Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch
On 23/03/15 11:54, Linsell, StevenX wrote: On 20/0315 15:51, Matt Caswell wrote: On 20/03/15 12:44, Linsell, StevenX wrote: On Thu, Mar 19, 2015, Steve Linsell wrote: Following further testing I see identical failures in the master branch using the \ following cipher/protocol combinations: ECDH-ECDSA-AES128-SHA ssl3 ECDH-ECDSA-AES256-SHA ssl3 ECDH-ECDSA-DES-CBC3-SHAssl3 ECDH-ECDSA-RC4-SHA ssl3 ECDH-RSA-AES128-SHAssl3 ECDH-RSA-AES256-SHAssl3 ECDH-RSA-DES-CBC3-SHA ssl3 ECDH-RSA-RC4-SHA ssl3 ECDHE-ECDSA-AES128-SHA ssl3 ECDHE-ECDSA-AES256-SHA ssl3 ECDHE-ECDSA-DES-CBC3-SHA ssl3 ECDHE-ECDSA-RC4-SHAssl3 Hi Steve Looks like a bug. Try the attached patch. Let me know how you get on. Thanks Matt Thanks Matt that worked great. I've retested all the above cipher/protocol combinations and all now pass with the fix in place. Just to close out my understanding. Within the tls1_check_ec_key function: The first iteration round the loop is checking that the curve within the certificate matches one of the curves in the list of curves that this build of OpenSSL supports. The second iteration round the loop is checking the curve within the certificate matches one of the curves in the list of curves sent from the peer via TLS extensions. In the case of the cipher/protocol combinations above we are using ssl3 which does not support TLS extensions so the second list will always be empty. As Viktor states RFC 4492 says if the client sends no TLS extension containing the curves supported then the server can choose any supported curve. So your fix is to continue when we reach the second iteration if there are no curves in the second list rather than flag an error. Essentially yes, although with the refinement that the first iteration checks the list of available curves for this SSL. This may or may not be the same as the complete list of curves available in this *build* (e.g. if SSL_set1_curves_list() has been used). Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Need help on CVE-2015-0292
Hi All, As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt, the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or typo? Can some one point me to the code changes related to this fix on gib hub. I really could not find the code changes related to the commit 9febee0272 (0.9.8) as per the advisory. Appreciate your help on this. Regards, -Jaya. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Need help on CVE-2015-0292
On 23/03/15 10:50, Jaya Nageswar wrote: Hi All, As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt, the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or typo? It is correct. As the advisory states this is a historic bug that was fixed in previous versions but had not appeared in a security advisory until now. Can some one point me to the code changes related to this fix on gib hub. I really could not find the code changes related to the commit 9febee0272 (0.9.8) as per the advisory. https://github.com/openssl/openssl/commit/9febee0272 Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch
On 20/0315 15:51, Matt Caswell wrote: On 20/03/15 12:44, Linsell, StevenX wrote: On Thu, Mar 19, 2015, Steve Linsell wrote: Following further testing I see identical failures in the master branch using the \ following cipher/protocol combinations: ECDH-ECDSA-AES128-SHA ssl3 ECDH-ECDSA-AES256-SHA ssl3 ECDH-ECDSA-DES-CBC3-SHAssl3 ECDH-ECDSA-RC4-SHA ssl3 ECDH-RSA-AES128-SHAssl3 ECDH-RSA-AES256-SHAssl3 ECDH-RSA-DES-CBC3-SHA ssl3 ECDH-RSA-RC4-SHA ssl3 ECDHE-ECDSA-AES128-SHA ssl3 ECDHE-ECDSA-AES256-SHA ssl3 ECDHE-ECDSA-DES-CBC3-SHA ssl3 ECDHE-ECDSA-RC4-SHAssl3 Hi Steve Looks like a bug. Try the attached patch. Let me know how you get on. Thanks Matt Thanks Matt that worked great. I've retested all the above cipher/protocol combinations and all now pass with the fix in place. Just to close out my understanding. Within the tls1_check_ec_key function: The first iteration round the loop is checking that the curve within the certificate matches one of the curves in the list of curves that this build of OpenSSL supports. The second iteration round the loop is checking the curve within the certificate matches one of the curves in the list of curves sent from the peer via TLS extensions. In the case of the cipher/protocol combinations above we are using ssl3 which does not support TLS extensions so the second list will always be empty. As Viktor states RFC 4492 says if the client sends no TLS extension containing the curves supported then the server can choose any supported curve. So your fix is to continue when we reach the second iteration if there are no curves in the second list rather than flag an error. Thanks again, Steve Linsell Intel Shannon DCG/CID Software Development Team stevenx.lins...@intel.com -- Intel Shannon Limited Registered in Ireland Registered Office: Collinstown Industrial Park, Leixlip, County Kildare Registered Number: 308263 Business address: Dromore House, East Park, Shannon, Co. Clare This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch
On 23/03/15 14:19, Jakob Bohm wrote: On 23/03/2015 14:48, Matt Caswell wrote: On 23/03/15 13:45, Viktor Dukhovni wrote: On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote: As Viktor states RFC 4492 says if the client sends no TLS extension containing the curves supported then the server can choose any supported curve. So your fix is to continue when we reach the second iteration if there are no curves in the second list rather than flag an error. Essentially yes, although with the refinement that the first iteration checks the list of available curves for this SSL. This may or may not be the same as the complete list of curves available in this *build* (e.g. if SSL_set1_curves_list() has been used). I would expect that a client sending an *empty* list of supported curves means no curves are supported by the client, and the server would not enable EC. The case where the server is free to choose any curve is presumably when the client does not send a supported curves extension at all. It is not valid to send an empty list. If the client uses the extension then they *must* set at least one curve. Therefore if the client list is empty then it can only be because the extension was not used. Is sending an empty list technically impossible in the protocol, or just not currently permitted. The extension is defined in RFC4492 as a list of NamedCurves with at least one entry in that list: struct { NamedCurve elliptic_curve_list1..2^16-1 } EllipticCurveList; It would be technically feasible to send a zero length list (although that would be in violation of the RFC). If a client did so then OpenSSL would reject it with a decode error alert. Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] FIPS: Which DRBG ?
Hello, Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So the certifications were made for SP 800-90, is that right ? Also, does it depend on the application to choose which DRBG and moreover, for regular FIPS uses, does it matter which DRBG is used since they are all approved ? One more question: is there a way for us to actually know/test which one id used by an application ? I currently am using a FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to identify which DRBG is used ? Maybe FIPS_drbg_set_callbacks() could be more useful ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] ChaCha20/Poly1305 in OpenSSL?
It's unlikely to appear in 1.0.2 as it's a new feature. CloudFlare has posted patches that seem like they would drop in easily, for folks that want to do it; see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/ -- Senior Architect, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
Hi, For the second question any DRBG that are approved in FIPS SP 800-90A are approved for any application. You can chose over tha Hash, HMAC or CTR DRBG equivalently. Best regards Q Gouchet Le 23 mars 2015 09:38, jonetsu jone...@teksavvy.com a écrit : Hello, Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So the certifications were made for SP 800-90, is that right ? Also, does it depend on the application to choose which DRBG and moreover, for regular FIPS uses, does it matter which DRBG is used since they are all approved ? One more question: is there a way for us to actually know/test which one id used by an application ? I currently am using a FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to identify which DRBG is used ? Maybe FIPS_drbg_set_callbacks() could be more useful ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch
On 23/03/15 13:45, Viktor Dukhovni wrote: On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote: As Viktor states RFC 4492 says if the client sends no TLS extension containing the curves supported then the server can choose any supported curve. So your fix is to continue when we reach the second iteration if there are no curves in the second list rather than flag an error. Essentially yes, although with the refinement that the first iteration checks the list of available curves for this SSL. This may or may not be the same as the complete list of curves available in this *build* (e.g. if SSL_set1_curves_list() has been used). I would expect that a client sending an *empty* list of supported curves means no curves are supported by the client, and the server would not enable EC. The case where the server is free to choose any curve is presumably when the client does not send a supported curves extension at all. It is not valid to send an empty list. If the client uses the extension then they *must* set at least one curve. Therefore if the client list is empty then it can only be because the extension was not used. Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] JAR file of openssl source code.
Thanks Jakob. On 23-Mar-2015 11:58 AM, Jakob Bohm jb-open...@wisemo.com wrote: The most common Java interface for openssl is to use an openssllibrary wrapper as the JNI backend behind the Java CryptographyExtensions (JCE). For instance this is how Android implements JCE. Curiously Android returns the OID from the JCE name() method, and then end up having to add alias names such as1.3.14.3.2.26with1.2.840.113549.1.1.1= 1.3.14.3.2.29 wherethey should have been processing sha1WithRsaEncryption whichis already the name of 1.3.14.2.2.29 On 23/03/2015 06:31, Niraj Sorathiya wrote: Hi, I was trying to use openssl with java that's why I asked about jar file for it. I know source code is available in c. Thanks, Niraj. On 23-Mar-2015 1:23 AM, pl p...@artisanlogiciel.net mailto: p...@artisanlogiciel.net wrote: On 22/03/2015 19:29, Niraj Sorathiya wrote: Hi, Thanks Matt and jar file of openssl source code is available ? I searched a lot but didn't get. Regards, Niraj. On 22-Mar-2015 8:01 PM, Matt Caswell m...@openssl.org mailto:m...@openssl.org wrote: On 22/03/15 04:14, Niraj Sorathiya wrote: Hi, Can anyone tell me starting point or location of main method in openssl source code which starts openssl command line toolkit ? Hi Niraj main is located in apps/openssl.c http://wiki.openssl.org/index.php/Compilation_and_ Installation#Retrieve_source_code It is a git clone, not a jar since jar are mostly for java based projects, openssl is C code. Actually, it is a .tar.gz file unless working with bleeding edge stuff. The .tar.gz is signed with gpg not PKCS#7 like jar files. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch
On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote: As Viktor states RFC 4492 says if the client sends no TLS extension containing the curves supported then the server can choose any supported curve. So your fix is to continue when we reach the second iteration if there are no curves in the second list rather than flag an error. Essentially yes, although with the refinement that the first iteration checks the list of available curves for this SSL. This may or may not be the same as the complete list of curves available in this *build* (e.g. if SSL_set1_curves_list() has been used). I would expect that a client sending an *empty* list of supported curves means no curves are supported by the client, and the server would not enable EC. The case where the server is free to choose any curve is presumably when the client does not send a supported curves extension at all. -- Viktor. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch
On 23/03/2015 14:48, Matt Caswell wrote: On 23/03/15 13:45, Viktor Dukhovni wrote: On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote: As Viktor states RFC 4492 says if the client sends no TLS extension containing the curves supported then the server can choose any supported curve. So your fix is to continue when we reach the second iteration if there are no curves in the second list rather than flag an error. Essentially yes, although with the refinement that the first iteration checks the list of available curves for this SSL. This may or may not be the same as the complete list of curves available in this *build* (e.g. if SSL_set1_curves_list() has been used). I would expect that a client sending an *empty* list of supported curves means no curves are supported by the client, and the server would not enable EC. The case where the server is free to choose any curve is presumably when the client does not send a supported curves extension at all. It is not valid to send an empty list. If the client uses the extension then they *must* set at least one curve. Therefore if the client list is empty then it can only be because the extension was not used. Is sending an empty list technically impossible in the protocol, or just not currently permitted. If it is just not currently permitted then one needs to contemplate whya client would (in a future update RFC for a backwards compatible TLS version) beallowed to send an empty list rather than simply not proposing any ECC cipher codes. One possible interpretation could be Not only don't I support any of the currentlypublished ECC ciphers, I will not accept ECC signatures in the cert chain either. Another possible interpretation could be I support arbitrary curves, both thoseenumerated in the standards and those explicitly specified. The second interpretation happens to match what the proposed patchdoes implicitly, while the first interpretation does not. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] JAR file of openssl source code.
The most common Java interface for openssl is to use an openssllibrary wrapper as the JNI backend behind the Java CryptographyExtensions (JCE). For instance this is how Android implements JCE. Curiously Android returns the OID from the JCE name() method, and then end up having to add alias names such as1.3.14.3.2.26with1.2.840.113549.1.1.1= 1.3.14.3.2.29 wherethey should have been processing sha1WithRsaEncryption whichis already the name of 1.3.14.2.2.29 On 23/03/2015 06:31, Niraj Sorathiya wrote: Hi, I was trying to use openssl with java that's why I asked about jar file for it. I know source code is available in c. Thanks, Niraj. On 23-Mar-2015 1:23 AM, pl p...@artisanlogiciel.net mailto:p...@artisanlogiciel.net wrote: On 22/03/2015 19:29, Niraj Sorathiya wrote: Hi, Thanks Matt and jar file of openssl source code is available ? I searched a lot but didn't get. Regards, Niraj. On 22-Mar-2015 8:01 PM, Matt Caswell m...@openssl.org mailto:m...@openssl.org wrote: On 22/03/15 04:14, Niraj Sorathiya wrote: Hi, Can anyone tell me starting point or location of main method in openssl source code which starts openssl command line toolkit ? Hi Niraj main is located in apps/openssl.c http://wiki.openssl.org/index.php/Compilation_and_Installation#Retrieve_source_code It is a git clone, not a jar since jar are mostly for java based projects, openssl is C code. Actually, it is a .tar.gz file unless working with bleeding edge stuff. The .tar.gz is signed with gpg not PKCS#7 like jar files. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] question about resigning a certificate
(Resending because I accidentally sent this reply from the wrong addresslast week, and yes, this is the correct mailing list). No, don't dump the CA certificate. Dump one of the *old* *issued*certificates. There is nothing to diff against, you need to see in what ways the *old**issued* certificates referred to the *old* CA certificate, and then makesure those values remain the same in the new CA certificate. On 18/03/2015 04:20, Alex Samad - Yieldbroker wrote: Hi I have done that and compared the output with diff The only differences are Serial number Signature algo Comment Signature. Alex *From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On Behalf Of *Jakob Bohm *Sent:* Wednesday, 18 March 2015 6:50 AM *To:* openssl-users@openssl.org *Subject:* Re: [openssl-users] question about resigning a certificate On 16/03/2015 02:46, Alex Samad - Yieldbroker wrote: Hi I had a sha1 signed CA and I issued other identity and CA certificates from this CA. With the deprecation of sha1 coming, I resigned my original CA (self signed) as sha512, with the same creation and expiry dates. I believe the only thing changed was the signature and serial number. But when I go to verify older certs that were signed by the original CA (the sha1 signed one), they are no longer valid. I thought if I used the same private and public key I should be okay. I thought the only relevant issue was the issuer field and that the CA keys where the same . Was I wrong. Alex Run openssl x509 -noout -text -in OneOfYourIssuedCerts.pem | more Look at what aspects of your CA are mentioned. For example, does it include the X509v3 Authority Key Identifier extension, and if so, which fields from the CA cert are included? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] ChaCha20/Poly1305 in OpenSSL?
On Tue, Oct 7, 2014 at 12:42 PM, Matt Caswell m...@openssl.org wrote: On 07/10/14 18:07, Jeffrey Walton wrote: But I have not been able to find its trail: $ cd openssl-git $ git pull Already up-to-date. $ grep -R -i chacha * $ grep -R -i poly1305 * $ Where are the new cipher suites located in OpenSSL? $ git checkout 1.0.2-aead They are there... Just not merged into mainline. I would be also interested in knowing whether there is any ETA for that. I just checked the dev branch again, and I did not see them. The particular branch in question is not current: http://marc.info/?l=openssl-devm=140189910129029w=2 Sorry to dig up an old thread... I've been using 1.0.2 lately, and the cipher suites are not available (or do not appear to be available): $ /usr/local/ssl/darwin/bin/openssl ciphers | grep -i chacha $ /usr/local/ssl/darwin/bin/openssl ciphers | grep -i poly $ /usr/local/ssl/darwin/bin/openssl version OpenSSL 1.0.2a 19 Mar 2015 Any ideas when these will make it into OpenSSL? ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl 1.0.2a vc++ 9 (VS 2008) 64-bit build failing
Hi, My apologies if I missed a post about this already, but I'm seeing the following when running `nmake -f ms\ntdll.mak` in the vc9x64 build of openssl 1.0.2a: ... Assembling: tmp32dll\aesni-sha256-x86_64.asm tmp32dll\aesni-sha256-x86_64.asm(109) : error A2006:undefined symbol : __imp_Rtl VirtualUnwind tmp32dll\aesni-sha256-x86_64.asm(127) : error A2006:undefined symbol : $L$SEH_be gin_aesni_cbc_sha256_enc_xop tmp32dll\aesni-sha256-x86_64.asm(128) : error A2006:undefined symbol : $L$SEH_en d_aesni_cbc_sha256_enc_xop tmp32dll\aesni-sha256-x86_64.asm(129) : error A2006:undefined symbol : $L$SEH_in fo_aesni_cbc_sha256_enc_xop tmp32dll\aesni-sha256-x86_64.asm(131) : error A2006:undefined symbol : $L$SEH_be gin_aesni_cbc_sha256_enc_avx tmp32dll\aesni-sha256-x86_64.asm(132) : error A2006:undefined symbol : $L$SEH_en d_aesni_cbc_sha256_enc_avx tmp32dll\aesni-sha256-x86_64.asm(133) : error A2006:undefined symbol : $L$SEH_in fo_aesni_cbc_sha256_enc_avx NMAKE : fatal error U1077: 'c:\Program Files\Microsoft Visual Studio 9.0\VC\BIN \x86_amd64\ml64.EXE' : return code '0x1' Stop. What's odd is that this has built in my vc9x32, vc10x32, vc10x64, vc11x32, and vc11x64 build configurations. Just to rule out an environment issue, I built my previous version, 1.0.1g, within this same command prompt. Any ideas or suggestions as to what might be breaking the VS 2008 64-bit build? Has anyone seen this? Obviously, I don't know enough about this project to really debug the build much further. So, thanks in advance! Regards, Kevin ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Need help on CVE-2015-0292
Thanks Matt for a prompt response. On Mon, Mar 23, 2015 at 4:25 PM, Matt Caswell m...@openssl.org wrote: On 23/03/15 10:50, Jaya Nageswar wrote: Hi All, As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt, the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or typo? It is correct. As the advisory states this is a historic bug that was fixed in previous versions but had not appeared in a security advisory until now. Can some one point me to the code changes related to this fix on gib hub. I really could not find the code changes related to the commit 9febee0272 (0.9.8) as per the advisory. https://github.com/openssl/openssl/commit/9febee0272 Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS: Which DRBG ?
The key issue still remains, are the validated SP800-90 DRBGs the _same_ as SP800-90A's DRBGs? If yes then we can probably use Openssl-FIPS with SP800-90A, otherwise OpenSSL-FIPS 2.0.9 probably can no longer be used for any new validations? Thanks, xxiao --- Hi, For the second question any DRBG that are approved in FIPS SP 800-90A are approved for any application. You can chose over tha Hash, HMAC or CTR DRBG equivalently. Best regards Q Gouchet Le 23 mars 2015 09:38, jonetsu jone...@teksavvy.com a écrit : Hello, Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So the certifications were made for SP 800-90, is that right ? Also, does it depend on the application to choose which DRBG and moreover, for regular FIPS uses, does it matter which DRBG is used since they are all approved ? One more question: is there a way for us to actually know/test which one id used by an application ? I currently am using a FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to identify which DRBG is used ? Maybe FIPS_drbg_set_callbacks() could be more useful ? Regards. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Fwd: [BUG] Crash in PEM write functions with generated EC_KEY on Windows
Hi, I'm facing a crash (heap corruption) on Windows ever since I updated OpenSSL to the version 1.0.2a. The same seems to happen in 1.0.1m. I'm using Visual Studio 2013. I'm building the x64-static variant of OpenSSL like so: perl Configure VC-WIN64A no-asm --prefix=F:\git\openssl_crash\third-party\install\x64 ms\do_win64a nmake -f ms\nt.mak nmake -f ms\nt.mak install My sample code goes as follow: - main.cpp - #include iostream #include openssl/crypto.h #include openssl/evp.h #include openssl/err.h #include openssl/pem.h #include openssl/ecdh.h int main() { OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); EVP_PKEY_CTX* parameters_context = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); if (EVP_PKEY_paramgen_init(parameters_context) != 1) { return 1; } if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(parameters_context, NID_sect571k1) != 1) { return 1; } EVP_PKEY* cparameters = nullptr; if (EVP_PKEY_paramgen(parameters_context, cparameters) != 1) { return 1; } EVP_PKEY_CTX* key_generation_context = EVP_PKEY_CTX_new(cparameters, NULL); if (!key_generation_context) { return 1; } if (EVP_PKEY_keygen_init(key_generation_context) != 1) { return 1; } EVP_PKEY* private_key = nullptr; if (EVP_PKEY_keygen(key_generation_context, private_key) != 1) { return 1; } BIO* bio = BIO_new(BIO_s_mem()); PEM_write_bio_PUBKEY(bio, private_key); // == CRASH HERE. ERR_free_strings(); EVP_cleanup(); ::CRYPTO_cleanup_all_ex_data(); return EXIT_SUCCESS; } - end of main.cpp - Which is compiled with: cl /Fomain.obj /c main.cpp /TP /EHsc /MT /nologo /Ithird-party\install\x64\include link /nologo /OUT:crash.exe /LIBPATH:third-party\install\x64\lib libeay32.lib user32.lib gdi32.lib advapi32.lib main.obj I tried this sample code with all of the /MD, /MT, /MDd, /MTd variants without success. The code seems to run fine on Linux and OSX (using gcc clang). Here is the stacktrace I'm getting when the heap corruption occurs: openssl_crash.exe!free(void * pBlock) Line 51 C openssl_crash.exe!CRYPTO_free(void * str) Line 440 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 172 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 160 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 160 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 160 C openssl_crash.exe!asn1_item_combine_free(ASN1_VALUE_st * * pval, const ASN1_ITEM_st * it, int combine) Line 130 C openssl_crash.exe!ASN1_item_free(ASN1_VALUE_st * val, const ASN1_ITEM_st * it) Line 73 C openssl_crash.exe!i2d_ECPKParameters(const ec_group_st * a, unsigned char * * out) Line 1010 C openssl_crash.exe!eckey_param2type(int * pptype, void * * ppval, ec_key_st * ec_key) Line 93 C openssl_crash.exe!eckey_pub_encode(X509_pubkey_st * pk, const evp_pkey_st * pkey) Line 113 C openssl_crash.exe!X509_PUBKEY_set(X509_pubkey_st * * x, evp_pkey_st * pkey) Line 101 C openssl_crash.exe!i2d_PUBKEY(evp_pkey_st * a, unsigned char * * pp) Line 211 C openssl_crash.exe!PEM_ASN1_write_bio(int (void *, unsigned char * *) * i2d, const char * name, bio_st * bp, void * x, const evp_cipher_st * enc, unsigned char * kstr, int klen, int (char *, int, int, void *) * callback, void * u) Line 357 C openssl_crash.exe!PEM_write_bio_PUBKEY(bio_st * bp, evp_pkey_st * x) Line 427 C openssl_crash.exe!main() Line 40C++ Is there anything wrong regarding my sample code ? If not, can anyone else reproduce the problem ? Is it a bug in OpenSSL ? Regards, -- Julien. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.0.2a vc++ 9 (VS 2008) 64-bit build failing
On 3/23/2015 9:51 AM, Kevin Moody wrote: Hi, My apologies if I missed a post about this already, but I'm seeing the following when running `nmake -f ms\ntdll.mak` in the vc9x64 build of openssl 1.0.2a: ... Assembling: tmp32dll\aesni-sha256-x86_64.asm tmp32dll\aesni-sha256-x86_64.asm(109) : error A2006:undefined symbol : __imp_Rtl VirtualUnwind tmp32dll\aesni-sha256-x86_64.asm(127) : error A2006:undefined symbol : $L$SEH_be gin_aesni_cbc_sha256_enc_xop tmp32dll\aesni-sha256-x86_64.asm(128) : error A2006:undefined symbol : $L$SEH_en d_aesni_cbc_sha256_enc_xop tmp32dll\aesni-sha256-x86_64.asm(129) : error A2006:undefined symbol : $L$SEH_in fo_aesni_cbc_sha256_enc_xop tmp32dll\aesni-sha256-x86_64.asm(131) : error A2006:undefined symbol : $L$SEH_be gin_aesni_cbc_sha256_enc_avx tmp32dll\aesni-sha256-x86_64.asm(132) : error A2006:undefined symbol : $L$SEH_en d_aesni_cbc_sha256_enc_avx tmp32dll\aesni-sha256-x86_64.asm(133) : error A2006:undefined symbol : $L$SEH_in fo_aesni_cbc_sha256_enc_avx NMAKE : fatal error U1077: 'c:\Program Files\Microsoft Visual Studio 9.0\VC\BIN \x86_amd64\ml64.EXE' : return code '0x1' Stop. What's odd is that this has built in my vc9x32, vc10x32, vc10x64, vc11x32, and vc11x64 build configurations. Just to rule out an environment issue, I built my previous version, 1.0.1g, within this same command prompt. Any ideas or suggestions as to what might be breaking the VS 2008 64-bit build? Has anyone seen this? Obviously, I don't know enough about this project to really debug the build much further. So, thanks in advance! Regards, Kevin Use NASM instead of MASM. AES-NI instructions are not supported under the VC++ 2008 compiler. -- Thomas Hruska Shining Light Productions Home of BMP2AVI and Win32 OpenSSL. http://www.slproweb.com/ ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users