPuKvRUZFwSnicAeuudQdXDcE6wH1R1FdwpQ5frSkzcaduZJ
1AGnoc+FFC/zzUqopB7H1W6Ucb0gWn+5z/hdtY/zgJMyAgBULe6WxJVWXElOLWpB
BJA34mbhw2fhncjcj+k3pUZXbxfbYGUUP174Zr9Dz2nbQ2j/rTXhoLb4GmgPvbYS
KC/YZjBFKVsLVt+swsPJU4duA8ezlQ8YjgL2Yg7UR0lhzXRvaqoT15aw76vnF576
n/sAS+oua4psgO05dd4/430XqLX4uxOcCQ9vaWoTcYHm6bxPWrObAgMBAAECgf9d
ghKEVkCfnR+eGcLjzMzpJWTagAdEv5RRRzeHlNobD5NIPGc3AQDfHTzwuAd/0CW+
f1O9BDrEpptVIDrS3+gKpY7iy0V3VzJn/KDNQk+jG/u+NBdgRtZkZVJNa+a1hGta
IcI65kuzv5JmQo3lj/4j24tPnKtSllIMqiAQgdSFwcPJkN9nTvGUG6/Uf4pUE3xg
CwKV3Ow0NLJZuLE31ekqHpzls1XNEdsv2vbiq9FdjrSq44c7ThRfTkXZxIV8lXKI
UPzYZ2mb94O3QFufY9rpB9L0z/cLmHmzO1b6mzvDP2rXZYReZb/AQxozTEyv07Qy
5yFoypuh+3y1gaYs7XEDgYQAAoGA08QKPf1foRPElVoKzAs19O3iONMdhPBlrw5Y
j+9GgUjqyc6n4YOYV+TNdXyKJdJIZd7qgxVfgQVhRHgF8WQatREkdxyCyPXxSi9w
bltPBp2Fg00rvnaGjJCbo38DeWuDkkkDhMurLFnxp1r2+ndvDxGpyXSsow4hcmQc
cbw6K1WjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQAC0nawvJC+1JatXiY
NDyIcJh/djAfBgNVHSMEGDAWgBTZbe4eoATyPzAYVtkaOaB4Dcl57zALBgkqhkiG
9w0BAQUDggEBAHaNN88xcVgOyT1o1n20aSv7ntZ2ZVKxn9JbtiLJg/06Ie7qk7/I
RMn240dwvI5fP6rWwdPRtMV7F3ccWp4L/ACedrTZuisz/m9vDPfZ/BVECP9EKZ7p
NPXxXGIpC4Mlb613apVYEEmKHQvbFER+2TyXduhk6SVeeIDmO+ksSigWgG6SsbDG
hs8vNR5ZrFeIvUXnj1tSdSbEcq8ItWXrEzSl3bI5L9wePBmL1VOEB1UphU5pn+sy
R68ywzb4aFE4eWcPeazI5r/JwfBQXlkeli27ZdOOoZcZ28CwziT9XENlasPEr2aq
RypSk+e2p22ntOqDt/tlaYtcdcGwe/ZGeNw=
-----END CERTIFICATE-----
c.key
-----BEGIN DSA PRIVATE KEY-----
MIIDFwIBAAKCAQEAxDd5wehvIUsClXQ0cGQSRztkuG73HwHHe4EfEnZPFMz4U4nU
4WD7ir0VGRcEp4nAHrrnUHVw3BOsB9UdRXcKUOX60pM3GnbmSdQBp6HPhRQv881K
qKQex9VulHG9IFp/uc/4XbWP84CTMgIAVC3ulsSVVlxJTi1qQQSQN+Jm4cNn4Z3I
3I/pN6VGV28X22BlFD9e+Ga/Q89p20No/6014aC2+BpoD722Eigv2GYwRSlbC1bf
rMLDyVOHbgPHs5UPGI4C9mIO1EdJYc10b2qqE9eWsO+r5xee+p/7AEvqLmuKbIDt
OXXeP+N9F6i1+LsTnAkPb2lqE3GB5um8T1qzmwIDAQABAoH/XYIShFZAn50fnhnC
48zM6SVk2oAHRL+UUUc3h5TaGw+TSDxnNwEA3x088LgHf9Alvn9TvQQ6xKabVSA6
0t/oCqWO4stFd1cyZ/ygzUJPoxv7vjQXYEbWZGVSTWvmtYRrWiHCOuZLs7+SZkKN
5Y/+I9uLT5yrUpZSDKogEIHUhcHDyZDfZ07xlBuv1H+KVBN8YAsCldzsNDSyWbix
N9XpKh6c5bNVzRHbL9r24qvRXY60quOHO04UX05F2cSFfJVyiFD82Gdpm/eDt0Bb
n2Pa6QfS9M/3C5h5sztW+ps7wz9q12WEXmW/wEMaM0xMr9O0MuchaMqboft8tYGm
LO1xAoGBANPECj39X6ETxJVaCswLNfTt4jjTHYTwZa8OWI/vRoFI6snOp+GDmFfk
zXV8iiXSSGXe6oMVX4EFYUR4BfFkGrURJHccgsj18UovcG5bTwadhYNNK752hoyQ
m6N/A3lrg5JJA4TLqyxZ8ada9vp3bw8Rqcl0rKMOIXJkHHG8OitVAoGBAO0z9uD3
/TFLo0gzj5WenCOpc2wr2PLXVw2RSS85QsNI6MEPnAFMWHKfRW1DcaWmjN+3xBT+
jqxcUW6ywk1iJHUQTS0V5yAR/7RSVHnAs9D+9DT9tWdxfRgWsmwL40YFC0N+HCGT
vduNykYT/DlwPpuRfg7EWAUU3GYw+rQo/8Mv
-----END DSA PRIVATE KEY-----
ca.crt
-----BEGIN CERTIFICATE-----
MIIDfTCCAmegAwIBAgIESew9qDALBgkqhkiG9w0BAQUwVzELMAkGA1UEBhMCQ1ox
DjAMBgNVBAoTBXByYWhhMQswCQYDVQQLEwJuZTENMAsGA1UEBxMEdm9sZTEOMAwG
A1UECBMFbmV2aW0xDDAKBgNVBAMTA2V4YTAeFw0wOTA0MjAwOTE3MzBaFw0xOTA0
MTgwOTE3MzRaMFcxCzAJBgNVBAYTAkNaMQ4wDAYDVQQKEwVwcmFoYTELMAkGA1UE
CxMCbmUxDTALBgNVBAcTBHZvbGUxDjAMBgNVBAgTBW5ldmltMQwwCgYDVQQDEwNl
eGEwggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIBCQKCAQCiqkB7quCFmp0nNCpuZRpT
2sZNoEb6zyu9WLzs6tU6y7af+zIj6nIS1x7URuWwcAsmCrceUEStIuBbMpkpeqxI
U5gzwFuVZKOn9/LcuvX2xTHqzDXyY7R3V+neQgJCS8nYF2jQm/QjzqKqzMDo/2Is
RLm7SJGhZc8A87W6VWPEqQSsqzSNIZKevmQj+fCjEebF0qtsImMLZbHQEmmlgEtH
zbavtqt8rB6saIPdw10XUMja+1yJipaxTm74z6C19C/hX3xROH91wtGXLsJgBI9a
UrdBdRVJtgIOoNfoP/TgnhU01a7Hb4vXf8s7pkUy86bJVzIhqL4+n0Q9DFXDuYAV
AgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwgw
DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU2W3uHqAE8j8wGFbZGjmgeA3Jee8w
CwYJKoZIhvcNAQEFA4IBAQCJOZQO8yzDXrGUIUhcmxT5Q29/iftxsKGHtGJ/ywmQ
rNFKdM0xWAP08B+kp/CviHrRe8AD1qOzT7NOxFq5R9jdLWGWpxTx78nZ/AqoI06Z
K95cAPwlY38s9I5v/naNYWSLvJBjD+cCRzvtoYodG0a7alNDXVXgELevw/M0WQ0m
bBcgJ4uIv6sF8LwDnf9imkGuT7T6n0ltepQ24SdNDjKJUwIisl3MC69bd8SeRqNQ
bi9nWTQWgJ9CqzENoKsL5gyQ6IcedKgIujTwq9CXESFWMu6yrRS8lE3xBuaUu42S
pvvCRa6KORJmR0Kf3efGoTf3E7kB/SAuVafoLAI2qDDy
-----END CERTIFICATE-----
ca.key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAoqpAe6rghZqdJzQqbmUaU9rGTaBG+s8rvVi87OrVOsu2n/sy
I+pyEtce1EblsHALJgq3HlBErSLgWzKZKXqsSFOYM8BblWSjp/fy3Lr19sUx6sw1
8mO0d1fp3kICQkvJ2Bdo0Jv0I86iqszA6P9iLES5u0iRoWXPAPO1ulVjxKkErKs0
jSGSnr5kI/nwoxHmxdKrbCJjC2Wx0BJppYBLR822r7arfKwerGiD3cNdF1DI2vtc
iYqWsU5u+M+gtfQv4V98UTh/dcLRly7CYASPWlK3QXUVSbYCDqDX6D/04J4VNNWu
x2+L13/LO6ZFMvOmyVcyIai+Pp9EPQxVw7mAFQIDAQABAoIBAAvnEFPcQ5STJTe2
qfos/LmxEvygI0F8AlPXF+/wGQ011dWsAFW/dHxrcE6RJ4J7GF2+v/qAXh4bJLaX
o7x0xQF/2G3FAA6U8CK80nETXycg88+eBL6JTC3FaZABXX/zYsAkql9FYh5yotWD
qQQDl+/sUXjiTQG13OlRa/VIBUZhB97aQDkG9HvB2zZGspRNAvX/npBdZ2TK1vJm
SDgJV+M8VRyxj77IK8b93OU3ve9TqFD6W2htjeY1FdkLKbRKNRCWGdfr8RnwWSOt
K7A6htSvRJsjeqirxusb83gY41JGYJ6MSW4RHgNlN9ChX4NikyUp42w7Omb5quLU
wpOxb7ECgYEAx4Pw3PP7csIvzMUt84LPd8PX3CJayjNUOrzVi354VTgtW9dD4vDE
+wMFBfJ+KJBUOSD3uFTFbuSEglOIo3UVLSRu/bHqxWNzO3RCqefnf7fmKJjqTESu
6DnXPV3OLwcWsg2H9Ny3WiWnsCzRGuBStkYIozxtXuj3lwHKrdLDitkCgYEA0LeM
dIRmZcF5Nn/EEa2/T2Cmnux3nWys0x88nwlLEXFHj0sUdU2wZDheWK4IQolpG+Cg
umX925ufnXifHKwLAaDFVoDi9XeHSbCqTsrK+x+8e70rljeje5UOAqLEp6cY/wKi
XeRIx1q1y69Ysb4chTnt+6hd54E2TDvjpx3GgZ0CgYEAwW4HrQ/WLnJZyVs5q6ac
4e47by7XesW82Z2OI0mf/G8Uer//DxyCvSE2U4fADC+xmBmAUXPOXi6q0XePN3oh
57w05z0A8hHy/CdBIly1MjvmpmFqdjr4oCjDprk1Vp62wDUiJKGAGaP8KW+p4zas
ug63/Rpupt+SexK/nzqBXjECgYEAyGyJttXxUqOAV4JHcMaM4JeqSRBAKO7T4wSq
/Pk6mexS0FpDsgVBbmvmxXeRPPug8IE7NuN76+e8VcYf3LOk+hI9jbzEtPzr8Cpy
0KjSVGX8ZEKa2WxiU+klhAhzmZ7PVQpdipYOAUmtK4QdQsmRr6maS0A5tHaTAo+8
I51nIs0CgYAJ84MewGdo7VH4me2oEF7EQRySoov7RzQAI3JJ/0aBi6T64CKGxCJk
CHrDfnCjH2qyYPT+QuvphzMoE8kgObhd49PwuXV+0uHFMfy+mNMZUpagolsz1i03
BdROt5J6ekwOvF0TuBusCM3uV7JHqQ1Apadru7bMz/piYGgAJfudxA==
-----END RSA PRIVATE KEY-----
dh1024.pem
Generator: 05
Prime: ad:a9:66:71:7a:34:72:ee:e2:5b:93:f4
1e:21:2b:9d:67:86:52:47:f6:b0:3f:78
88:31:44:ff:24:74:54:c7:1f:56:e7:c2
0f:88:66:ae:91:ea:c4:14:c3:16:35:91
66:5b:5a:80:e1:fd:5e:52:54:00:b2:43
83:1c:a1:e4:8e:a8:e4:dd:87:0d:7c:f6
88:7e:4b:5b:0d:5a:1e:ed:7b:ca:5e:9d
22:71:9a:1b:86:24:aa:b0:84:98:14:2e
0d:33:b6:94:77:a9:d0:07:02:0c:53:04
6e:8a:07:d3:6a:32:2a:32:3f:23:0f:42
4d:63:79:57:48:c8:05:a7
-----BEGIN DH PARAMETERS-----
MIGHAoGBAK2pZnF6NHLu4luT9B4hK51nhlJH9rA/eIgxRP8kdFTHH1bnwg+IZq6R
6sQUwxY1kWZbWoDh/V5SVACyQ4McoeSOqOTdhw189oh+S1sNWh7te8penSJxmhuG
JKqwhJgULg0ztpR3qdAHAgxTBG6KB9NqMioyPyMPQk1jeVdIyAWnAgEF
-----END DH PARAMETERS-----
ssl.crt
-----BEGIN CERTIFICATE-----
MIIFLDCCBBagAwIBAgIESexK4DALBgkqhkiG9w0BAQUwVzELMAkGA1UEBhMCQ1ox
DjAMBgNVBAoTBXByYWhhMQswCQYDVQQLEwJuZTENMAsGA1UEBxMEdm9sZTEOMAwG
A1UECBMFbmV2aW0xDDAKBgNVBAMTA2V4YTAeFw0wOTA0MjAxMDEzNTNaFw0xOTA0
MTgxMDEzNTdaMFcxCzAJBgNVBAYTAkNaMQwwCgYDVQQKEwNCbGUxDTALBgNVBAsT
BFNtcnQxDjAMBgNVBAcTBUt0ZXJhMQ4wDAYDVQQIEwVCbGlqZTELMAkGA1UEAxMC
TmUwggKlMIICGgYHKoZIzjgEATCCAg0CggEAygAmvvWeV4auzm9ZFG1+omVlyVqH
elM0qqJ717DdaKoJlIiCAgwsg7r+zpz4ekncShy0UxRm2yElW6p90Otx9QrCWTpv
jP6wHiTptk/vUEDSQ6/Zlqax7mI946XfoIxx3JCavVzBvNgUQAOai6BpjJ4a9ZVL
BdP2gSldt9XJ4CTuSdosBBjrCwTWn1oaZWFsXt6bgZdyZiZvAVizpDDkrV0RH6Fo
6PqfLAn3hyoesM5SeAllHba6cGibyXxsuocwwjwynq3Y1W4SIZomh63OYNWBh6uY
+9pYrdJsYtkQxhJwDSGg9yhyL3agmx2OmOD8S7we6r3j8/D8XJgW6rszTwIDAQAB
AoIBAANXfbMBCzqPDtgTCk06A0znRbs1of7v3qb7NlzhUl7Hf8F5gXUZNtwco6SC
MklYbKpWAtTkOVAv7zDiB2AFoezLRCw67EEcrlTOIlOsZNzvnzFH30Vy9bsBqXZy
3KbVfyvswUwxFNkHIuagNW+3Gqfp4a/lMi8jGSiv3E4M3ZPorcW1qiv5i/UZX3wB
rphD9dLKwgdTwmtyz+hp/zFKwtThIuhb2qZKbYZzMqI6d4FhLufcvvXFrZ3LoTEd
sprZ3fZI1M7IdvsGTZLnHQ4Bws32hPNSaA7/b3yxK3wfBZRs8+92LYE3kiGojylN
REsD8PXH5epas5+bS8A3RL284AkDgYQAAoGA3a5KHeltiQKAE2nO4zFZirFmG5Oe
e4Z84oRWjz3NujAy7B8OaZmSBQbXe8XdS67/bIHO+ULzStGEjQqs8xaev90rzJ/H
Y5q4G5SbwCo9AB+a99waDV+H06CdcH2aWzuphx88VgkoNTTjT/rsgUUw6i9GOTd0
CaM8UhirdOSRRCWjgYAwfjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMCBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBRdOw6fAlG3
powcRYMbekXDEG0QGjAfBgNVHSMEGDAWgBTZbe4eoATyPzAYVtkaOaB4Dcl57zAL
BgkqhkiG9w0BAQUDggEBAC1ErfpfBUAKsdBCDUaQmqzoiMQ5Bm6jX7vzht7HG0Bq
MA89SOrr09tTMkEIkab3LN+pCs2cSRRtHRNBk+tzn+cyq4VptFnV+EhpB32YCLro
SnfYD0eclv3yO2GnzP6tADDuHWyOq0bSYOxcnUZuEe7X/rl7Zj8meiE48i9jNQYD
lX0YayTBR1eYbtNEaZASUvrFO4JkBZlTjXR/qNRjj1SidVLfAayZtct40usEH+9V
EgpmZmtIqCPsmF8f3KVEcxwz7xwAtjI820qCRzFUmgboZ65jm3IWr4CibIgjlhs7
tzclPT9WeIZdeP7QWlFmhjbiY5yFfjCiyvlf3mechow=
-----END CERTIFICATE-----
ssl.key
-----BEGIN DSA PRIVATE KEY-----
MIIDGQIBAAKCAQEAygAmvvWeV4auzm9ZFG1+omVlyVqHelM0qqJ717DdaKoJlIiC
Agwsg7r+zpz4ekncShy0UxRm2yElW6p90Otx9QrCWTpvjP6wHiTptk/vUEDSQ6/Z
lqax7mI946XfoIxx3JCavVzBvNgUQAOai6BpjJ4a9ZVLBdP2gSldt9XJ4CTuSdos
BBjrCwTWn1oaZWFsXt6bgZdyZiZvAVizpDDkrV0RH6Fo6PqfLAn3hyoesM5SeAll
Hba6cGibyXxsuocwwjwynq3Y1W4SIZomh63OYNWBh6uY+9pYrdJsYtkQxhJwDSGg
9yhyL3agmx2OmOD8S7we6r3j8/D8XJgW6rszTwIDAQABAoIBAANXfbMBCzqPDtgT
Ck06A0znRbs1of7v3qb7NlzhUl7Hf8F5gXUZNtwco6SCMklYbKpWAtTkOVAv7zDi
B2AFoezLRCw67EEcrlTOIlOsZNzvnzFH30Vy9bsBqXZy3KbVfyvswUwxFNkHIuag
NW+3Gqfp4a/lMi8jGSiv3E4M3ZPorcW1qiv5i/UZX3wBrphD9dLKwgdTwmtyz+hp
/zFKwtThIuhb2qZKbYZzMqI6d4FhLufcvvXFrZ3LoTEdsprZ3fZI1M7IdvsGTZLn
HQ4Bws32hPNSaA7/b3yxK3wfBZRs8+92LYE3kiGojylNREsD8PXH5epas5+bS8A3
RL284AkCgYEA3a5KHeltiQKAE2nO4zFZirFmG5Oee4Z84oRWjz3NujAy7B8OaZmS
BQbXe8XdS67/bIHO+ULzStGEjQqs8xaev90rzJ/HY5q4G5SbwCo9AB+a99waDV+H
06CdcH2aWzuphx88VgkoNTTjT/rsgUUw6i9GOTd0CaM8UhirdOSRRCUCgYEA6UXj
26jtOpcysQhn5FaDxpUbjvlPHO8k6FUUXnbVCl4BKEkSW5kzeL1ezog65RUyPKdm
SXKgQcvWRXF76GRgAiqgUI1/tSYyKXTjljiyZZPjYhZB1hTcxVcZROHFvskLXmsn
UcdCdUM7POtFT/Cy3Nx1ZvyTYqwCH0Jomvx6pWM=
-----END DSA PRIVATE KEY-----
More information about the Gnutls-devel
mailing list