Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash?
Are the issues you raise true of SipHash, given that a prime motivator for its design was generating hash tables for short inputs while being secure against hash flooding attacks? It achieves this with the performance of a portable C implementation the order of four times faster than MD5, and not much slower than other modern hash algorithms. I'd have thought the main thing to consider is whether or not there is any practical way a hash flooding attack could be used against OpenSSL's hash tables, and it sounds like there isn't. In that case, the fastest algorithm for the usage patterns would be best. Regards, jjf On 11/01/2017 22:25, Peter Waltenberg wrote: And the reason I said you certainly don't need a keyed hash ? Behaviour of the hash function will change with key and in some cases performance would degenerate to that of a linked list. (Ouch). And since the obvious thing to do is use a random key, OpenSSL's performance would get *very* erratic. Simpler functions than cryptographic hashes will almost certainly yield better results here. I note someone further up the thread someone else has pointed that out. Peter From: "Salz, Rich" <rs...@akamai.com> To: "openssl-dev@openssl.org" <openssl-dev@openssl.org> Date: 11/01/2017 13:14 Subject: Re: [openssl-dev] use SIPhash for OPENSSL_LH_strhash? Sent by: "openssl-dev" <openssl-dev-boun...@openssl.org> The needs for OpenSSL's LHASH are exactly what SipHash was designed for: fast on short strings. OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code is commented out. Yes, performance tests would greatly inform the decision. -- J. J. Farrell Not speaking for Oracle -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a
Dear Salz, I don't know how to use accessors/settor functions. And I still don't know how to correct the compiling error in Visual Studio 2010. Specifically, for this line of code: EVP_ENCODE_CTX base64, I got the following error: error C2079: "base64"use undefined struct"evp_Encode_Ctx_st". My code is as follows: //base64 encoding void encode(unsigned char* outData, int * outlen, const unsigned char* data, int datalen) { int tmp=0; EVP_ENCODE_CTX base64; base64 = EVP_ENCODE_CTX_new(); EVP_EncodeInit(); EVP_EncodeUpdate(, outData, outlen, data, datalen ); tmp=*outlen; EVP_EncodeFinal(,outData+*outlen,outlen); EVP_ENCODE_CTX_free(); *outlen+=tmp; outData[*outlen]=0; print("base64 encoded:",outData,*outlen); } Cheers, Jing From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Friday, September 23, 2016 9:55 PM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] Definitions for some structures are strangely missing from 'evp.h' or other header files in OpenSSL 1.1.0a Yes, in 1.1.0 we =ade many structures opaque. You will have to use accessors/settor =unctions. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Forthcoming OpenSSL releases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2g, 1.0.1s. These releases will be made available on 1st March 2016 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity "high". Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Please also note that, as per our previous announcements, support for 1.0.1 will end on 31st December 2016. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJWzsjbAAoJEAEKUEB8TIy9ukoH/A+KQh0TPuC5CulMeFd4OiGy 7HV9bX/nCe4sKmW5IGYt6GDPFRnhup9WR9Dvz0C/sBjwttsnF+UZOUUfYbDw2liO YG46kiS95zbeU4yYFQwHr9Sf01o89ogEGrxCIlKQiA4aXSZwn9liI0a51y7izWUC xdj2GEgQ/fnVnlN/AyToVmoQxlrphXJx9FigLxTuXi1X6nvSNdEYB1VtOuqjanRu 8sR4UDCWYRZNT0L3as0IEU49X7ncwm5a85NR02SkVimevdbJw0mBT1ru4Zjddo88 oO5xpgSKy2a56xC8yQXURkVPvuFqUpfvyojLwOULUnWHCpnDhzn+ygdko2Pii3o= =XURc -END PGP SIGNATURE- -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4343] master: EC_KEY_priv2buf (): check parameter sanity
Hi, I have PR https://github.com/openssl/openssl/pull/739 with the below changes, please have a look. - In EC_KEY_priv2buf(), check for pbuf sanity. - If invoked with NULL, gracefully returns the key length. Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4343 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4342] few missing malloc return checks and free in error paths
Hi, I have the below mentioned changes in the PR: https://github.com/openssl/openssl/pull/740, please have a look. BIO_ADDR_new, ossl_hmac_init, b64_new, ok_new, pkey_hmac_init: - added missing checks for malloc return value. EC_KEY_new_method, ossl_hmac_copy, dane_ctx_enable: - releasing memory in few missing error paths EVP_DigestInit_ex: - remove additional check for ‘type’ and doing clear free instead of free ossl_hmac_cleanup, pkey_hmac_cleanup: - allow to invoke with NULL data - using EVP_PKEY_CTX_[get|set]_data Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4342 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4340] ASN1_item_sign_ctx(): method check before access and release ctx in error paths
- In error paths, EVP_MD_CTX allocated by the callee is not released (master) - Checking method before access (in master and earlier versions) Pull request with these changes (on master) are as below, please have a look. https://github.com/openssl/openssl/pull/737 Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4340 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4338] master: allocating memory for an unused variable in tls1_export_keying_material
Hi, In tls1_export_keying_material(), memory was getting allocated for an unused variable. I have removed this unused code in the below pull request, please have a look. https://github.com/openssl/openssl/pull/735 Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4338 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4306] few cmds help cleanup
Hi, enc: - typo in -base64 option - missing help opt text ocsp/req/rsautl/s_client: - missing help opt text Created the following pull request with the changes. https://github.com/openssl/openssl/pull/681 Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4306 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4296] Fix possible crash in BIO_parse_hostserv()
Hi, If BIO_parse_hostserv() is invoked with only (no port), it was running into crash when trying to check for any further colons existed in the parsed , as pointer to is NULL in this case. To reproduce the issue: $ openssl s_client -connect seg faults I have created a pull request with the required check, please check. https://github.com/openssl/openssl/pull/639 Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4296 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4299] s_server cmd
Hi, - added missing help option messages - ecdh_single option is removed as it is a no-op and not an option supported in earlier versions - ssl_ctx_security_debug() was invoked before ctx check for NULL - trusted_first option can be removed, as it is always enabled in 1.1. But not removed the option, require confirmation. I have made these changes in the below pull request, please have a look. https://github.com/openssl/openssl/pull/646 Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4299 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4295] help cleanup in dgst, pkeyutl cmds
Hi, - In dgst, pkeyutl cmds, some help text was missing for some options and in man pages. - fixed a minor typo in openssl.pod, that fixes make install. - digest-commands was showing ‘sha’, which is not a supported digest anymore. I have created the below pull request with required changes, please have a look. https://github.com/openssl/openssl/pull/637 Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4295 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4293] cmds help cleanup
Hi, In commands help, option valtype, 0 is to be treated same as '-', but in apps/opt.c: valtype2param(), case 0 was missing. Because of this, *openssl asn1parse -help* was printing options without args wrongly. Few cleanups are also done in asn1parse/ca/ciphers. I have created the following pull request with these changes. Please have a look https://github.com/openssl/openssl/pull/635 Thanks, Mohan -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4293 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4291] [PATCH] <-help> option in man pages
Hi, [-help] option in most of the commands documentation was missing and in ciphers and rehash commands it was wrongly specified as [-h], which is not considered as a valid option. I have create the below pull request with the changes. Please have a look. https://github.com/openssl/openssl/pull/628 Thanks, Mohan - http://rt.openssl.org/Ticket/Display.html?id=4291 Please log in as guest with password guest if prompted ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] openssl-1.1.0-pre2 make failure with perl-5.8.8 on Linux
Hi, I have a development environment, which uses a very old perl version (5.8.8). The compilation of openssl-1.1.0-pre2 fails with the following error, I have attached a patch below that worked for me: make[5]: Entering directory `/mail/src/mohan/v6.0/buildinstructions/openssl1.1/build64/openssl' Bareword found where operator expected at util/mkdef.pl line 1573, near "s/\./_/gr" Unquoted string "r" may clash with future reserved word at util/mkdef.pl line 1573. syntax error at util/mkdef.pl line 1573, near "s/\./_/gr" Execution of util/mkdef.pl aborted due to compilation errors. /opt/gcc-4.7.2/lib/gcc/x86_64-unknown-linux-gnu/4.7.2/../../../../x86_64-unknown-linux-gnu/bin/ld:crypto.map:1: syntax error in VERSION script collect2: error: ld returned 1 exit status make[5]: *** [link_a.linux-shared] Error 1 $ perl -v This is perl, v5.8.8 built for i686-linux-thread-multi Copyright 1987-2006, Larry Wall ... +++ + diff -Nur ../openssl-1.1.0-pre2/util/mkdef.pl ./util/mkdef.pl --- ../openssl-1.1.0-pre2/util/mkdef.pl 2016-01-14 01:51:33.0 -0800 +++ ./util/mkdef.pl 2016-02-01 09:08:00.0 -0800 @@ -1569,8 +1569,10 @@ while() { if (/OPENSSL_VERSION_TEXT\s+"OpenSSL (\d\.\d\.)(\d[a-z]*)(-| )/) { + my $basev = $1; my $suffix = $2; - my $baseversion = $1 =~ s/\./_/gr; +$basev =~ s/\./_/g; + my $baseversion = $basev; close IN; return ($baseversion."0", $baseversion.$suffix); } +++ + After applying the patch, the compilation is successful and here is the openssl version. $ openssl version -a OpenSSL 1.1.0-pre2 (alpha) 14 Jan 2016 built on: reproducible build, date unspecified platform: linux-x86_64 compiler: gcc -I. -I.. -I../include -Iinclude -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -DDSO_DLFCN -DHAVE_DLFCN_H -I/usr/local/include -DPURIFY -m64 -DL_ENDIAN -Wall -O3 -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/usr/local/etc/ssl" Please let me know if you need any additional info. Thanks, Mohan ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4283] TLS1.2 & SHA256 in a non-computer OS environment issues
I'm trying to upgrade an embedded system w/ a non-computer OS (e.g., not Windows, not MAC, not Linux, not Android, not UNIX, etc.) from using SSL3/TLS1 to TLS1.2 so I can use SHA256 certificates. The embedded system uses the Nucleus OS, has a Hitachi 7720 microprocessor and the code is written in C. I have to use the Renesas HEW compiler. I need a .lib file (not a DLL) to link w/ the rest of application software for the embedded system. I can't compile the OpenSSL code because it doesn't follow the simple rule that you can NOT use something before it has been defined. Amongst other things, the OpenSSL v1.0.2 code has structures that reference each other so no matter which one is defined first, I always get errors because the other structure hasn't been defined yet. Is there a version of the OpenSSL code that supports TLS1.2 & SHA256 that does follow the rule that you can't use something before it has been defined? Sincerely, Sandra Peterson Principal Software Engineer Pitney Bowes, Inc. Please consider your email server and your email mailbox before attaching a huge signature block or a signature block that contains graphics. This email message may contain confidential, proprietary and/or privileged information. It is intended only for the use of the intended recipient(s). If you have received it in error, please immediately advise the sender by reply email and then delete this email message. Any disclosure, copying, distribution or use of the information contained in this email message to or by anyone other than the intended recipient is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to the views of the Company. Thank you. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Forthcoming OpenSSL releases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2f, 1.0.1r. These releases will be made available on 28th January between approx. 1pm and 5pm (UTC). They will fix two security defects, one of "high" severity affecting 1.0.2 releases, and one "low" severity affecting all releases. Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Please also note that, as per our previous announcements, support for 1.0.0 and 0.9.8 releases ended on 31st December 2015 and are no longer receiving security updates. Support for 1.0.1 will end on 31st December 2016. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJWpgNkAAoJEAEKUEB8TIy9QcwH/3C7y700FjGjDBcNMcVO++GU 81cs87VqsoziuMSU9Sx8XlDWA8tH5JWXpES4+p9iWdKbks+2E0EahVZVaS5yDaLM LY6MaUM2Pucmrd/I7mvQ02AzzMWEUrFlbk1GtFVjU7IkYc1/ZOZLhjM6H0X8M8lO 5kvqpgWTGV5lMCJdOQLr/eIGIdGTy5Xqerm3Qz/nzvhbwaOu5pjvq0eub8AWbPb3 wwdB4GIKW4XaU7YAJl61o8jNeVoy/kMTfZmZYEefQzXf/1JYO2p8oqCMTIEUrSoN P7sT2d2DpjQvrK3j8MsIPMYUHLhxZt+MJ2+wuOLyznkPTdEIV+ylr6q0I74Wv1Q= =gzHe -END PGP SIGNATURE- ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Forthcoming OpenSSL releases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as high severity. This defect does not affect the 1.0.0 or 0.9.8 releases. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJVmpufAAoJEAEKUEB8TIy9yVAIALIZcV/4IW2ab7ENffcThFcz Wlgr553L2bciqRYU99EK8w+4Peg54lKoVw/5rZOQmL4fZqS9jAV+76PNz1kQX4jM 2+oe+F6Ed9A4GgwYbh69WDzSnnIdImH5aa1ui2AOqsgsT0aCZkups0hexCqKFSCW e5+OlHXA6FXNzsvRUTzcvfQBczakM7Z/7V4pOpTouzCwHQ+O1jriDRuI+8TVaF0w HpFWJ5uTGfY2lP3p1xI/A+11jfoxTd/XW7ljpqybTx7xARzH7tIuWQk+5Qd7DOZP NEdKw1YtPTXOR3MZJc4xShxv5SWFBjqUjmtVkHpF/dFmBWaMWTDYfAMhk/WOyAQ= =yVBV -END PGP SIGNATURE- ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl-announce] Forthcoming OpenSSL releases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as high severity. This defect does not affect the 1.0.0 or 0.9.8 releases. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJVmpufAAoJEAEKUEB8TIy9yVAIALIZcV/4IW2ab7ENffcThFcz Wlgr553L2bciqRYU99EK8w+4Peg54lKoVw/5rZOQmL4fZqS9jAV+76PNz1kQX4jM 2+oe+F6Ed9A4GgwYbh69WDzSnnIdImH5aa1ui2AOqsgsT0aCZkups0hexCqKFSCW e5+OlHXA6FXNzsvRUTzcvfQBczakM7Z/7V4pOpTouzCwHQ+O1jriDRuI+8TVaF0w HpFWJ5uTGfY2lP3p1xI/A+11jfoxTd/XW7ljpqybTx7xARzH7tIuWQk+5Qd7DOZP NEdKw1YtPTXOR3MZJc4xShxv5SWFBjqUjmtVkHpF/dFmBWaMWTDYfAMhk/WOyAQ= =yVBV -END PGP SIGNATURE- ___ openssl-announce mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
RE: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376
Thanks, for your reply Dr. Henson. I'll stick with the hourly snapshots from now on. J. Jeff Clemmer IT Specialist Phone: 434-980-7525 Email: john.j.clemmer4@mail.mil -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Saturday, June 28, 2014 1:58 PM To: Clemmer, John J CIV (US) Cc: openssl-dev@openssl.org Subject: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376 On Sat Jun 28 17:21:39 2014, john.j.clemmer4@mail.mil wrote: OpenSSL Development Team, My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as last night both resulted in the same error, whereby INT_MAX is used before it is declared in ssl/s3_pkt.c on line 586. Researching this error, I found a discussion among some of your developers, who experienced the same issue during their own compilation attempts. They created a bug report at http://rt.openssl.org/Ticket/Display.html?id=3376. The ticket was marked as resolved on 5.6.2014; however, I again downloaded the source from openssl.org last night and examined ssl/s3_pkt.c. I observed that the limits.h include statement is still omitted, thus producing the compilation error. The source of a specific version of OpenSSL does not change. So it's not surprising that the bug is still in 1.0.0m When a bug is fixed it will normally appear in the next release. There hasn't been one since 1.0.0.m so the fix isn't in an official release yet. Before then you can download nightly snapshots which will include the fix or obtain sources from the git repository. See: https://www.openssl.org/source/ Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org :��IϮ��r�m (Z+�7�zZ)���1���x��hW^��^��%�� ��jם.+-1�ځ��j:+v���h�
RE: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376
Thank you, Mr. Roeckx. J.J. Clemmer -Original Message- From: Kurt Roeckx via RT [mailto:r...@openssl.org] Sent: Saturday, June 28, 2014 2:43 PM To: Clemmer, John J CIV (US) Cc: openssl-dev@openssl.org Subject: Re: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376 On Sat, Jun 28, 2014 at 05:21:40PM +0200, Clemmer, John J CIV via RT wrote: OpenSSL Development Team, My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as last night both resulted in the same error, whereby INT_MAX is used before it is declared in ssl/s3_pkt.c on line 586. The problem is solved. There just wasn't a released with the fix yet. Kurt
RE: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376
Thanks, for your reply Dr. Henson. I'll stick with the hourly snapshots from now on. J. Jeff Clemmer IT Specialist Phone: 434-980-7525 Email: john.j.clemmer4@mail.mil -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Saturday, June 28, 2014 1:58 PM To: Clemmer, John J CIV (US) Cc: openssl-dev@openssl.org Subject: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376 On Sat Jun 28 17:21:39 2014, john.j.clemmer4@mail.mil wrote: OpenSSL Development Team, My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as last night both resulted in the same error, whereby INT_MAX is used before it is declared in ssl/s3_pkt.c on line 586. Researching this error, I found a discussion among some of your developers, who experienced the same issue during their own compilation attempts. They created a bug report at http://rt.openssl.org/Ticket/Display.html?id=3376. The ticket was marked as resolved on 5.6.2014; however, I again downloaded the source from openssl.org last night and examined ssl/s3_pkt.c. I observed that the limits.h include statement is still omitted, thus producing the compilation error. The source of a specific version of OpenSSL does not change. So it's not surprising that the bug is still in 1.0.0m When a bug is fixed it will normally appear in the next release. There hasn't been one since 1.0.0.m so the fix isn't in an official release yet. Before then you can download nightly snapshots which will include the fix or obtain sources from the git repository. See: https://www.openssl.org/source/ Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376
Thank you, Mr. Roeckx. J.J. Clemmer -Original Message- From: Kurt Roeckx via RT [mailto:r...@openssl.org] Sent: Saturday, June 28, 2014 2:43 PM To: Clemmer, John J CIV (US) Cc: openssl-dev@openssl.org Subject: Re: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376 On Sat, Jun 28, 2014 at 05:21:40PM +0200, Clemmer, John J CIV via RT wrote: OpenSSL Development Team, My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as last night both resulted in the same error, whereby INT_MAX is used before it is declared in ssl/s3_pkt.c on line 586. The problem is solved. There just wasn't a released with the fix yet. Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3107] Resolved: Bug Report with Patch 1.0.1c/e (Typo in apps/ocsp.c line 1412)
openssl-1.0.1h$ grep -R responsder * apps/ocsp.c:BIO_printf(bio_err, Error querying OCSP responsder\n); :-( On 28 Jun 2014, at 8:07 AM, Stephen Henson via RT wrote: According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. signature.asc Description: PGP signature
[openssl.org #3413] OpenSSL Bug Report Submission - related to #3376
OpenSSL Development Team, My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as last night both resulted in the same error, whereby INT_MAX is used before it is declared in ssl/s3_pkt.c on line 586. Researching this error, I found a discussion among some of your developers, who experienced the same issue during their own compilation attempts. They created a bug report at http://rt.openssl.org/Ticket/Display.html?id=3376. The ticket was marked as resolved on 5.6.2014; however, I again downloaded the source from openssl.org last night and examined ssl/s3_pkt.c. I observed that the limits.h include statement is still omitted, thus producing the compilation error. I edited s3_pkt.c by adding #include limits.h, and successfully compiled OpenSSL 1.0.0m. ### Bug Report Information OS: Oracle Solaris 10 Sparc OpenSSL version: 1.0.0m Compilation Error: s3_pkt.c: In function `ssl3_write_bytes': s3_pkt.c:586: error: `INT_MAX' undeclared (first use in this function) s3_pkt.c:586: error: (Each undeclared identifier is reported only once s3_pkt.c:586: error: for each function it appears in.) make[1]: *** [s3_pkt.o] Error 1 make[1]: Leaving directory `/opt/temp/openssl-1.0.0m/ssl' make: *** [build_ssl] Error 1 Regards, J. Jeff Clemmer IT Specialist Phone: 434-980-7525 Email: john.j.clemmer4@mail.mil __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3107] Bug Report with Patch 1.0.1c/e (Typo in apps/ocsp.c line 1412)
Hello! Issue: Typo in apps/ocsp.c line 1412 Issue detail: Error querying OCSP responsder (stray S in responder) Issue found in: This typo was originally detected in 1.0.1c (also line 1412) but I checked the latest source to verify the bug still exists in 1.0.1e (line 1412) Patch submitted? Yes, inline below. Patch tested? Yes Patch fixes issue? Yes Below is a diff fixing a typo in line 1412 of apps/ocsp.c 1412 BIO_printf(bio_err, Error querying OCSP responsder\n); should be 1412 BIO_printf(bio_err, Error querying OCSP responder\n); diff ocsp.c ocsp-mjh.c 1412c1412 BIO_printf(bio_err, Error querying OCSP responsder\n); --- BIO_printf(bio_err, Error querying OCSP responder\n); This appears to be the only instance of the responsder typo: mjh@Host ~/c/o/apps grep -R responsder * ocsp.c: BIO_printf(bio_err, Error querying OCSP responsder\n); Patch fixes the issue Great work everyone, thanks for all the effort, I am glad to be able to contribute a quick patch to such an excellent project. Matthew. signature.asc Description: PGP signature
Re: [openssl.org #3101] [PATCH] Add CMP (RFC 4210) implementation
On 2.Aug.13 14:22, Stephen Henson wrote: On Fri Aug 02 10:23:05 2013, martin.pe...@nsn.com wrote: - the code in crypto/cmp also includes the functionality to perform the most important cmp message sequences via HTTP. This code depends on libcurl, so it is split into its own library (libcrypto_cmpseq.a) in order to help deal with the circular dependency when curl is also linked with openssl. There is some minimal HTTP code which the OpenSSL OCSP library uses and some functions to download certificates and CRLs. Could you use that and avoid the curl dependency? So far we've been using libcurl because we wanted a complete (and easy to use) HTTP implementation that would, for example, be able to make use of proxies and handle HTTP redirections properly. The minimal HTTP implementation in OCSP might also be sufficient for what's required by CMP. We will look into using that instead of libcurl, and get back to you. best regards, Miikka __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3101] [PATCH] Add CMP (RFC 4210) implementation
On 2.Aug.13 14:22, Stephen Henson wrote: On Fri Aug 02 10:23:05 2013, martin.pe...@nsn.com wrote: - the code in crypto/cmp also includes the functionality to perform the most important cmp message sequences via HTTP. This code depends on libcurl, so it is split into its own library (libcrypto_cmpseq.a) in order to help deal with the circular dependency when curl is also linked with openssl. There is some minimal HTTP code which the OpenSSL OCSP library uses and some functions to download certificates and CRLs. Could you use that and avoid the curl dependency? So far we've been using libcurl because we wanted a complete (and easy to use) HTTP implementation that would, for example, be able to make use of proxies and handle HTTP redirections properly. The minimal HTTP implementation in OCSP might also be sufficient for what's required by CMP. We will look into using that instead of libcurl, and get back to you. best regards, Miikka __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
ssl3_send_alert() sending a WARNING alert
Hi, I have been trying to have ssl3_send_alert() send a warning alert without terminating my TLS session, but with no luck. I tried setting al to different values defined in tls1.h, and having SSL3_AL_WARNING instead OF SSL3_AL_FATAL but I still get the session terminated. I appreciate if you can share a working example or point me to somewhere in the code where I can change the default behavior. This is for testing purposes only. Thanks, Nadhem
OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [24 Apr 2012] === ASN1 BIO incomplete fix (CVE-2012-2131) === It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110. Thanks to Red Hat for discovering and fixing this issue. Affected users should upgrade to 0.9.8w. References == URL for this Security Advisory: http://www.openssl.org/news/secadv_20120424.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQCVAwUBT5ZV8+6tTP1JpWPZAQIQHwQAvrWr3lRsvFkskFR1apYn/xf0l7cUABGX HUUtmDRQJuYFyK0UMdInvcrZ7W82FhzzuGNLwnwI5b8Ttn4oOwcntM335WMf8d10 O4S7OjJmjpNEM1Lb0Ik9ZQdxJTepuWgG4iNKXtZIMdY8amCC+a0jPcwDzji2RfHP OKUh7LxTI5E= =HggZ -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2627] SPARC T4 support for OpenSSL
As some of you may be aware the new Oracle SPARC T4 processor has hardware crypto support just like its predecessors SPARC T1,T2,T3. However unlike the prior SPARC T series processors the hardware crypto is not hyper-privileged but is instead new instructions accessible from unprivileged userland code. Basically a very similar model to what is available in Intel processors with AES-NI, but it is much more than just AES. The hardware supports instructions for: AES, DES, Camellia MD5, SHA1, SHA256, SHA512 MONTMUL, MPUL We currently have an new t4 engine implemented that provides support for AES,MD5,SHA1,SHA256/384/512 using the hardware instructions on the SPARC T4 processor. We implemented this as a new engine because at the time we made the choices this is how Intel AES-NI support was done in OpenSSL CVS head. We have noticed that the Intel AES-NI support has changed and it is now directly integrated rather than being an engine. We would like to contribute patches for SPARC T4 support to OpenSSL with the intention of them being part of the core release. We can contribute the engine as we currently have it if that is of interest. However we would like to know if the OpenSSL community believes that SPARC T4 should be done similar to Intel AES-NI instead and integrated inline into the main implementation. -- Darren J Moffat __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: s_client -reconnect with DTLS
Thanks Michael and Robin. I will try the patch and let u know. Regards, Nadhem From: Michael Tüxen michael.tue...@lurchi.franken.de To: N. J. nadh...@yahoo.com Cc: openssl-dev@openssl.org Sent: Thu, April 28, 2011 2:04:42 PM Subject: Re: s_client -reconnect with DTLS On Apr 22, 2011, at 11:40 PM, N. J. wrote: Thanks Michael and Robin, I will be waiting for your response. Hi Nadhem, could you try the patches Robin has posted yesterday to the list and report if they fix the problem you are experiencing? At least for us it fixed it. Thanks for reporting the problem. Best regards Michael Meanwhile, enjoy your Easter holiday. Cheers, Nadhem From: Michael Tüxen michael.tue...@lurchi.franken.de To: openssl-dev@openssl.org Cc: Andrey Kulikov amde...@gmail.com Sent: Sat, April 23, 2011 12:08:12 AM Subject: Re: s_client -reconnect with DTLS On Apr 22, 2011, at 2:56 PM, N. J. wrote: Thanks for the reply Andy, Please find hereafter the full description. I hope it is more clear. 1. What are you doing exactly: N I am testing the session resumption feature available with OpenSSL using s_client. My setup has a machine running s_client and another one running s_server. I am using OpenSSL 1.0.0a. I am testing with both, TLS and DTLS, and I uses the -reconnect handler to test the session resumption feature. For example: openssl s_client -connect 10.1.1.1:4443 -dtls1 -reconnect -reconnect- Drop and re-make the connection with the same Session-ID 3. What do you expect to see. N I expect to see the following in accordance to the documentation of OpenSSL: The client reconnects to the same server 5 times using the same session ID 2. What do you see. N With TLS all good, I can see the session getting resumed as per the OpenSSL's documentaton. I can see the client sending the session resumption hellos and the server replying back and both finishing the session resumption cycle multiple times. When I use DTLS instead, with the -dtls1 handler, I can see the client and server getting initially connected. However, when the client tries to reconnect by sending a session resumption client hello, the server never respond. Dear all, Robin Seggelmann and myself have verified that there is some issue using DTLS. He will look into this as soon as time permits... Best regards Michael Thanks, Nadhem From: Andrey Kulikov amde...@gmail.com To: openssl-dev@openssl.org Sent: Fri, April 22, 2011 3:26:56 PM Subject: Re: s_client -reconnect with DTLS Hello, I'm sure you'll get help faster, if you describe: 1. What are you doing exactly. 2. What do you see. 3. What do you expect to see. This is absolutelly necessary steps, as all telepathist is on vacation now. On 22 April 2011 15:50, N. J. nadh...@yahoo.com wrote: Hi again, I am not sure if someone can help confirming that the -reconnect option is broken with the dtls implementation? Please refer to my email below. Looking forward for your support. Regards, Nadhem Hi there, I have been trying to get the s_client -reconnect option working with my s_server but had no luck when using DTLS, -dtls1. I could not find any information why it is not working so I wonder if this is broken in openssl 1.0.0a. If so, is there any fix? Thanks in advance, Nadhem __ OpenSSL Projecthttp://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Projecthttp://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: s_client -reconnect with DTLS
Hi Michael, Just tried it with my 1.0.0a code and Robin's patch. It is the same behaviour when using -reconnect: 1. The client connects to the server and completes the first DTLS handshake successfully. 2. The client sends and encrypted alert followed by a client hello 3. No response is received from the server and the client begins re-transimitting the client hellos. Regards, Nadhem From: Michael Tüxen michael.tue...@lurchi.franken.de To: N. J. nadh...@yahoo.com Cc: openssl-dev@openssl.org Sent: Thu, April 28, 2011 2:04:42 PM Subject: Re: s_client -reconnect with DTLS On Apr 22, 2011, at 11:40 PM, N. J. wrote: Thanks Michael and Robin, I will be waiting for your response. Hi Nadhem, could you try the patches Robin has posted yesterday to the list and report if they fix the problem you are experiencing? At least for us it fixed it. Thanks for reporting the problem. Best regards Michael Meanwhile, enjoy your Easter holiday. Cheers, Nadhem From: Michael Tüxen michael.tue...@lurchi.franken.de To: openssl-dev@openssl.org Cc: Andrey Kulikov amde...@gmail.com Sent: Sat, April 23, 2011 12:08:12 AM Subject: Re: s_client -reconnect with DTLS On Apr 22, 2011, at 2:56 PM, N. J. wrote: Thanks for the reply Andy, Please find hereafter the full description. I hope it is more clear. 1. What are you doing exactly: N I am testing the session resumption feature available with OpenSSL using s_client. My setup has a machine running s_client and another one running s_server. I am using OpenSSL 1.0.0a. I am testing with both, TLS and DTLS, and I uses the -reconnect handler to test the session resumption feature. For example: openssl s_client -connect 10.1.1.1:4443 -dtls1 -reconnect -reconnect- Drop and re-make the connection with the same Session-ID 3. What do you expect to see. N I expect to see the following in accordance to the documentation of OpenSSL: The client reconnects to the same server 5 times using the same session ID 2. What do you see. N With TLS all good, I can see the session getting resumed as per the OpenSSL's documentaton. I can see the client sending the session resumption hellos and the server replying back and both finishing the session resumption cycle multiple times. When I use DTLS instead, with the -dtls1 handler, I can see the client and server getting initially connected. However, when the client tries to reconnect by sending a session resumption client hello, the server never respond. Dear all, Robin Seggelmann and myself have verified that there is some issue using DTLS. He will look into this as soon as time permits... Best regards Michael Thanks, Nadhem From: Andrey Kulikov amde...@gmail.com To: openssl-dev@openssl.org Sent: Fri, April 22, 2011 3:26:56 PM Subject: Re: s_client -reconnect with DTLS Hello, I'm sure you'll get help faster, if you describe: 1. What are you doing exactly. 2. What do you see. 3. What do you expect to see. This is absolutelly necessary steps, as all telepathist is on vacation now. On 22 April 2011 15:50, N. J. nadh...@yahoo.com wrote: Hi again, I am not sure if someone can help confirming that the -reconnect option is broken with the dtls implementation? Please refer to my email below. Looking forward for your support. Regards, Nadhem Hi there, I have been trying to get the s_client -reconnect option working with my s_server but had no luck when using DTLS, -dtls1. I could not find any information why it is not working so I wonder if this is broken in openssl 1.0.0a. If so, is there any fix? Thanks in advance, Nadhem __ OpenSSL Projecthttp://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: s_client -reconnect with DTLS -- Solved
Hi Michael and Robin, This is to confirm that the issue has been resolved after applying the following patches to the machine running my s_client: SSL_clear patch (#2506) and DTLS Session Resumption Timer Bug patch (#2505) Thanks for your support, Nadhem From: Michael Tuexen tue...@fh-muenster.de To: N. J. nadh...@yahoo.com Cc: openssl-dev@openssl.org; Robin Seggelmann seggelm...@fh-muenster.de Sent: Thu, April 28, 2011 8:11:28 PM Subject: Re: s_client -reconnect with DTLS On Apr 28, 2011, at 6:18 PM, N. J. wrote: Hi Michael, Just tried it with my 1.0.0a code and Robin's patch. It is the same behaviour when using -reconnect: 1. The client connects to the server and completes the first DTLS handshake successfully. 2. The client sends and encrypted alert followed by a client hello 3. No response is received from the server and the client begins re-transimitting the client hellos. Hi Nadhem, hmmm. Could you provide a capture file in .pcap format? You can send it privately to me. I'm interested in the epoch of the second client hello? Best regards Michael Regards, Nadhem From: Michael Tüxen michael.tue...@lurchi.franken.de To: N. J. nadh...@yahoo.com Cc: openssl-dev@openssl.org Sent: Thu, April 28, 2011 2:04:42 PM Subject: Re: s_client -reconnect with DTLS On Apr 22, 2011, at 11:40 PM, N. J. wrote: Thanks Michael and Robin, I will be waiting for your response. Hi Nadhem, could you try the patches Robin has posted yesterday to the list and report if they fix the problem you are experiencing? At least for us it fixed it. Thanks for reporting the problem. Best regards Michael Meanwhile, enjoy your Easter holiday. Cheers, Nadhem From: Michael Tüxen michael.tue...@lurchi.franken.de To: openssl-dev@openssl.org Cc: Andrey Kulikov amde...@gmail.com Sent: Sat, April 23, 2011 12:08:12 AM Subject: Re: s_client -reconnect with DTLS On Apr 22, 2011, at 2:56 PM, N. J. wrote: Thanks for the reply Andy, Please find hereafter the full description. I hope it is more clear. 1. What are you doing exactly: N I am testing the session resumption feature available with OpenSSL using s_client. My setup has a machine running s_client and another one running s_server. I am using OpenSSL 1.0.0a. I am testing with both, TLS and DTLS, and I uses the -reconnect handler to test the session resumption feature. For example: openssl s_client -connect 10.1.1.1:4443 -dtls1 -reconnect -reconnect- Drop and re-make the connection with the same Session-ID 3. What do you expect to see. N I expect to see the following in accordance to the documentation of OpenSSL: The client reconnects to the same server 5 times using the same session ID 2. What do you see. N With TLS all good, I can see the session getting resumed as per the OpenSSL's documentaton. I can see the client sending the session resumption hellos and the server replying back and both finishing the session resumption cycle multiple times. When I use DTLS instead, with the -dtls1 handler, I can see the client and server getting initially connected. However, when the client tries to reconnect by sending a session resumption client hello, the server never respond. Dear all, Robin Seggelmann and myself have verified that there is some issue using DTLS. He will look into this as soon as time permits... Best regards Michael Thanks, Nadhem From: Andrey Kulikov amde...@gmail.com To: openssl-dev@openssl.org Sent: Fri, April 22, 2011 3:26:56 PM Subject: Re: s_client -reconnect with DTLS Hello, I'm sure you'll get help faster, if you describe: 1. What are you doing exactly. 2. What do you see. 3. What do you expect to see. This is absolutelly necessary steps, as all telepathist is on vacation now. On 22 April 2011 15:50, N. J. nadh...@yahoo.com wrote: Hi again, I am not sure if someone can help confirming that the -reconnect option is broken with the dtls implementation? Please refer to my email below. Looking forward for your support. Regards, Nadhem Hi there, I have been trying to get the s_client -reconnect option working with my s_server but had no luck when using DTLS, -dtls1. I could not find any information why it is not working so I wonder if this is broken in openssl 1.0.0a. If so, is there any fix? Thanks in advance, Nadhem __ OpenSSL Projecthttp://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Projecthttp
Re: s_client -reconnect with DTLS
Hi again, I am not sure if someone can help confirming that the -reconnect option is broken with the dtls implementation? Please refer to my email below. Looking forward for your support. Regards, Nadhem From: N. J. nadh...@yahoo.com To: openssl-dev@openssl.org Sent: Wed, April 20, 2011 1:12:11 AM Subject: s_client -reconnect with DTLS Hi there, I have been trying to get the s_client -reconnect option working with my s_server but had no luck when using DTLS, -dtls1. I could not find any information why it is not working so I wonder if this is broken in openssl 1.0.0a. If so, is there any fix? Thanks in advance, Nadhem
Re: s_client -reconnect with DTLS
Thanks for the reply Andy, Please find hereafter the full description. I hope it is more clear. 1. What are you doing exactly: N I am testing the session resumption feature available with OpenSSL using s_client. My setup has a machine running s_client and another one running s_server. I am using OpenSSL 1.0.0a. I am testing with both, TLS and DTLS, and I uses the -reconnect handler to test the session resumption feature. For example: openssl s_client -connect 10.1.1.1:4443 -dtls1 -reconnect -reconnect- Drop and re-make the connection with the same Session-ID 3. What do you expect to see. N I expect to see the following in accordance to the documentation of OpenSSL: The client reconnects to the same server 5 times using the same session ID 2. What do you see. N With TLS all good, I can see the session getting resumed as per the OpenSSL's documentaton. I can see the client sending the session resumption hellos and the server replying back and both finishing the session resumption cycle multiple times. When I use DTLS instead, with the -dtls1 handler, I can see the client and server getting initially connected. However, when the client tries to reconnect by sending a session resumption client hello, the server never respond. Thanks, Nadhem From: Andrey Kulikov amde...@gmail.com To: openssl-dev@openssl.org Sent: Fri, April 22, 2011 3:26:56 PM Subject: Re: s_client -reconnect with DTLS Hello, I'm sure you'll get help faster, if you describe: 1. What are you doing exactly. 2. What do you see. 3. What do you expect to see. This is absolutelly necessary steps, as all telepathist is on vacation now. On 22 April 2011 15:50, N. J. nadh...@yahoo.com wrote: Hi again, I am not sure if someone can help confirming that the -reconnect option is broken with the dtls implementation? Please refer to my email below. Looking forward for your support. Regards, Nadhem Hi there, I have been trying to get the s_client -reconnect option working with my s_server but had no luck when using DTLS, -dtls1. I could not find any information why it is not working so I wonder if this is broken in openssl 1.0.0a. If so, is there any fix? Thanks in advance, Nadhem
Re: s_client -reconnect with DTLS
Thanks Michael and Robin, I will be waiting for your response. Meanwhile, enjoy your Easter holiday. Cheers, Nadhem From: Michael Tüxen michael.tue...@lurchi.franken.de To: openssl-dev@openssl.org Cc: Andrey Kulikov amde...@gmail.com Sent: Sat, April 23, 2011 12:08:12 AM Subject: Re: s_client -reconnect with DTLS On Apr 22, 2011, at 2:56 PM, N. J. wrote: Thanks for the reply Andy, Please find hereafter the full description. I hope it is more clear. 1. What are you doing exactly: N I am testing the session resumption feature available with OpenSSL using s_client. My setup has a machine running s_client and another one running s_server. I am using OpenSSL 1.0.0a. I am testing with both, TLS and DTLS, and I uses the -reconnect handler to test the session resumption feature. For example: openssl s_client -connect 10.1.1.1:4443 -dtls1 -reconnect -reconnect- Drop and re-make the connection with the same Session-ID 3. What do you expect to see. N I expect to see the following in accordance to the documentation of OpenSSL: The client reconnects to the same server 5 times using the same session ID 2. What do you see. N With TLS all good, I can see the session getting resumed as per the OpenSSL's documentaton. I can see the client sending the session resumption hellos and the server replying back and both finishing the session resumption cycle multiple times. When I use DTLS instead, with the -dtls1 handler, I can see the client and server getting initially connected. However, when the client tries to reconnect by sending a session resumption client hello, the server never respond. Dear all, Robin Seggelmann and myself have verified that there is some issue using DTLS. He will look into this as soon as time permits... Best regards Michael Thanks, Nadhem From: Andrey Kulikov amde...@gmail.com To: openssl-dev@openssl.org Sent: Fri, April 22, 2011 3:26:56 PM Subject: Re: s_client -reconnect with DTLS Hello, I'm sure you'll get help faster, if you describe: 1. What are you doing exactly. 2. What do you see. 3. What do you expect to see. This is absolutelly necessary steps, as all telepathist is on vacation now. On 22 April 2011 15:50, N. J. nadh...@yahoo.com wrote: Hi again, I am not sure if someone can help confirming that the -reconnect option is broken with the dtls implementation? Please refer to my email below. Looking forward for your support. Regards, Nadhem Hi there, I have been trying to get the s_client -reconnect option working with my s_server but had no luck when using DTLS, -dtls1. I could not find any information why it is not working so I wonder if this is broken in openssl 1.0.0a. If so, is there any fix? Thanks in advance, Nadhem __ OpenSSL Projecthttp://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
s_client -reconnect with DTLS
Hi there, I have been trying to get the s_client -reconnect option working with my s_server but had no luck when using DTLS, -dtls1. I could not find any information why it is not working so I wonder if this is broken in openssl 1.0.0a. If so, is there any fix? Thanks in advance, Nadhem
[openssl.org #2464] [PATCH] Experimental TLS-RSA-PSK support for OpenSSL
Hey all, I wrote a patch for openssl-1.0.0c to support TLS-RSA-PSK cipher suites as defined in RFC 4279. Plain PSK support has been implemented in openssl for quite some time, I believe. This patch now adds one of the RSA-PSK variants, namely RSA-PSK-AES256-CBC-SHA (95). Adding ciphers 92-94 should be easy, but I am not too familiar with the definition data structure in s3_lib.c. I clearly have to state that this patch is EXPERIMENTAL. PROCEDURE TO APPLY PATCH download openssl-1.0.0c.tar.gz tar xzf openssl-1.0.0c.tar.gz cd openssl-1.0.0c patch -p1 -i ../openssl-1.0.0c.tls-rsa-psk.patch TESTING TLS-RSA-PSK === You can test locally whether your openssl with TLS-RSA-PSK works as follows. Make sure that you actually call the currently generated openssl binary (in the apps directory). Must have a server.pem and privkey.pem in the current directory. # launching the server openssl s_server \ -psk c033f52671c61c8128f7f8a40be88038bcf2b07a6eb3095c36e3759f0cf40837 \ -key privkey.pem \ -cipher RSA-PSK-AES256-CBC-SHA \ -debug -state # launch the client openssl s_client -connect localhost:4433 \ -psk c033f52671c61c8128f7f8a40be88038bcf2b07a6eb3095c36e3759f0cf40837 \ -cipher RSA-PSK-AES256-CBC-SHA \ -debug -state AUTHOR == This patch is written by Christian J. Dietrich dietr...@internet-sicherheit.de I thankfully acknowledge the support and several interesting discussions with Christian Rossow. Some more info can be found in my blog http://blog.cj2s.de/archives/21-TLS-RSA-PSK-Cipher-Suites-for-OpenSSL.html or on our website http://www.if-is.net -- Christian J. Dietrich if(is) - Institute for Internet Security University of Applied Sciences Gelsenkirchen, Germany https://www.internet-sicherheit.de diff -ur -x .svn openssl-1.0.0c-orig/include/openssl/ssl.h openssl-1.0.0c-tlsrsapsk/include/openssl/ssl.h --- openssl-1.0.0c-orig/include/openssl/ssl.h 2010-01-06 18:37:38.0 +0100 +++ openssl-1.0.0c-tlsrsapsk/include/openssl/ssl.h 2011-02-25 19:57:20.467303448 +0100 @@ -250,7 +250,8 @@ #define SSL_TXT_kECDHe kECDHe #define SSL_TXT_kECDH kECDH #define SSL_TXT_kEECDH kEECDH -#define SSL_TXT_kPSKkPSK +#define SSL_TXT_kPSKkPSK +#define SSL_TXT_kRSAPSK kRSAPSK #define SSL_TXT_kGOST kGOST #defineSSL_TXT_aRSAaRSA @@ -274,7 +275,8 @@ #define SSL_TXT_AECDH AECDH #define SSL_TXT_ECDSA ECDSA #define SSL_TXT_KRB5 KRB5 -#define SSL_TXT_PSK PSK +#define SSL_TXT_PSK PSK +#define SSL_TXT_RSAPSK RSAPSK #define SSL_TXT_DESDES #define SSL_TXT_3DES 3DES diff -ur -x .svn openssl-1.0.0c-orig/include/openssl/tls1.h openssl-1.0.0c-tlsrsapsk/include/openssl/tls1.h --- openssl-1.0.0c-orig/include/openssl/tls1.h 2009-11-11 15:51:29.0 +0100 +++ openssl-1.0.0c-tlsrsapsk/include/openssl/tls1.h 2011-02-25 19:57:20.472303472 +0100 @@ -292,6 +292,9 @@ #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x038B #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA0x038C #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA0x038D +/* RSA-PSK */ +// FIXME: add RSA-PSK ciphers 92-94 here, too +#define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA0x0395 /* Additional TLS ciphersuites from expired Internet Draft * draft-ietf-tls-56-bit-ciphersuites-01.txt @@ -442,6 +445,8 @@ #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA +// FIXME: add the 3 other RSA-PSK ciphers here, too +#define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA /* Camellia ciphersuites from RFC4132 */ #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA Only in openssl-1.0.0c-tlsrsapsk: Makefile.bak diff -ur -x .svn openssl-1.0.0c-orig/ssl/s3_clnt.c openssl-1.0.0c-tlsrsapsk/ssl/s3_clnt.c --- openssl-1.0.0c-orig/ssl/s3_clnt.c 2010-12-02 19:24:54.0 +0100 +++ openssl-1.0.0c-tlsrsapsk/ssl/s3_clnt.c 2011-02-25 19:57:20.472303472 +0100 @@ -303,7 +303,7 @@ } #endif /* Check if it is anon DH/ECDH */ - /* or PSK */ + /* or plain PSK */ if (!(s-s3-tmp.new_cipher-algorithm_auth SSL_aNULL) !(s-s3-tmp.new_cipher-algorithm_mkey SSL_kPSK)) { @@ -1186,10 +1186,10 @@ if (s-s3-tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { #ifndef OPENSSL_NO_PSK - /* In plain PSK ciphersuite, ServerKeyExchange can be + /* In PSK ciphersuites, ServerKeyExchange can be omitted if no identity hint is sent. Set - session
[openssl.org #2437] [PATCH] config on aix assumes cc is not gcc, can cause build to fail
The config script has a check on aix that causes it to prefer the vendor cc if it is available, but it assumes that cc is the vendor cc, and not a link/wrapper for gcc. This is a problem for pkgsrc in particular. By assuming cc is not gcc, config picks the wrong LDFLAGS and openssl fails to build. Below is a patch that checks if cc is gcc, and only sets CC=cc if it is not. Also, I changed the not found check slightly. The way that it was written caused config and sh -x config to give different results, which isn't nice for troubleshooting. Due to the triviality of this patch, is a TSU notification necessary? This patch is against openssl-1.0.0c. --- config.orig 2011-01-21 20:27:03.0 -0600 +++ config 2011-01-21 20:42:09.0 -0600 @@ -482,7 +482,9 @@ fi if [ ${SYSTEM} = AIX ]; then # favor vendor cc over gcc -(cc) 21 | grep -iv not found /dev/null CC=cc +if ! (cc) 21 | grep -qi not found ; then +(cc -v) 21 | grep -qi gcc || CC=cc +fi fi CCVER=${CCVER:-0} Here's a patch against openssl-0.9.8q. --- config.orig 2011-01-21 21:10:00.0 -0600 +++ config 2011-01-21 21:10:04.0 -0600 @@ -474,7 +474,9 @@ fi if [ ${SYSTEM} = AIX ]; then # favor vendor cc over gcc -(cc) 21 | grep -iv not found /dev/null CC=cc +if ! (cc) 21 | grep -qi not found ; then +(cc -v) 21 | grep -qi gcc || CC=cc +fi fi CCVER=${CCVER:-0} __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS routine call Q
Thanks Robin for the valuable information. Now it makes sense :-) Is there any documentation which talks about this flow? Regards, Nadhem From: Robin Seggelmann seggelm...@fh-muenster.de To: openssl-dev@openssl.org; N. J. nadh...@yahoo.com Sent: Fri, November 5, 2010 12:26:36 PM Subject: Re: DTLS routine call Q Hi Nadhem, I am looking at the code of DTLS in openssl-1.0.0a, and in d1_pkt.c, line 412 , we have enc_err = s-method-ssl3_enc-enc(s,0);. My Q is: Are we calling the routine int ssl3_enc(SSL *s, int send) , that start from line 469 in s3_enc.c ? If not, which file would the called routine reside in? If you're using DTLS, it's int dtls1_enc(SSL *s, int send) in d1_enc.c. Here's how to figure out: - s is an SSL struct, as defined in ssl.h (struct ssl_st) - s-method is its SSL_METHOD struct, also defined in ssl.h (struct ssl_method_st) - The methods assigned to new SSL objects for DTLS (e.g. with SSL_CTX_new(DTLSv1_server_method()) are defined in ssl_locl.h (#define IMPLEMENT_dtls1_meth_func...) - In case of DTLS, the SSL3_ENC_METHOD (defined in ssl_locl.h, struct ssl3_enc_method) is set to DTLSv1_enc_data, defined in d1_lib.c - DTLSv1_enc_data sets the enc function pointer to dtls1_enc, defined in d1_enc.c Regards, Robin
openSSL 1.0.0 beta 4 on win32+Borland
Hello all, OpenSSL 1.0.0 beta 4 fails to compile on Borland (C++ Builder 2006) due to some missing definitions in e_os.h. The patch below fixes the problem with no apparent side-effects. It appears to be no longer possible to use assembler code with Borland as the linker fails when reading NASM produced object files. John Staniforth == *** D:\openssl\1.0.0-b4\original\e_os.h 2009-08-26 15:13:43.0 - --- D:\openssl\1.0.0-b4\borland\e_os.h 2009-11-10 20:43:30.0 - *** *** 346,357 --- 346,359 # if defined (__BORLANDC__) #define _setmode setmode #define _O_TEXT O_TEXT #define _O_BINARY O_BINARY #define _int64 __int64 #define _kbhit kbhit + #define _timeb timeb + #define _open open # endif # define EXIT(n) exit(n) # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK #define X_OK 0 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
openssl engines
Hi, I was wondering how one could run the openssl tests using a particular engine. Ideally I'd like to run the entire test suite on an engine (only the functions it implements). Any pointers would help greatly. Thanks, -- chris __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1779] Build failure if configured with -DKSSL_DEBUG
OpenSSL 0.9.8i and 0.9.8-stable-SNAPSHOT-20081108 fail to build if KSSL_DEBUG is defined. I enabled this because it gives useful information to help me debug an application issue (as suggested in ssl/kssl.h). Error message (in openssl-0.9.8-stable-SNAP-20081108): t1_enc.c: In function ?tls1_enc?: t1_enc.c:598: error: ?DES_KEY_SZ? undeclared (first use in this function) t1_enc.c:598: error: (Each undeclared identifier is reported only once t1_enc.c:598: error: for each function it appears in.) t1_enc.c:598: error: ?DES_SCHEDULE_SZ? undeclared (first use in this function) If that error is fixed, a second one appears: d1_enc.c: In function ?dtls1_enc?: d1_enc.c:208: error: ?DES_KEY_SZ? undeclared (first use in this function) d1_enc.c:208: error: (Each undeclared identifier is reported only once d1_enc.c:208: error: for each function it appears in.) d1_enc.c:208: error: ?DES_SCHEDULE_SZ? undeclared (first use in this function) Steps to repeat: 1. ./config -DTLS_DEBUG=1 -DKSSL_DEBUG=1 2. make Result of make report: OpenSSL version: 0.9.8j-dev Last change: Use correct exit code if there is an error in dgst comm... Options: -DTLS_DEBUG=1 -DKSSL_DEBUG=1 no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic OS (uname): Linux kelvin 2.6.20-17-generic #2 SMP Mon Jun 9 22:08:13 UTC 2008 i686 GNU/Linux OS (config): i686-whatever-linux2 Target (default): linux-elf Target: linux-elf Compiler: Using built-in specs. Target: i486-linux-gnu Configured with: ../src/configure -v --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr --enable-shared --with-system-zlib -- libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --program-suffix=-4.1 --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug --enable-mpfr --enable-checking=release i486-linux-gnu Thread model: posix gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL 0.9.8h released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8h released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8h of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://cvs.openssl.org/getfile/openssl/CHANGES?v=1.1238.2.104 Two moderate severity security flaws have been fixed in OpenSSL 0.9.8h. The OpenSSL security team would like to thank Codenomicon for reporting these issues: OpenSSL Server Name extension crash --- Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash. (CVE-2008-0891). Please note this issue does not affect any other released versions of OpenSSL, and does not affect versions compiled without TLS server name extensions. OpenSSL Omit Server Key Exchange message crash -- Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash. (CVE-2008-1672). Please note this issue does not affect any other released versions of OpenSSL. Users of OpenSSL 0.9.8f or 0.9.8g should update to the OpenSSL 0.9.8h release which contains patches to correct these issues. We consider OpenSSL 0.9.8h to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8h is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.8h.tar.gz Size: 3439981 MD5 checksum: 7d3d41dafc76cf2fcb5559963b5783b3 SHA1 checksum: ced4f2da24a202e01ea22bef30ebc8aee274de86 The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iQCVAwUBSD0zDu6tTP1JpWPZAQLsDQP/VSBPNnqGy0i+QW/hsU8n+9A1o6DKZISA ctQRYMbsZg4VyQOvdJg++LXI8VJyXJCzfHwtoYPSGaaOq/H4S8Z7DmK6zHW7cpi0 zSAIPaI3XA5lxzrbhADxpuDVVVUkGJA+dxsUpLV1V+lKbrRfZhzBwXyV8jAqdlsE b2DlMZ8v+lg= =0T9U -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1456] Problem with SIXTY_FOUR_BIT flag and bn2dec
I'm using HPUX 11.23, Itanium, openssl-0.9.8d, cc 6.10 I seem to have found a contradiction in the build environment and I don't think it is specific to HPUX, but rather to platforms who have a 64bit 'long long' and require a %ll to print them. What we want to build is a 32bit binary build using 64bit longs -- i.e., long long. The build actually passes the make test, but a simple test program exercising bn2dec() fails with what looks like a 64bit value truncated to 32bit. We're using the default build flags for hpux-ia64-cc This test program shows that the 64bit value is truncated in the string generation: Output -- Input bytes: 255,255,255,255,255, Input size (bytes): 5 BIGNUM top: 1 BIGNUM dmax: 1 BIGNUM neg: 0 BIGNUM flags: 1 BIGNUM bit chunks: 0x00ff, String Format: 4294967295 Source -- #include openssl/crypto.h #include openssl/bn.h #include openssl/rand.h #include openssl/dh.h #include string.h int main(int argc, char* argv[]) { #define NUM_LENGTH sizeof(num) const unsigned char num[5] = {255, 255, 255, 255, 255}; printf(Input bytes: ); for (int i = 0; i NUM_LENGTH; ++i) { printf(%d,, num[i]); } printf(\n); printf(Input size (bytes): %d\n, NUM_LENGTH); BIGNUM* keyNum = BN_bin2bn(num, NUM_LENGTH, 0); printf(BIGNUM top: %d\n, keyNum-top); printf(BIGNUM dmax: %d\n, keyNum-dmax); printf(BIGNUM neg: %d\n, keyNum-neg); printf(BIGNUM flags: %d\n, keyNum-flags); printf(BIGNUM bit chunks: ); for (int k = 0; k keyNum-top; ++k) { printf(0x%016llx,, keyNum-d[k]); } printf(\n); char* decBuf = 0; decBuf = BN_bn2dec(keyNum); printf(String Format: %s\n, decBuf); return 0; } Tracing through the openssl code I found that BIO_snprintf() is the problem (substituting libc's native vsnprintf() fixes the problem): b_print.c's _dopr() uses a 32bit variable (called value) as the lvalue to the var_arg(args, long long) call causing the truncation. But 'value' is declared as a LLONG. Backtracing through the code, LLONG is defined as 'long long' if BN_LLONG is defined (otherwise it is simply a long). But when you define SIXTY_FOUR_BIT, BN_LLONG is explicitly UNDEFINED. And as far as I can tell, SIXTY_FOUR_BIT is required in order to get BN_DEC_FMT1/FMT2 to be defined as %ll's and not %l. Hence a contradiction... The safest workaround for now seems to just have BI_snprintf() call the native vsnprintf(). If someone needs a test system, one can usually be accessed via http://www.testdrive.hp.com/. I can try to help expedite the application process if necessary. - snippets from b_print.c [...] #ifdef BN_LLONG # ifndef HAVE_LONG_LONG # define HAVE_LONG_LONG 1 # endif #endif [...] #if HAVE_LONG_LONG # if defined(OPENSSL_SYS_WIN32) !defined(__GNUC__) # define LLONG _int64 # else # define LLONG long long # endif #else #define LLONG long #endif [...] static void _dopr( char **sbuffer, char **buffer, size_t *maxlen, size_t *retlen, int *truncated, const char *format, va_list args) { char ch; LLONG value; LDOUBLE fvalue; char *strvalue; int min; int max; int state; int flags; int cflags; size_t currlen; [...] case DP_C_LLONG: value = va_arg(args, unsigned LLONG); break; default: - bn.h /* This is where the long long data type is 64 bits, but long is 32. * For machines where there are 64bit registers, this is the mode to use. * IRIX, on R4000 and above should use this mode, along with the relevant * assembler code :-). Do NOT define BN_LLONG. */ #ifdef SIXTY_FOUR_BIT #undef BN_LLONG #undef BN_ULLONG #define BN_ULONGunsigned long long #define BN_LONG long long #define BN_BITS 128 #define BN_BYTES8 #define BN_BITS264 #define BN_BITS432 #define BN_MASK2(0xLL) #define BN_MASK2l (0xL) #define BN_MASK2h (0xLL) #define BN_MASK2h1 (0x8000LL) #define BN_TBIT (0x8000LL) #define BN_DEC_CONV (1000ULL) #define BN_DEC_FMT1 %llu #define BN_DEC_FMT2 %019llu #define BN_DEC_NUM 19 #endif __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[SECURITY] OpenSSL 0.9.8d and 0.9.7l released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8d and 0.9.7l released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8d of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. This release fixes four security vulnerabilities, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343. Please see http://www.openssl.org/news/secadv_20060928.txt We also release 0.9.7l, which contains the security update and bugfixes compared to 0.9.7k. We consider OpenSSL 0.9.8d to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8d is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.7 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7l as soon as possible. It's available in the same location as 0.9.8d. The distribution file names are: o openssl-0.9.8d.tar.gz MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2 o openssl-0.9.7l.tar.gz MD5 checksum: b21d6e10817ddeccf5fbe1379987333e SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iQCVAwUBRRvCTe6tTP1JpWPZAQIRbgP/aIb5s19eiSBrdGpSy36Ce1piAtBfqPPM Bw/j9Y6fWTQYS5z/ZNDnFLmbQw269bR5nYIMT6da5dyKmSt9v6dUJHdQXI7i/gf4 o3JPEZwqRqqz1tyhhBNFMNAx3hV73noLOXUUuak+2Zw9VtKGTb4HoRGGmXq8VUSn zeeX2KgXEwg= =fiHy -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL Engine Specification
Hello, I'm looking into the OpenSSL engine support which was introduced in OpenSSL version 0.9.6 (or 0.9.7). Is there an official engine specification or HOWTO available? The only document I have found so far is [1]. As a first start I have looked into the GMP engine module. If I understand the engine concept correctly I can only use the following functions and methods within an engine: - RSA - DSA - ECDH - ECDSA - DH - RAND Can I implement block ciphers (e.g. DES, etc.) in an engine module or is this not supported (by the API implementation) at the moment. I'm quite new in this area and apologize if this questions makes no sense or was already answered on the openssl-dev mailing-list. [1]: http://www.openssl.org/docs/crypto/engine.html Regards, Heiko __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[SECURITY] OpenSSL 0.9.8c and 0.9.7k released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8c and 0.9.7k released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. This release fixes an important security vulnerability which could allow RSA Signature Forgery, CVE-2006-4339. Please see http://www.openssl.org/news/secadv_20060905.txt We also release 0.9.7k, which contains the security update and bugfixes compared to 0.9.7j. We consider OpenSSL 0.9.8c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.7 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7k as soon as possible. It's available in the same location as 0.9.8c. The distribution file names are: * openssl-0.9.8c.tar.gz MD5 checksum: 78454bec556bcb4c45129428a766c886 SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d * openssl-0.9.7k.tar.gz MD5 checksum: be6bba1d67b26eabb48cf1774925416f SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2 The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iQCVAwUBRP1Enu6tTP1JpWPZAQKUhQP/dBLTKnYVGvNvUYi2mleBNoUn8ISsZsA8 5jfBOzsrR+GnZHdyxU3wqcUBzoteE6robAB5Xz1eVvtQDoSPOor0zQWNTrTOEL7N 3MUbD/xwCv46kfk6OnptUUQ1UK2uA+IV6nxQHx6CDDdDO5wr2D8vBX3Q2JCuPXlf YjbILfKdPaA= =CW+z -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1258] Einkaufsliste
Hi Schatzibär, hoffentlich musst du nicht mehr allzu lange schuften ... Hier nun also unsere Einkaufsliste: - Aufbackbrötchen - Aufbackbaguette (2-3 Packungen ?) - Vollkornzwieback - frische Champignons - Möhren - 1 - 2 Stangen Lauch - 2 Zucchini - 1 Gurke - Cocktailtomaten - Salat (Feldsalat od. Ruccola) - Bananen - 2x Almette - Bärchenwurst - Bärchen-Teewurst - Leberpastete - 300g Schweinefilet - Pflaumenmus - 3x Mehl (Diamant Type 405) - 2x Zucker - Vanillezucker - Bourbon-Vanillezucker - 400g gemahlene Mandeln - 50g Zitronat - 50g Orangeat - 150g Sultaninen - 2x Vanillepuddingpulver - Mais (2 kl. Dosen) - Gemüsebrühe (Knorr od. Maggi) - Miracle Whip (fettarm) - Ketchup - evt. Saucen - Wein ? - alkoholfreies Bier - stilles Wasser - Selter - Lachs - 4x Butter - Kräuterbutter - 2x Hefe - Joghurt - 1x Joghurt ohne Geschmack - Milch - 2x Eier - Shrimps (Garnelen) - Süßkram für bunten Teller : z.B. Marzipankartoffelen, Dominosteine, Akora-Herzen, Lindt- Weihnachtsmandeln, Schokolade - zur Deko: kleine Schokoladenweihnachtmänner oder ähnliches (z.B. von Rauch) - Ariel Color Waschmittel - einige Tempoboxen __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[ANNOUNCE] OpenSSL version 0.9.8a and 0.9.7h released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8a and 0.9.7h released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8a of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We also release 0.9.7h, which contains the same security bugfix as 0.9.8a and a few small bugfixes compared to 0.9.7g. These updates contain a fix for CAN-2005-2969, a potential SSL 2.0 rollback reported by Yutaka Oiwa. For more details of the security issue being fixed in this release please see http://www.openssl.org/news/secadv_20051011.txt We consider OpenSSL 0.9.8a to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8a is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.7 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7h as soon as possible. It's available in the same location as 0.9.8a. The distribution file names are: * openssl-0.9.8a.tar.gz MD5 checksum: 1d16c727c10185e4d694f87f5e424ee1 SHA1 checksum: 2aaba0f728179370fb3e86b43209205bc6c06a3a * openssl-0.9.7h.tar.gz MD5 checksum: 8dc90a113eb8925795071fbe52b2932c SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQ0uaXu6tTP1JpWPZAQKXyAP/V6xGTooFL52d9Ep0qd0DDaZCSHlukk48 DWljg3EY9QF9BfzLVB1BDbLNuHAyYpeAEjvte4kwHV1vWvAoiabV+XMx8kuoRTxi O+8NLOeOc1hilC0hLDYfM+XPq5k9dPiOfQvYpnqiwnr/TnwSBh11D+EEcoZlQToE a6qRMTC3mAM= =bwJD -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: windows ce port
Have you looked at MatrixSSL? It is designed to provide SSL for devices and works on Windows CE and Symbian (among many other OSes too numerous to list). It is under a dual source license so if you can use a GPL or commercial license it will work for your project. Yes, I know it. But my interest is more digital signing and encryption (PKCS#7 and all that) than secure communications. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: windows ce port
Just FYI , I compiled OpenSSL 0.9.7e for WinCE last week. I think a little more order in compilation of OpenSSL for WinCE is needed now. May be this compiled cleanly a few years ago but now needs some ugly extra work. I had to define set WCEPLATFORM on my environment vars and define _WIN32_CE, OPENSSL_SYS_WINCE in makefile and change variable CPUTARGET=ARMV4 for ARM as said in: http://marc.theaimsgroup.com/?l=openssl-usersm=111712574012234w=2 I had also to set up my INCLUDES and library paths in the ms/ce.mak makefile, but finally after some ugly tweaks all worked. BTW ¿has anybody ported (or tried to port) OpenSSL to symbian? __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #993] Ticket Resolved
Andy OK, I have the latest stable snapshot of 0.9.7, and I will try again. I was using 0.9.7e. Thanks for your assistance, I much appreciate it. Don S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Polyakov via RT Sent: Tuesday, January 11, 2005 2:47 AM To: [EMAIL PROTECTED] Cc: openssl-dev@openssl.org Subject: Re: [openssl.org #993] Ticket Resolved My compiles are stiil failing with the same errors: Unresolved: SHA_Init SHA_Update SHA_Final *** Exit 1 Stop. *** Exit 1 Stop. Here's the steps I followed: 1.) ./config no-sha0 (output message said I needed to run make depend) 2.) make depend 3.) make Am I missing something? Thanks for the help. Please keep in mind that I don't have access to system with compiler in question and has to simulate the proposed solution on another Unix flavor. If I 1. download latest 0.9.7-stable snapshot from ftp://ftp.openssl.org/snapshot; 2. unpack it to empty catalog; 3. run './config no-sha0' followed by 'make'; I can confirm that a) make *succeeds* to link openssl application, as well as all test applications; b) there are *no* SHA_[Init|Update|Final] symbols in libcrypto.a; Mind the difference between openssl-0.9.7-stable-SNAP-* and just openssl-SNAP-*. The latter is development snapshot and no-sha0 is not actually working there yet. The originating question was about 0.9.7 code-base. If you still experience the problems after 1, 2, 3, then you most likely have to figure it out yourself, as we unfortunately can't help with all possible local system setup problems. A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #993] Ticket Resolved
Andy I was test the no-sha0 option, and let you know. Thank You... Don Smolinski -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Polyakov via RT Sent: Sunday, January 09, 2005 1:12 PM To: [EMAIL PROTECTED] Subject: [openssl.org #993] Ticket Resolved According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #993] Ticket Resolved
Andy My compiles are stiil failing with the same errors: Unresolved: SHA_Init SHA_Update SHA_Final *** Exit 1 Stop. *** Exit 1 Stop. Here's the steps I followed: 1.) ./config no-sha0 (output message said I needed to run make depend) 2.) make depend 3.) make Am I missing something? Thanks for the help. DS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Polyakov via RT Sent: Sunday, January 09, 2005 1:12 PM To: [EMAIL PROTECTED] Subject: [openssl.org #993] Ticket Resolved According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #993] Problem compiling on Tru64 system
Greetings I have been trying to compile openssl on a Dec Alpha Tru64(4.0g) system without success. I have tried the recommended fix noted in the FAQ(resettting ulimit) without any luck. I have included the requested test log. Any help is much appreciated. Regards Don Smolinski testlog __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL 0.9.7e released
-BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.7e released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7e of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release and incorporates changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES ). The most significant changes are: o Fix race condition in CRL checking code. o Fixes to PKCS#7 (S/MIME) code. We consider OpenSSL 0.9.7e to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7e is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.7e.tar.gz MD5 checksum: a8777164bca38d84e5eb2b1535223474 The checksums were calculated using the following command: openssl md5 openssl-0.9.7e.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iQCVAwUBQX0CP+6tTP1JpWPZAQELoAP+IIx6Sx63eQMh9+MdrIPqIXltssJEvAFB eX908DMg3xpH4quEI4AwJauc9ro1rz4t8Oyb9RYbDBLHmqWUVNmCPvQtja+vbSfh z5aYxHL8jsyQwiiSgWpMhW9mSnQKMIFFZjrdNYFsAgx9lhvFhovHKaP3pV/6/qmP SJJPGoBw2ew= =xDxl -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Porting OpenSSL
Gary, MatrixSSL might be a good alternative, it's designed to be easily portable and I believe only uses callbacks with parameters in one spot (for X.509 certificate validation). Var args are also not used in any of the APIs, which may help if your compiler is less than ANSI compliant.. The library is sockets and threads independent, so POSIX support isn't required in your OS. Basic stdlib is about all you need. Here's a post containing the external APIs that are invoked and when they're used. http://www.matrixssl.org/archives/58.html J Disclaimer: I'm on the MatrixSSL team. garwal I have been working on porting OpenSSL to the THEOS Operating garwal System. The C compiler is ANSI C compliant and mostly ISO garwal C99 compliant. However, it is not as feature rich as GCC. My garwal main problem is with the function pointer callbacks that garwal accept parameters. I'm finding that I have to modify the garwal source a lot in order to get it to compile. garwal garwal Does anyone have any suggestions that may help me in porting garwal OpenSSL to this environment? Is there another SSL toolkit garwal that is more ANSI C friendly? __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #868] openssl
Hi, I find small bug. /crypto/bn/Makefile.ssl line 124 /usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s change /usr/ccs/bin/as -o asm/pa-risc2W.o asm/pa-risc2W.s (HP-UX, hpux64-parisc2-cc) thanks Martin __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
New OpenSSL releases fix denial of service attacks [17 March 2004]
-BEGIN PGP SIGNED MESSAGE- OpenSSL Security Advisory [17 March 2004] Updated versions of OpenSSL are now available which correct two security issues: 1. Null-pointer assignment during SSL handshake === Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0079 to this issue. All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details. 2. Out-of-bounds read affects Kerberos ciphersuites === Stephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to this issue. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details. Recommendations - --- Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications statically linked to OpenSSL libraries. OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.7d.tar.gz MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5 o openssl-0.9.6m.tar.gz [normal] MD5 checksum: 1b63bfdca1c37837e9f1623498f9 o openssl-engine-0.9.6m.tar.gz [engine] MD5 checksum: 4c39d2524bd466180f9077f8efddac8c The checksums were calculated using the following command: openssl md5 openssl-0.9*.tar.gz Credits - --- Patches for these issues were created by Dr Stephen Henson ([EMAIL PROTECTED]) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing. References - -- http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iQCVAwUBQFhNTO6tTP1JpWPZAQGayAP/TpKP7CKrRR65w5+zr2/Nlw+Cz6UbY0Rd G1Po5mgZjaP4V63d2TD11IvvZLbjeIeGQj7GxKupcYCn2CxI83xjhwM71vsS6rvQ pQZAhM5IVvb4HERbGI0hryO10rd1V+fCTzxfB0pBsG1VtEL2jTULyuWgwsA/z0/j Ez3jSlsbRRA= =wvAZ -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Order of Authentication and Encryption (was: question on MAC)
One benefit of encrypting the MAC is that an attacker will have to first break the encryption and then the MAC to attempt modifying messages (especially in RC4, as mentioned below). Breaking the encryption grants an attacker read access to data. Breaking the MAC grants the attacker write access to the data (albeit blind writes if the encryption remains unbroken). Usually reading data is less harmful than modifying it (think standard UNIX file permissions). I recommend the much more detailed analysis of both ways of ordering from the following book: 8.2 Order of Authentication and Encryption ... In general, authentication is more important than encryption. We therefore prefer to expose the encryption function to Eve's direct attacks and protect the MAC as much as possible. ... Ferguson, Schneier: Practical Cryptography p. 116 http://www.amazon.com/gp/reader/0471223573/ref=sib_vae_srch/104-9575567-9415 962?v=search-insidekeywords=authentication+is+more+important+than+encryptio n J Harper http://www.peersec.com - Original Message - From: Vadim Fedukovich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, February 23, 2004 12:02 PM Subject: Re: question on MAC On Fri, Feb 20, 2004 at 03:52:00PM -0700, Swaminathan P wrote: Hi, Can someone help me with info on this question? Is there some significance to encrypt the MAC along with the message? Is there some pitfall in leaving the MAC in the cleartext and encrypt the message alone... thanks, swami the MAC was introduced to detect modified ciphertext. The problem could be introduced best with a stream cipher (RC4) that XORs data stream with the key-derived stream. Someone might not need to know all the original data but just to flip a bit at the known position. The example might be acquirer' response regarding authorization status obtained on known-invalid credit card data. Without a MAC, one could XOR one bit of the encrypted response and have the goods shipped. Using MAC on ciphertext, one could let (grant) the power to detect such an attack without accessing encrypted data. For completeness, one might also use MAC on cleartext: running quite a sensitive (sometimes fragile) operation without checking the input first. regards, Vadim __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
MatrixSSL - Open Source Embedded SSL for Devices
Greetings SSL developers. Several months ago, we spent a considerable amount of time attempting to reduce the size of OpenSSL to make it suitable for our embedded Web services software. We did the research and saw that this was a query that came up about once a month, but never seemed to be resolved. We worked with Martin Witzel's early release of small OpenSSL, and applied our own changes to it, but it proved very difficult to untangle the code enough to produce a library with a target of 200K. This is not really the fault of OpenSSL; it was designed as a powerful, comprehensive library that is the de-facto standard for most people's experience with security. Many companies in our place have developed their own compact implementation, sometimes based on OpenSSL, but have not released the code back into the public. We felt that if we were to develop an open source SSL lite designed for devices, we would contribute it to the open source community so other companies and projects wouldn't have to go through the process of implementing it again. We're happy to announce that the source is now available for public download at: http://www.matrixssl.org The software is currently in beta, and should not be used in production systems until it's had more of a workout and the benefit of community feedback. Here's a quick overview of the features currently supported: - SSLv3 server protocol support - Full session resumption support - Under 50K library footprint with crypto provider - Included crypto library - RSA, 3DES, ARC4, SHA1, MD5 (some based on http://www.libtomcrypt.org) - Cipher suites - RC4-MD5, RC4-SHA and DES-CBC3-SHA - Pluggable interface for new cipher suites, crypto providers and OS support - Nine public apis, all non-blocking - Reference implementation (Mbedthis AppWeb embedded Web server - http://www.mbedthis.com) - Clean, well documented source code and documentation - GNU Public License, with alternate license available for proprietary commercial use I'm interested in hearing the development community's feedback on MatrixSSL. We've developed a complementary library to OpenSSL that we hope will be able expand the range of users for open source security software. If you are interested in keeping up with the latest news on this project, including security advisories and bug fixes, we've set up an XML RSS news feed at: http://www.matrixssl.org/index.xml J Harper PeerSec Networks http://www.peersec.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[OpenSSL Advisory] Denial of Service in ASN.1 parsing
-BEGIN PGP SIGNED MESSAGE- OpenSSL Security Advisory [4 November 2003] Denial of Service in ASN.1 parsing == Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to address various ASN.1 issues. The issues were found using a test suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson ([EMAIL PROTECTED]) of the OpenSSL core team. Subsequent to that release, Novell Inc. carried out further testing using the NISCC suite. They discovered that there was a denial of service vulnerability in OpenSSL version 0.9.6k when running on a Windows platform. A bug in OpenSSL 0.9.6 would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them. We do not believe this issue could be exploited further than a Denial of Service attack. Patches for this issue have been created by Dr Stephen Henson ([EMAIL PROTECTED]) of the OpenSSL core team. Who is affected? - OpenSSL 0.9.6k is affected by the bug, but the denial of service does not affect all platforms. This issue does not affect OpenSSL 0.9.7. Currently only OpenSSL running on Windows platforms is known to crash. Recommendations - --- Upgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL applications statically linked to OpenSSL libraries. OpenSSL 0.9.6l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.6l.tar.gz [normal] MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27 o openssl-engine-0.9.6l.tar.gz [engine] MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c The checksums were calculated using the following command: openssl md5 openssl-0.9.6l.tar.gz openssl md5 openssl-engine-0.9.6l.tar.gz References - -- The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851 URL for this Security Advisory: http://www.openssl.org/news/secadv_20031104.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUBP6eVw+6tTP1JpWPZAQF2pgP8CXV6at09Nloo7Pyv40m/J3Tbuh224WLE mQ2IARAqnj+gds8MRzQnKQcWaqdnMXOu6ayAULdDZXmQVQYBMQ61lrJiVjaxonyD T8LtSb6Zg2A5ijut7Nsuw7TItOGTfqHPSOMRUwmdcsz2/IpzDPQXcIJt2WU8uHO3 zDd6ZTOpPxY= =jZd3 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[ANNOUNCE] OpenSSL 0.9.7c and 0.9.6k released
-BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.7c and 0.9.6k released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES ). We also release 0.9.6k, which contains the same security bugfix as 0.9.7c and a few more small bugfixes compared to 0.9.6j. For more details of the security issues being fixed in this release please see http://www.openssl.org/news/secadv_20030930.txt The most significant changes are: o Security: fix vulnerabilities in ASN.1 parsing CAN-2003-0543, CAN-2003-0544[0.9.7c 0.9.6k] o Security: fix additional vulnerability in ASN.1 parsing CAN-2003-0545[0.9.7c] o Only accept a client cert if the server requests one[0.9.7c 0.9.6k] o Various S/MIME bug and compatibility fixes [0.9.7c] We consider OpenSSL 0.9.7c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.6 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.6k as soon as possible. It's available in the same location as 0.9.7c. The distribution file name is: o openssl-0.9.7c.tar.gz [normal] MD5 checksum: c54fb36218adaaaba01ef733cd88c8ec o openssl-0.9.6k.tar.gz [normal] MD5 checksum: dee92f648a02e4a7db0507ab3d0769c6 o openssl-engine-0.9.6k.tar.gz [engine] MD5 checksum: 50082758f8e5b3fcf5c26bd032e1739c The checksums were calculated using the following command: openssl md5 openssl-0.9.7c.tar.gz openssl md5 openssl-0.9.6k.tar.gz openssl md5 openssl-engine-0.9.6k.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUBP3mOMu6tTP1JpWPZAQF13wQApViz8Wz6dfLYAoznQ1Agauh7Hik9mQ06 Wiq0k+Jq8SkMbGlZxauNESdkG6H5g+0uXjwFv+IBIFWlrir3/5N5uzy8ex85r8Tx CW6SOT1P7Rvo1F9dVB1R7QnKFn0GYdIn9uMzma/bzOxhKSnYfpAP2QbIkleJBL+m 87wnyI0icvA= =7K10 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
-BEGIN PGP SIGNED MESSAGE- OpenSSL Security Advisory [30 September 2003] Vulnerabilities in ASN.1 parsing NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates. Dr Stephen Henson ([EMAIL PROTECTED]) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite. A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error. Vulnerabilities - --- 1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Public key decode errors are not normally ignored, except for debugging purposes, so this is unlikely to affect production code. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested. This by itself is not strictly speaking a vulnerability but it does mean that *all* SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication. Who is affected? - All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected. Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines. Recommendations - --- Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries. References - -- The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 and CAN-2003-0543 and CAN-2003-0544 for issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: X509_new
This a openssl-users group question but... ¿Are you linking with OpenSSL libraries? (-L/usr/local/ssl/lib -lcrypto line in your makefile, or libeay32.lib in your VC++ project libraries tab) - Original Message - From: Aintzane Armentia Diaz de Tuesta [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 30, 2003 9:49 AM Subject: X509_new Hi, We are new developing applications with the openssl libraries. We are trying to develop a very simple application, we want to create an empty certificate. The source code of our application is as follows: #include openssl/x509.h #include openssl/pem.h #include openssl/err.h #include stdio.h void main void () { X509* x; . . . x = X509_new(); . . . } When we build it, we obtain an error: unresolved external symbol _X509_new. We have added the path where X509.h file is. We don't know what's happening. Could anyone help us please? Thanks in advance, Aintzane __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: faster connexion
I don´t know, but I think your socket buffer may be very low, (default about 8192 bytes or so) so your socket will never send to net as much bytes as he can. You can try to increase to 128Kb or 1Mb with setsockopt( ) function. (In fact it should be 2*(Bandwidth)*(ping time) to keep a full link) Try something like this: socket = socket( ); int level = IPPROTO_TCP; #ifdef WIN32 int retval = setsockopt((SOCKET)sock,SOL_SOCKET,SO_RCVBUF,(char *)optval,optlen); #else int retval = setsockopt(sock,level,SO_RCVBUF,(char *)optval,optlen); #endif Hope this helps Pablo J. Royo - Original Message - From: p b [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 21, 2003 9:57 AM Subject: faster connexion Hi, I have made a connexion between 2 computers linked by a 100Mb net. I use BIO_s_connect and BIO_s_accept, but I can't transmit data faster than 100ko/s (Even without SSL)! How can I boost my connexion :-) Thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL and compression using ZLIB
(Note this approach keeps compression code in BIOs without duplicating it in ssl/, so applications can use the BIOs independantly too. Also, new compression methods are easier to add - eg. define a libbzip2-based BIO and add a new compression id+hook in the SSL/TLS code). I agree with this. I´ve been several years using ZLIB to compress big files mixing ZLIB code with pkcs7 code in OpenSSL, and a ZBIO would be very useful. I think there is a lot of messages in OpenSSL user-list asking for something similar to this to handle big files, so I think all that people would also benefit of this zBIO. Also, OpenSSL is a big sized library now, so if separate ZLIB code must be in libeay32.dll ans ssleay32.dll a lot of applications (in windows specially) would be greater, and with Java around the cost of downloading binaries and the size of executables must be carefully watched. I´m aware I´m talking as a user here, and this is a developers list... Pablo J. Royo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[PLEASE HELP..URGENT!!!!] OPENSSL on Compaq Tru64 or any 64-bit machine.
Hi, Is there any variable that is supposed to be set for compiling on a 64 bit machine like Compaq's Tru64?? I have used the openssl library for all the machines and it works except for Tru64. I defined 'SIXTY_FOUR_BIT' in the bn.h file and that made the session key encryption with a public key work fine. But, I still had problems using the EVP_Decrypt functions!! Please help me with this. Is there something that I have to define somewhere else for the other algorithms to work? as I had done for bn.h?? Any help would be greatly appreciated. Thanx, Jay.. = - J | - [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL and compression using ZLIB
I have used ZLIB in several projects, but my knowledge of it it´s not as deep as yours, but...aren't you talking about a simple BIO for compressing data?.(Or,probably, I missed something in this discussion thread?) I think the BIO would mantain the context (as z_stream struct of ZLIB do) among several calls to BIO_write/read, so if you want to compress communication data you have to chain this zBIO with a socket BIO. Some disccusion and solution on this can be found here http://marc.theaimsgroup.com/?l=openssl-devm=99927148415628w=2 I have used that to compress/cipher/base64 big files with chained BIOs (and a similar implementation of zBIO showed there) and it works, so may be it would work one step more with sockets BIOs. - Original Message - From: Le Saux, Eric [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 7:24 PM Subject: RE: OpenSSL and compression using ZLIB Again I want to clarify this point: the issue is in the way ZLIB is used by OpenSSL, not in ZLIB itself. The compressor's state is built and destroyed on every record because OpenSSL uses ZLIB's compress() call, which in turn calls the lower-level deflateInit(), deflate() and deflateEnd() functions. This ensures that the records are compression-independent from one another, and the initial question that started this thread was about the existence of any requirement in the definition of SSL that required such independence. Most people discussing this point here do not believe there is such a requirement, but I am not sure if we have a definitive opinion on this. Some standards body will have to address that. One thing is sure though: for specific applications where client and server are under the control of the same developers, it does make sense to use ZLIB differently when it is definitely known that the underlying protocol is indeed reliable. That is why I am currently testing a very small addition to OpenSSL's compression methods that I called streamzlib (I am considering another name suggested yesterday on this mailing list). Some preliminary tests with ZLIB showed that I can go from 2:1 compression factor to 6:1. For completeness I must also say that for specific applications, compression can be done just before and outside of the OpenSSL library. My personal decision to push it down there is to avoid adding another encapsulation layer in that part of our code that is written in C. Now when compression within SSL matures, it will be necessary to have more control over the compressor's operation than just turning it on. In ZLIB you have the choice of 10 compression levels which trade-off between compression quality and speed of execution. There are other options that you could set, such as the size of the dictionary that you use. Future compression methods supported by SSL will probably have their own different set of options. All this will be an excellent subject of discussion in some SSL standard committee. Cheers, Eric Le Saux Electronic Arts -Original Message- From: Howard Chu [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 9:01 PM To: [EMAIL PROTECTED] Subject: RE: OpenSSL and compression using ZLIB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Le Saux, Eric In the current implementation of OpenSSL, compression/decompression state is initialized and destroyed per record. It cannot possibly interoperate with a compressor that maintains compression state across records. The decompressor does care, unfortunately. This is surprising. I haven't looked at the code recently, but my experience has been that a special bit sequence is emitted to signal a dictionary flush. I haven't tested it either, so if you say it didn't work I believe you. But plain old LZW definitely does not have this problem, the compressor can do whatever it wants, and the decompressor will stay sync'd up because it detects these reset codes. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED]
PLEASE HELP - Porting to TRU 64.
Hi Everyone, On Tru64, while using the des_key_schedule structures for the private session key encryption using a public key (of type RSA pub key), is there anything different I have to code as opposed to the other machines. While I was debugging, the des_key_schedule structures size returned two times the size for the other machines. Would this affect the actual encryption data? Actually, I am having problems on only Tru64, where the encrypted session key is supposed to be set on the Windows side, but I keep getting an error on Windows saying 'Bad data', in taht the public key is corrupted. If ANYONE has encountered or come across a similar issue on Tru64, PLEASE reply to me. Also, if anyone can help further if I send the code, please let me know and I will get back to you promptly. Thanx in advance, Jay.. = - J | - [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL PROBLEM on HP-UX 11.00 and 11.11 (11i)
Hello Everyone, Has anyone had trouble with using the OpenSSL library on HP-UX?? I am using version 0.9.6d and there seems to be an intermittent problem with the digest encryption, or just some of the encryption/decryption routines in the OpenSSL toolkit. It does not happen all the time on HP-UX 11i, but it occurs all the time in HP-UX 11.00, in that the encryption and decryptions do not work. This was just recently ported to the HP-UX source tree of the product that is using OpenSSL. On Solaris, I used the OpenSSL library as a linked library and everything worked fine, but the same does not go for the HP-UX platforms for some reason. I am not sure where to start debugging, so please if anyone has come across a similar situation, please let me know or help me to start finding out the real problem or why it could be happening. It will be incredibly appreciated. Thanking you, J.. = - J | - [EMAIL PROTECTED] __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
DES Encryption/Decryption with IV
Hello Everyone, Has anyone had any experience using DES Decryption routines to decrypt a 16 byte ciphertext into the original using an IV?? I am receiving the IV and the Encrypted Data from a server that is using the MS Crypto API for des encryption and decryption. The mode is CBC (Cipher Block Chaining). I have to now decrypt this encrypted data (16 bytes) using the IV (8 bytes). However, after I decrypt, I am getting the wrong data. Please see a snip of the code below and let me know if you've come across anything similar or could help me at all. It would be tremendously appreciated. SNIP des_key_schedule *ks = NULL; if(!input || !output || !inputLen || !iv) return -1; ks = getSessionKey(); /* InputLen is 16 */ if(ks != NULL) { des_ncbc_encrypt(input, output, inputLen, *ks, iv, DES_DECRYPT); dumpall (DECRYPTOUTPUT, output, (strlen ((char *) output))); fprintf (stderr, \nOUTPUT in HEX: \n); dump (output, inputLen); fprintf (stderr, \nIV in HEX: \n); dump (*iv, 8); } else return -2; SNIP Any assistance or feedback will be greatly appreciated. Thanks a lot in advance!!, Regards, J.. __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: realloc() on sunos4 : openssl-0.9.6e
True, but I didn't want to alter code far away from where the recent bugfix was in case I broke something. If a release does it that way instead I'd be happy (and it might save someone from making a similar assumption about realloc() elsewhere). Given that the only sunos4 machines I have are pretty slow tracking down/testing this was A fix took most of today (mostly since re-building/re-running the tests takes over 2 hours). __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
d2i_ASN1_UINTEGER error from d2i_RSAPublicKey
Hi Folks, I hope someone could help me with this. I am receiving a public key from a server on a windows machine, and I am trying to import it using d2i_RSAPublicKey. This fails with the following error: error:0D118071:asn1 encoding routines:d2i_ASN1_UINTEGER:expecting an integer Does anyone know what the problem could be? I am reading the public key as unsigned chars from the server through the socket api. I have also tried reading the key from a file that was previously created by dumping the chars into that file. I am assuming this could be the reason why I am having the other issues that I had posted earlier, regarding the session key encryption using the public key. Any help would greatly appreciated. Thanx in advance!! = - J | - [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Newbie Question Re: Public Key Encryption [Please help!!]
Hi, I am trying to encrypt a session key that I created using DES_KEY_SCHEDULE. I am using RSA_public_encrypt to encrypt the session key (8 bytes) with the public key using RSA_PKCS1_OEAP_PADDING. This creates a 64byte encrypted session key. I send this to the Server on the windows machine. But 'Importing the Encrypted Session Key' on that server fails. That's implemented using wincrypt.h functions such as CryptImportObjectEx. Further info: I used the public key received from the server (created using the asymmetric_encrypt_algorithm) and I imported that using: rsaPubKey = (RSA*) d2i_RSA_PUBKEY_bio(pub,NULL); Now, I use this to encrypt the session key: unsigned char ciphertext[512]; unsigned char iv[8]; unsigned char iv1[8]; RAND_seed(rnd_seed, sizeof (rnd_seed)); RAND_pseudo_bytes(iv,8); bytecopy(iv,iv1,8); encryptlen = RSA_public_encrypt (8, (*ks)-ks.cblock, ciphertext, rsaPubKey, RSA_PKCS1_OAEP_PADDING); if(encryptlen == -1) { fprintf (stderr, ERROR: Failed to encrypt using public key\n); goto proc_exit; } The length after this is 64, which is preferred. So, after all this when I finally send the 'ciphertext' chars as the encrypted session key, the server fails to import it using CryptImportKey (from wincrypt.h). The ERROR RECEIVED says: Either the algorithm that works with the public key you are trying to import is not supported by this CSP, or an attempt was made to import a session key that was encrypted with something other than one of your public keys If anyone has come into a similar problem or anything close, please let me know. Any help will be tremendously appreciated. If you like to know more details or are interested in working with me on this, please let me know. Thanx in advance, J.. = - J | - [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL_add_all_algorithms problems in Win32
Hi: I´m having ugly crashes in Win32 when I call several times OpenSSL_add_all_algoritms(), mainly when I use my C code from Visual Basic but also if I use several DLLs. The problemcomes upifI call that funcion fromseveral C DLLs to initialize library. I think thatit would be useful to have an static variable insideOpenSSL_add_all_algoritms(), in such a way initialized that only one time the initialize is made.This way , no matter how many times from no matter which other DLLs I call the function it only gets initialized one time. In short way, to use a singleton. I have debugged my code a lot,used purify...etc and I think the problem is not in OpenSSLor my C code(is working under heavy pressure in other programs),but in the extrange things with COM apartments and threads, and I suppose this change in library would not break compatibility much. It would be possible such a change or similar?.If you know another solution I would like to hear... Thank you Pablo J. Royo
Fix inttypes.h problem
The recent fix in 0.9.6c engine adding inttypes.h for AEP accelerator broke Solaris 2.5.1 and Unixware 7 builds. Joe wrote this patch which compiles on all our build machines. Not tested (but should be okay) on Windows too. Cheers, Mark -- Forwarded message -- Date: Tue, 04 Dec 2001 11:13:41 + From: Joe Orton [EMAIL PROTECTED] Index: openssl-engine-0.9.6c-inttypes.patch === --- ./crypto/engine/vendor_defns/aep.h.itypes Tue Dec 4 10:49:49 2001 +++ ./crypto/engine/vendor_defns/aep.hTue Dec 4 10:51:40 2001 @@ -9,15 +9,6 @@ * */ -#ifdef WIN32 -typedef unsigned __int8 uint8_t; -typedef unsigned __int16 uint16_t; -typedef unsigned __int32 uint32_t; -typedef unsigned __int64 uint64_t; -#else -#include inttypes.h -#endif - /*Successful return value*/ #define AEP_R_OK0x @@ -85,7 +76,7 @@ */ /* an unsigned 8-bit value */ -typedef uint8_t AEP_U8; +typedef unsigned charAEP_U8; /* an unsigned 8-bit character */ typedef char AEP_CHAR; @@ -94,21 +85,16 @@ typedef AEP_U8 AEP_BBOOL; /*Unsigned value, at least 16 bits long*/ -typedef uint16_t AEP_U16; +typedef unsigned short AEP_U16; /* an unsigned value, at least 32 bits long */ -typedef uint32_t AEP_U32; +typedef unsigned int AEP_U32; -/*#if defined(AEP_Win32)*/ -/* 64 bit unsigned value */ -/*typedef unsigned _int64AEP_U64;*/ - -/*#elif defined(AEP_GENERIC)*/ -/* 64 bit unsigned value */ -/*typedef unsigned long long AEP_U64;*/ -/*#endif*/ - -typedef uint64_t AEP_U64; +#ifdef SIXTY_FOUR_BIT_LONG +typedef unsigned longAEP_U64; +#else +typedef unsigned long long AEP_U64; +#endif /* at least 32 bits; each bit is a Boolean flag */ typedef AEP_U32 AEP_FLAGS; @@ -164,11 +150,11 @@ typedef unsigned int t_AEP_OpenConnection(unsigned int *phConnection); typedef unsigned int t_AEP_ModExp(unsigned int hConnection, void *a, void *p, - void *n, void *r,uint64_t *tranid); + void *n, void *r, AEP_U64 *tranid); typedef unsigned int t_AEP_ModExpCrt(unsigned int hConnection,void *a, void *p, void *q, void *dmp1, void *dmq1,void *iqmp, - void *r,uint64_t *tranid); + void *r, AEP_U64 *tranid); typedef unsigned int t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection, AEP_U32 Len, __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
platform hpux-m68k-gcc
Hi all! Compilation and tests succeeded in following (old) platform: Machine: HP 9000/400 m68040@25 HP-UX 9.1y2k 64Mb Compiler: cc, version A.B9.00.2A, HP series S300/S400 Configure: hpux-m68k-gcc no-threads PARISC specials are not needed. Installing gnu bc before tests is recommended: HP /usr/bin/bc does not work properly ('SunOStest' failed). OpenSSL 0.9.6b 9 Jul 2001 built on: Sat Dec 1 00:24:41 MET 2001 platform: hpux-m68k-gcc options: bn(64,32) md2(int) rc4(ptr,int) des(ptr,cisc,16,long) idea(int) blowfi sh(idx) compiler: gcc -DB_ENDIAN -DBN_DIV2W -O3 Changes in ./Configure hpux-m68k-gcc, gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::, Yours sincerely Anton -- +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= .. + :Anton J. Gamel : [EMAIL PROTECTED] V : : an Apollo a VAX for a Vet : [EMAIL PROTECTED] (,,) : +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -- +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= .. + :Anton J. Gamel : [EMAIL PROTECTED] V : : an Apollo a VAX for a Vet : [EMAIL PROTECTED] (,,) : +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[PATCH] fix make install
Noticed a problem with make install on the 0.9.6c-dev engine branch, might affect other branches too. Mark Index: Makefile.org === RCS file: /e/openssl/cvs/openssl/Makefile.org,v retrieving revision 1.88.2.7.4.7 diff -u -r1.88.2.7.4.7 Makefile.org --- Makefile.org2001/11/15 08:15:02 1.88.2.7.4.7 +++ Makefile.org2001/11/21 11:29:32 @@ -619,7 +619,7 @@ fn=`basename $$i .pod`; \ if [ $$fn = config ]; then sec=5; else sec=1; fi; \ echo installing man$$sec/`basename $$i .pod`.$$sec; \ - (cd `echo $$i | sed -e 's|/[^/]*$||'`; \ + (cd `echo $$i | sed -e 's|/[^/]*$$||'`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`) \ $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ @@ -628,7 +628,7 @@ fn=`basename $$i .pod`; \ if [ $$fn = des_modes ]; then sec=7; else sec=3; fi; \ echo installing man$$sec/`basename $$i .pod`.$$sec; \ - (cd `echo $$i | sed -e 's|/[^/]*$||'`; \ + (cd `echo $$i | sed -e 's|/[^/]*$$||'`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`) \ $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
Re: Newbie - SSL2_WRITE:ssl handshake failure
(And I'll cc the developers list so they can see the problem.) The archives show there have been a number of queries on handshake failure errors in the past year (including mine a couple of weeks ago), but I haven't seen but one response. So while I don't (yet) have any definite answers, perhaps I provide some suggestions. First of all, note that the s2_pkt.c:371 the end of the error message is telling which source code file, and even the line number, where the error occured. Hmm, it looks like it ran out of data. Well, that wasn't too helpful, but it's good to check. A key problem here [hey, developers, take note!] is that we don't know whether the error was the s2_pkt code taking a dive because of a shouldn't happen condition it couldn't handle (poor code?), or because the two parties here couldn't agree on a handshake. Consider the latter possibility. In my case I was testing a server I am setting up, and I had doubts about how the certificates are set up. Removing them entirely also resulted in a 'handshake failure', so this could be problem with the certificates. Some things to check: Are the certificates on your second destination valid? Does their setup correspond with that on your first destination? Do you have other services that use them? (Are you going to a standard https server, or a custom server?) Have you checked the logs? Also: use 'openssl'. (It may be easier to manipulate than your executable, and it has a bunch of options affecting the SSL aspects.) Do something like 'openssl s_client -connect host:443' to connect to the secure http server. (There is no prompt. Type something like get / http/1.0 and hit return twice.) Also note that openssl can also be run as a minimal web server. Good luck, and let me know what if you find anything. === JJ = On Mon, 12 Nov 2001, Vikram Motwani wrote: Hi, I am new to ssl and am trying to upload files to a server using https post. I am using an executable that takes infile URL:https://... username password as inputs from the command prompt. Unfortunately it was written by someone else. I can upload files from a machines on one domain but not on other. I get the following error on client trying to upload files to server: 279:error:1407F0E1:SSL routines:SSL2_WRITE:ssl handshake failure.\ssl\s2_pkt.c:371. Can anyone tell me how to fix this and what the problem might be. Thanks in advance, Vikram __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Is 'openssl-users' dead?
The archives show a lot of queries posted to 'openssl-users'--with no responses. Anyone know of any particular reasons? I thought OpenSSL looked pretty viable, but it won't be if no one will help support possible users. === JJ = __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
platform hpux-m68k-cc
Hi all! Compilation and tests succeeded in following (old) platform: Machine: HP 9000/400 m68040@25 HP-UX 9.1y2k 64Mb Compiler: cc, version A.B9.00.2A, HP series S300/S400 Configure: hpux-m68k-cc no-threads CFLAGS changed to CFLAG= -DDSO_DL -DNO_ASM -DB_ENDIAN -DBN_DIV2W -Aa -D_HPUX_SOURCE +O2 +z Opt +O3 comes up with an error in bss_file.c in ./test/tx509 ... PARISC specials are not needed. Installing gnu bc before tests is recommended: HP /usr/bin/bc does not work properly ('SunOStest' failed). OpenSSL 0.9.6b 9 Jul 2001 built on: Sat Sep 8 18:04:30 MEST 2001 platform: hpux-m68k-cc options: bn(32,32) md2(int) rc4(ptr,int) des(ptr,cisc,16,long) idea(int) blowfi sh(idx) compiler: cc -DNO_THREAD -DB_ENDIAN -DBN_DIV2W -Aa -D_HPUX_SOURCE +O2 +z Changes in ./Configure 241a242,245 #Shoud run on old HP-UX systems series 300/400 #You may go up to +O3 but compile bss_file.c with +O2 !! hpux-m68k-cc, cc:-DB_ENDIAN -DBN_DIV2W -Aa -D_HPUX_SOURCE +O2 +z::(unknown):-ldld:DES_PTR DES_UNROLL:::, Why cc?: The gcc-libs can not be used in further cc compilations. glibc is not ported for this machine and gld cannot handle shared-libs. cc compilation is the method of choice! The ready-to-use tree /usr/local/ssl/... can be retrieved from my ftp server ftp://anna.anatomie.uni-freiburg.de/pub/hpux/ssh+ssl/openssl-0.9.6b-lib-hpux9-m68k.tar.gz Yours sincerely Anton -- +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= .. + :Anton J. Gamel : [EMAIL PROTECTED] V : : an Apollo a VAX for a Vet : [EMAIL PROTECTED] (,,) : +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -- +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= .. + :Anton J. Gamel : [EMAIL PROTECTED] V : : an Apollo a VAX for a Vet : [EMAIL PROTECTED] (,,) : +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compression BIO
Hello, all. I recently finished working on a zlib-based compression filter BIO for OpenSSL, and would like to contribute this to the project. The code can be found at: http://www.castaglia.org/openssl/ and includes a README, POD, and the files themselves. Hi: I´m the one of the refered message http://www.mail-archive.com/openssl-users@openssl.org/msg09399.html in your README file and I´m glad to see my hints there may have help you. The method I built with that BIO works as you said, on top a file or memory BIO.And I use it to compress the file BEFORE encription, of course, because if not entropy of encrypted file is so high that compression does nothing.But above message is so old that i can´t remember if I had to change anything more in all this to have it working My next question is: what to do with this code from here? I´m using this BIO to create big detached PKCS7 files with its data section compressed.Looking at PKCS7_doit() I´ve put this ZBIO on top a file BIO where original code used a memory BIO,so I can read and write the data section of the envelope using it.I use the calculated hash when i have gone all over the file to put it it the rigth place on PKCS7 struct,then I build that PKCS7 header and then I put the compressed data at the end to create the detached envelope. I think it would be great if this BIO where included in OpenSSL so people asking for compression could use it, but I think that PKCS7 standars says nothing about compression.(And after some years I know OpenSSL people team enougth to think that if there is no well defined standard they will not include nothing ;-)) If OpenSSL 0.9.7 version supports indefinite length encoding this could be even more interesting, because I did all this to manage big files without having a big amount of data bytes to cipher loaded in memory. Now I want to make you a question: ¿What happens if we put this BIO on top of a socket BIO?.All the data throught the socket would be compressed,I suppose.The same kind of BIO on the other side would decompress it. It sound very interesting, so perhaps someone may have enought time to do it... Hope this will answer your last question.Hope not to have said anything wrong. Pablo J. Royo __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Multi-threaded version of speed.c
Bill: Thanks, I would like very much to take you up on your offer, too. I wrote my own a while back for precisely the same reason, but it was very Unix specific (e.g., relied on signals, used pipes to collect results, etc.). --Joe I'd appreciate a copy. We'd been meaning to get around to doing that; I'm glad you beat us to it :-). thanks much, Diana Diana Smetters Member of the Research Staff Xerox PARC [EMAIL PROTECTED] wrote: Hi, I've modified speed.c (openssl speed) to run with a variable number of threads simultaneously. Why would I want to do this? Besides the obvious use of testing on MP boxes, this is great for evaluating hardware ENGINEs. If the hardware has multiple encryption chips, running with multiple threads enables you to fully saturate the hardware card, so you can really measure what the card is capable of doing. At the moment, I've only completed this for RSA tests, because that is what I am interested in right now. The other tests will run with multiple threads, but the results won't be calculated correctly. I'll skip the gory details, but I found a way to run with multiple threads, with minimal modifications to the original code; the only problem is calculating the results for each test. Since this is probably for a niche market, I'm not sure if this is something that needs to be rolled into the base code. However, if anyone is interested, I can provide this for you to play with. Just send me a note. Bill Hymas IBM Global Services / IBM Linux Technology Center Heidelberg, Germany __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Client Authentication
I think I have sent this question... I am sorry if I have bothered you with this email. I know that client authentication might be initialized by the server... but I wish to know more about this... Thanks. Dear all, I am total newbie of TLS or SSL. I have a question about what I will do for my work. I wish to apply the SSL or TLS client authentication but I don't want to continue the SSL or TLS to set up the secure session between the server and client. I wish to manually control (from the client side) using the Web browser (for example Internet Explorer) the client authentication to the server, for example, which certificate to be sent and so on... I wish to know whether it is possible to do that... and wishing to have your expertise and directions. Your reply is highly appreciated. Thank you very much. Wish you all the best. Best regards, Jordan CN CHONG __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl-0.9.6-perl5.6.0-01.patch
Attached is a patch for the perl code in OpenSSL-0.9.6 to make it work with Perl5.6.0. The patch should be applied in the main openssl-0.9.6 directory above the "perl" directory. Feel free to place this patch on the "Contribution" page and/or apply them to the OpenSSL sources. The patch adds no new functionality (other than a simple test package) to the libraries, but it allows them to be compiled with Perl5.6.0. It has only been tested under "Red Hat Linux release 7.0 (Guinness)" with the unpatched verion of OpenSSL 0.9.6 released last September. This patch is provided "AS IS" under the same licenses that OpenSSL is provided without any expressed or implied warranties. Kurt diff -N -c -r perl.orig/OpenSSL.xs perl/OpenSSL.xs *** perl.orig/OpenSSL.xsThu Jul 22 09:10:31 1999 --- perl/OpenSSL.xs Wed Feb 14 20:11:59 2001 *** *** 72,82 boot_digest(); boot_err(); boot_ssl(); ! boot_OpenSSL__BN(); ! boot_OpenSSL__BIO(); ! boot_OpenSSL__Cipher(); ! boot_OpenSSL__MD(); ! boot_OpenSSL__ERR(); ! boot_OpenSSL__SSL(); ! boot_OpenSSL__X509(); --- 72,109 boot_digest(); boot_err(); boot_ssl(); ! ! /* */ ! /* The next macro is the completely correct way to call a C */ ! /* function that uses perl calling conventions but is not */ ! /* registered with perl.*/ ! /* */ ! /* The second macro seems to work for this context. (We just */ ! /* need a mark for the called function since we don't have */ ! /* any local variables and what-not.) */ ! /* */ ! /* Unfortunately, we need to do this because these boot_* */ ! /* functions are auto-generated by xsubpp and are normally */ ! /* called from DyncLoader, but we're pulling them in here. */ ! /* */ ! #define FULL_callBootFunc(func) { \ ! dSP; \ ! ENTER; \ ! SAVETMPS; \ ! PUSHMARK(SP); \ ! func(); \ ! FREETMPS; \ ! LEAVE; \ ! } ! #define callBootFunc(func) { \ ! PUSHMARK(SP); \ ! func(); \ ! } ! callBootFunc(boot_OpenSSL__BN); ! callBootFunc(boot_OpenSSL__BIO); ! callBootFunc(boot_OpenSSL__Cipher); ! callBootFunc(boot_OpenSSL__MD); ! callBootFunc(boot_OpenSSL__ERR); ! callBootFunc(boot_OpenSSL__SSL); ! callBootFunc(boot_OpenSSL__X509); diff -N -c -r perl.orig/openssl_bio.xs perl/openssl_bio.xs *** perl.orig/openssl_bio.xsThu Jul 22 09:10:31 1999 --- perl/openssl_bio.xs Wed Feb 14 19:41:46 2001 *** *** 32,38 if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE)) XPUSHs(sv_2mortal(newSVpv(parg,larg))); else ! XPUSHs(sv_undef); /* ptr one */ XPUSHs(sv_2mortal(newSViv(larg))); XPUSHs(sv_2mortal(newSViv(ret))); --- 32,38 if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE)) XPUSHs(sv_2mortal(newSVpv(parg,larg))); else ! XPUSHs(PL_sv_undef); /* ptr one */ XPUSHs(sv_2mortal(newSViv(larg))); XPUSHs(sv_2mortal(newSViv(ret))); *** *** 129,137 PPCODE: pr_name("p5_BIO_new"); if ((items == 1) SvPOK(ST(0))) ! type = SvPV(ST(0),na); else if ((items == 2) SvPOK(ST(1))) ! type = SvPV(ST(1),na); else croak("Usage: OpenSSL::BIO::new(type)"); EXTEND(sp,1); --- 129,137 PPCODE: pr_name("p5_BIO_new"); if ((items == 1) SvPOK(ST(0))) ! type = SvPV_nolen(ST(0)); else if ((items == 2) SvPOK(ST(1))) ! type = SvPV_nolen(ST(1)); else croak("Usage: OpenSSL::BIO::new(type)"); EXTEND(sp,1); *** *** 314,320 PUSHs(sv_newmortal()); sv_setpvn(ST(0), "", 0); SvGROW(ST(0), 1024); ! p=SvPV(ST(0), na); i = BIO_gets(bio, p, 1024); if (i 0) i = 0; --- 314,320 PUSHs(sv_newmortal()); sv_setpvn(ST(0), "", 0); SvGROW(ST(0), 1024); ! p=SvPV_nolen(ST(0)); i = BIO_gets(bio, p, 1024); if (i 0) i = 0; *** *** 370,376 PREINIT: char *ptr; CODE: ! ptr = SvPV(in,na); RETVAL = BIO_puts(bio, ptr); OUTPUT: RETVAL --- 370,376 PREINIT: char *ptr; CODE: ! ptr = SvPV_nolen(in); RETVAL = BIO_puts(bio, ptr);
SSL_CTX_new question
What is the purpose of the SSL_get_ex_data_X509_STORE_CTX_idx() chain of function calls in the above function ? I get lost every time I try to track through it . . . Thanks, Joe Coates __ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PKCS12 modes
PKCS#12 specifies two privacy (password and public-key) and two integrity (password and public-key) modes. However, it appears as though OpenSSL implements only the PKCS#12 password privacy mode. Or have I simply overlooked something here? Are there any plans to implement the other modes? Dan Lanz Caveo Systems __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ENGINE works.
I've been playing with the ENGINE release on freebsd 3.2 attempting to add support for new hardware. I've noticed that dso needed some tweaking to load .so's (DSO_DLFCN, HAVE_DLFCN_H and friends not defined by config) and that the speed timing isn't TOD (toy?) for freebsd. But otherwise I'm finding the ENGINE changes quite useful. I'm about ready to integrate with SSL Apache and make the hardware acceleration actually do soemthing. But I am wondering, will ENGINE "automagically" work if it finds the .so and hardware and "method search" the ENGINE chain, or do I need additional tweaks someplace, analogous to the "-engine" switch in speed, to enable particular hardware? Thanks, Joe __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PEM certs formatted at 76 chars per line.
You all were right.The example cert works perfectly.I was adding END CERTIFICATE in my program routines in bad way,so only that was the problem. I´m very sorry for the mistake.Thanks to all. Richard Levitte - VMS Whacker wrote: Hmm? I've seen openssl base64 misbehave when the file didn't follow the 64 chars/line limit, but then again, I may remember wrongly. openssl base64 -in baltimore.pem -a -d | openssl x509 -inform der worked perfectly with this example cert. Ciao, Michael. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PEM certs formatted at 76 chars per line
Hi I´m using this cert from Baltimore with openssl0.9.5a. I don´t know why they generate PEM certs with 76 chars in each line, instead of 64 as everybody does.If you take the cert and manually put it with 64 chars per line and the "BEGIN/END CERTIFICATE" stuff all goes well, but if not x509 command says: unable to load certificate 12482:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:761: So I´d like to know if there is a way to use the same b64 functions to handle it, or what kind of modification should I do to bio64 or PEM routines.It would be easy? Thanks baltimore.pem
PKCS7 signed data digestAlgorithm question.
I am trying to verify the signature of a PKCS7 object created by another PKI that used SHA1 as the method of digest and RSA Encryption as the method of private key encryption. However, if I parse the DER, the following shows that the sha1withRSAEncryption was used as the digestAlgorthimIdentifier: 0 30 1855: SEQUENCE { 4 069: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 15 A0 1840: [0] { 19 30 1836: SEQUENCE { 23 021: INTEGER 1 26 31 13: SET { 28 30 11: SEQUENCE { 30 069: OBJECT IDENTIFIER : sha1withRSAEncryption (1 2 840 113549 1 1 5) : } : } 41 30 11: SEQUENCE { 43 069: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) it would seem to me, first of all that seeing this is supposed to be a digestAlgorithmIdentifier, this should just be SHA1 as sha1withRSAEncrytion implies a signature algorithm, not a message digest. Therefore, when I try to verify the signature in the PKCS7 object, in the function PKCS7_dataInit(): if (md_sk != NULL) { for (i=0; isk_X509_ALGOR_num(md_sk); i++) { xa=sk_X509_ALGOR_value(md_sk,i); if ((btmp=BIO_new(BIO_f_md())) == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); goto err; } j=OBJ_obj2nid(xa-algorithm); evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); j = 65 evp_md = RSA-SHA1 This gets set into the output bio struct. Later in the PKCS7_signatureVerify() function in the location: md_type=OBJ_obj2nid(si-digest_alg-algorithm); btmp=bio; for (;;) { if ((btmp == NULL) || ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } BIO_get_md_ctx(btmp,mdc); if (mdc == NULL) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_INTERNAL_ERROR); goto err; } if (EVP_MD_CTX_type(mdc) == md_type) break; btmp=btmp-next_bio; } The error PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST) is set because md_type = 65 and mdc-digest.type = 64. 64 is SHA1 so the comparisons to the message digests fail, when really they should not. My question is: Is this the intended behavior? Shouldn't this situation be handled? From the PKCS7 and X509 specs, I don't see any provision for what is a digest algorithm and what is not. Clearly, SHA1 has been used to create the digest. Or, is the PKI that created the PKCS7 object in the wrong? Thanks! Scott J. Tamosunas Shym Technology Inc. Senior Engineer 75 Second Ave voice: 781.455.1100 x206Needham, MA 02494 fax: 781.455.1101 http://www.shym.com/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Private Key from SSL_CTX
Hi Juan Pablo Rojas: Thanks for your answer! I've seen than SSL_get_privatekey also uses a CERT structure to store the key.SSL_CTX is inside SSL, so I think that in fact they "point" to the same key. My problem is that I keep a pointer to the SSL_CTX struct used at startup, where there is no already a SSL struct from a connection to retrieve the key from. So, although I´m not sure, I think I´ll use ctx-cert-key-privatekey. Hi Pablo! The only way i've found to get it is using the SSL_get_privatekey from the SSL structure. I haven't found any way of doing it from SSL_CTX. I hope this helps you. "Pablo J. Royo" wrote: Hello all: I need to get the private key I loaded when my server started.Once a client connects I need server´s private key again and then all I have is a SSL_CTX. I used SSL_CTX_use_RSAPrivateKey_file( ) at startup so I know the key must be there in struct SSL_CTX , but looking at sources I haven´t found it. I have seen something named CERT which seems to keep an array of cert/privatekey pair.What it is for? It is a SSL_CTX_get_PrivateKey( ) interface or something to get the key? Thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Private Key from SSL_CTX
Hello all: I need to get the private key I loaded when my server started.Once a client connects I need server´s private key again and then all I have is a SSL_CTX. I used SSL_CTX_use_RSAPrivateKey_file( ) at startup so I know the key must be there in struct SSL_CTX , but looking at sources I haven´t found it. I have seen something named CERT which seems to keep an array of cert/privatekey pair.What it is for? It is a SSL_CTX_get_PrivateKey( ) interface or something to get the key? Thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Thanks
Hi, My thanks to those who helped me with my OpenSSL/STunnel/EGD problem. I now have it installed and working correctly. I was a little stumbled at first by how to make a self-signed certificate for testing with Outlook, but found a FAQ for that, too. Great software! :-) (Boss is also a Happy Camper, now, too, which never hurts! :-) -- Allen J. Newton ([EMAIL PROTECTED]) -- Team *AMIGA* __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL with EGD?
Hi, Sorry for the previous subscribe message, wrong button (it's late, etc. etc). Okay, okay, beat me up later... I'm working on an Alpha system running Digital UNIX 4.0f and have a requirement to implement IMAP with SSL support for Outlook clients (yuck!). I have built tcpwrapper, openssl and stunnel (all latest versions). Digital UNIX doesn't have a /dev/*random, so I also got the EGD perl script and have executed it for a time as "egd.pl $HOME/.rnd" (and whatever other command line options the docs said to -- anyway EGD seems to be working fine, makes the socket, etc). But I'm still getting the "PRNG not seeded" message in the syslog when I try to launch stunnel. I built openssl after installing egd (and stunnel after that). So far, in the docs I've read, I haven't managed to figure out what all I'm supposed to change to make openssl work with egd. I replaced all the RAND_seed()'s with RAND_egd("$HOME/.rnd"); (where $HOME is actually the home directory of the user, NOT the string "$HOME" -- e.g. to test it all I'm using root's home and doing RAND_egd("/.rnd"); after having launched egd.pl to open that socket). Can anyone give me any pointers with how to get openssl to work with egd? All the egd docs are more GPG-centric. I didn't find anything in stunnel that seemed to indicate the changes needed to be there (I don't see any RAND_seed() or RAND_add() calls at all in the stunnel sources). Thanks in advance for any help... -- Allen J. Newton ([EMAIL PROTECTED]) -- Team *AMIGA* __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL with EGD?
Hi, Lutz Jaenicke, you wrote: Date: Mon, 15 May 2000 10:12:23 +0200 Subject: Re: OpenSSL with EGD? It is hard to say what is going wrong from your description... 1. Check that EGD is actually running and supplying entropy. Use the "epc.pl" tool included in the EGD source package to check out the socket. Okay, after doing step #3 below, I did this and it shows that EGD is working fine. 2. The RAND_egd() function does not give any diagnostic output. Print out the return value to see whether it is "-1" (error condition) or a positive number. The positive number is the number of entropy bytes obtained (255 is the maximum you can get from EGD with one query). Okay, I haven't done this, yet, but still have the question about where to put the RAND_egd() call -- was it intended to replace existing RAND_seed() calls? Or is it intended to supplement them? Or is it supposed to be called before anything else? 3. $HOME/.rnd is the name of the PRNG support file used by the OpenSSL library to store seed information. Don't mix it with the EGD socket and use another name for the socket. Thank you very much for this correction. Somehow I'd gotten the notion that .rnd was supposed to be the socket. I've since fixed this 4. I am a bit confused about your "$HOME/.rnd" notion. This implies that you either have only one user to take care about and the service is just for him. Otherwise, the user name is only known when the TLS handshaking is already completed and the seeding is already too late. Good point, and sorry I confused you with my confusion! While it is true that right now I have only root running and care only about that for testing purposes (the system under discussion will be rebuilt shortly with Digital UNIX 5.0), the info in #3 combined with new information in egc-0.8 (released just yesterday, btw) showed me what was intended for the socket (egd recommends /etc/entropy). I just haven't discovered whether the RAND_egd() changes need to be made to openssl code, stunnel code, or both. Any further pointers greatly appreciated. I didn't find anything in stunnel that seemed to indicate the changes needed to be there (I don't see any RAND_seed() or RAND_add() calls at all in the stunnel sources). I don't know about Michal Trojnara's intentions. The release of stunnel 3.8 predates the release of OpenSSL 0.9.5 (the first release forcing correct seeding of the PRNG) by 4 days, so probably stunnel is not yet aware of that change. Please contact Michal and kindly ask him for an update of his widly used package. Thanks very much, I'll try that tonight... -- Allen J. Newton ([EMAIL PROTECTED]) -- Team *AMIGA* __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Compile in VC++6
Check workspace files and explanations of compile process at http://www.iconsinc.com/~agray/ossldev/ Workspace files there work really fine. -Original Message- From: Pete Jenkins [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: jueves 4 de mayo de 2000 5:06 Subject: Compile in VC++6 Have not had any luck getting this to compile. Does anyone have a VC++6 project with working code they can pass on? This would also be handy to put on the site as a zip. If not, here is what has been tried so far: 1-Download openssl-0.9.5a.tar 2-Try to install SSL based on Install.w32 direction I-downlowd setup ActivePerl II-Run: perl Configure VC-WIN32 III-Run: ms\do_ms IV-Run mmake from : d:/vc98/binnmake e:/...ms/ntdll.mak with this error: NMAKE : fatal error U1073: don't know how to make '.\crypto\cryptlib.h' Stop. 3-creat an ATL project and add all the methodes from s3_clnt.c to my project and debug to compile (include all the neccessary .h files) , but I got 84 Link Error: unresolved external symbol like :"CC.obj : error LNK2001: unresolved external symbol "struct ssl_method_st * __cdecl sslv3_base_method(void)" (?sslv3_base_method@@YAPAUssl_method_st@@XZ)" Ideas? Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Does anyone know about ASN1 compiler?
When trying to apply CMP protocol upon our PKI solutions, I heard about ASN1 compiler. So anyone knows about ASN1 compiler? its utilities? Check http://www.armadillo.huntsville.al.us/software/smime/index.html This smime library uses the free SNACC ASN1 compiler. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]