Hey people!
I'm working on fast multithreaded TLS server for node.js, and I've
encountered few problems with openssl threading support which I would like
to address with attached patches.
Please ask me if you have any questions or comments.
Cheers,
Fedor.
1.patch
Description: Binary data
Wow, indeed my first patch is useless taking in account presence of
OPENSSL_atomic_add
and locking callback. Surely, it would be good if openssl will export this
symbol, this is very important for tlsnappy since it's compiling to shared
library and non-exported symbols are not visible for it.
Hello devs,
Right now I'm doing a lot of benchmarks, trying to figure out how to make
my https server as fast as are others (for example, nginx). I've found that
somewhere between 0.9.8 and 1.0.1c ssl3_get_cert_verify has started
spending much more time than it was.
I wonder if you're aware of
your server performance with two different OpenSSL versions.
6. Share your findings.
On 5 January 2013 13:14, Fedor Indutny fe...@indutny.com wrote:
Hello devs,
Right now I'm doing a lot of benchmarks, trying to figure out how to make
my https server as fast as are others (for example
Hey guys!
I've just stumbled following flag while trying to debug node.js test
failures regarding to the `renegotiate` method that I've just added. What I
was wondering is, basically, why isn't OpenSSL sending CertificateRequest
to client if it sees that session was resumed?
Particularly, my
Hello devs!
I just found that its impossible to get error from `RAND_bytes()` if
running on default `RAND_SSLeay()` method.
There're a couple of reasons and observations, that are confirming it
(sorry for using github, its just more convenient to me):
1. `RAND_poll()` is called only once in
Hello again,
Is there any way to speed up discussion on this topic?
Cheers,
Fedor.
On Mon, Oct 21, 2013 at 3:09 PM, Fedor Indutny fe...@indutny.com wrote:
Hello devs!
I just found that its impossible to get error from `RAND_bytes()` if
running on default `RAND_SSLeay()` method.
There're
be a RAND_pseudo_bytes()
backend, and RAND_bytes() should be something more secure (considering that
it is how its described in man documentation).
Cheers,
Fedor.
On Wed, Oct 23, 2013 at 6:53 PM, Richard Könning
richard.koenn...@ts.fujitsu.com wrote:
Am 21.10.2013 13:09, schrieb Fedor Indutny
Hello!
What does `ldd /path/to/httpd` says?
Cheers,
Fedor.
On Mon, Apr 14, 2014 at 12:17 PM, LOKESH JANGIR lk.jangi...@gmail.comwrote:
Hi Team,
I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I
found the same openssl vulnerability issue with my ssl certificate. I have
So, considering that it fails to start now. Could you please verify that
`ls -la /lib64/libcrypt.so.1` is still valid?
Fedor.
On Mon, Apr 14, 2014 at 2:53 PM, LOKESH JANGIR lk.jangi...@gmail.comwrote:
Hi Rainer,
Yes, apache was running with the old library, i have moved this out, and
pkgconfig
So now should i move this libcrypt.a file to /usr/lib64 folder and rename
this as .so ?
Regards,
Lokesh Jangir
On Mon, Apr 14, 2014 at 4:31 PM, Fedor Indutny fe...@indutny.com wrote:
So, considering that it fails to start now. Could you please verify that
`ls -la /lib64
://www.akadia.com/services/ssh_test_certificate.html
Lokesh Jangir
On Mon, Apr 14, 2014 at 4:50 PM, Fedor Indutny fe...@indutny.com wrote:
Hello again!
That depends on your setup. I'd suppose that OpenSSL's default installer
should
create symlinks itself. If it did and they doesn't match
./config shared --prefix=$inst \
make
to build the shared library version i use
2014-04-14 13:34 GMT+02:00 Fedor Indutny fe...@indutny.com:
I guess you need to build it in a shared library mode. Take a look at this:
http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html .
You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Hanno!
Despite not a being an active community member, I'd like to share my
thoughts
on it, if you don't mind.
I certainly agree that this extension has a quite faulty specification and
very questionable
use. But perhaps, instead of just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
I think that to hit this function you need to match session ids hashes
first,
but it seem to be possible indeed. What would attacker be able to do if they
would know the session id? I think knowing it without knowing the master
key and other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello devs!
It has just caught my attention that `SSL_get_peer_cert_chain` does
not contain `SSL_get_peer_certificate`'s value for server, but it does for
client.
Would you mind accepting patch for fixing it?
Here are relevant lines of code:
*
DzYRzWmdfgU8KWuqmjrrK0GpzblGJMdzdpFjimR348Q1WFGks/9cM4J558GEY+jD
Jg8GUmefWPEAL/e3lWGq
=21v4
-END PGP SIGNATURE-
On Fri, Apr 18, 2014 at 3:44 AM, Fedor Indutny fe...@indutny.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello devs!
It has just caught my attention that `SSL_get_peer_cert_chain
Is there any way to get some sort of feedback on it?
I have tried submitting it to r...@openssl.org, but got not reply from the
server, and
can't see it on the website.
Cheers,
Fedor.
On Mon, Apr 21, 2014 at 8:16 PM, Fedor Indutny fe...@indutny.com wrote:
-BEGIN PGP SIGNED MESSAGE
Ok, that's what I was actually thinking about.
Thank you very much for looking at it!
On Mon, Apr 21, 2014 at 9:56 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Fri, Apr 18, 2014, Fedor Indutny wrote:
Hello devs!
It has just caught my attention that `SSL_get_peer_cert_chain` does
Hello Team!
I'd like to contribute some stuff too, let me know if I could help.
Thanks,
Fedor.
On Wed, Apr 23, 2014 at 9:17 PM, Daniel Hamacher
danielhamacher...@gmail.com wrote:
Hi OpenSSL Team,
Any suggestions on how to contribute. Are there specific requirements I
need to have?
Hello everyone!
Discovered this problem while trying to fix
https://github.com/joyent/node/issues/7704.
Attached is a fix for it.
Cheers,
Fedor.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From c6a4d5ff66cd886023f75780e876053f019ed8de Mon Sep 17 00:00:00 2001
From: Fedor Indutny fe
Bump.
On Fri, Jun 6, 2014 at 2:35 PM, Fedor Indutny fe...@indutny.com wrote:
Hello everyone!
Discovered this problem while trying to fix
https://github.com/joyent/node/issues/7704.
Attached is a fix for it.
Cheers,
Fedor.
Andy,
I'd still pull Adam's changes, at least for consistency reasons. Other
assembly files seems to be using signed comparison for the same kinds of
operations.
What do you think about it?
Cheers,
Fedor.
On Wed, Jul 2, 2014 at 9:54 PM, Andy Polyakov via RT r...@openssl.org wrote:
I'm totally willing to cooperate on this, and may have enough skills to do
it.
Do you think it could be possible for us to collaborate on this topic?
Thank you,
Fedor.
On Wed, Jul 2, 2014 at 11:08 PM, Andy Polyakov via RT r...@openssl.org
wrote:
I'd still pull Adam's changes, at least for
Heya!
I just discovered that there is no way to force OpenSSL SSL client to send
Certificate rercord if server hasn't sent CertificateRequest.
Would a patch that will this API hole be welcome? What API do you guys have
in mind?
Cheers,
Fedor.
Viktor,
Despite being a protocol violation, it is accepted by the OpenSSL's server
implementation.
But I do see now that this is indeed covered by RFC 5246. Sorry, I have
missed that line in
the Client Certificate section.
On Wed, Aug 13, 2014 at 1:48 AM, Salz, Rich rs...@akamai.com wrote:
This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and
`SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present:
* Server will ignore dummy RSA key, assuming that it is matching the
certificate.
* Server will invoke this callback with either:
* `SSL_KEY_EX_RSA`
*
Oops, just realized that I pasted whole commit message into a subject.
Anyway, CCing Rich Salz here.
Rich,
You seem to be on a wave on triaging tickets, may be you could take a look
at this one eventually?
Thank you,
Fedor.
On Sat, Aug 23, 2014 at 10:08 PM, Fedor Indutny fe...@indutny.com
it -
please let me know and I will revert everything except style changes in
that 0002 patch.
Cheers,
Fedor.
On Wed, Aug 27, 2014 at 1:05 PM, Fedor Indutny fe...@indutny.com wrote:
Oops, just realized that I pasted whole commit message into a subject.
Anyway, CCing Rich Salz here.
Rich
Oh, and I have just realized that it doesn't handle `ssl3_get_cert_verify`
case right now.
I'll figure it out tomorrow.
On Thu, Aug 28, 2014 at 2:26 PM, Fedor Indutny fe...@indutny.com wrote:
Hello again!
Here is a second patch that improves the first one. Additionally it copies
Nevermind, I just realized that it is using Client certificate there and
doesn't needs to be asyncified.
On Fri, Aug 29, 2014 at 12:54 AM, Fedor Indutny fe...@indutny.com wrote:
Oh, and I have just realized that it doesn't handle `ssl3_get_cert_verify`
case right now.
I'll figure it out
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello devs!
Here is a patch that implements asynchronous RSA key operation
mode for a TLS/SSL implementation in OpenSSL.
Here is some technical info about it:
Support async RSA exchange by providing new SSL_want_rsa_sign(),
SSL_want_rsa_decrypt()
Here is an additional patch, to expose the type of key that should be used
for a signature.
On Thu, Sep 11, 2014 at 10:59 AM, Fedor Indutny via RT r...@openssl.org
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello devs!
Here is a patch that implements asynchronous RSA key
Q2wy0HUeX69Ra0ada3TcJQgB14qESj3Uvq1hcgFk7SEXBxkU5NJ2OcItvU1+emd7
hRlQvDqiiQcK9WgsdOIKZpovtT3FswhsIy0Tv77Nx9PY04urOTEgmhPJHveCJOQq
i0apvI09YgimXs4Sd5h3rs9TsKrDtG0BG0jM1zfo5zbcKE2IbMpmzOc84MxkwUSl
tPV48uw46UVpu4zOOByM
=zJGs
-END PGP SIGNATURE-
On Sat, Sep 13, 2014 at 10:59 PM, Fedor Indutny fe...@indutny.com wrote:
Here
And an additional follow-up, with docs and refined code.
On Fri, Sep 19, 2014 at 2:48 AM, Fedor Indutny fe...@indutny.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is an example of how it could be used (in my TLS terminator):
https://github.com/indutny/bud/compare/master
Sorry for a noise, here is even better version of this patch.
Without BUF_MEM_grow() calls, which were actually useless,
and with clearer state management.
On Fri, Sep 19, 2014 at 12:30 PM, Fedor Indutny fe...@indutny.com wrote:
And an additional follow-up, with docs and refined code.
On Fri
Some fixes.
On Fri, Sep 19, 2014 at 3:27 PM, Fedor Indutny fe...@indutny.com wrote:
Sorry for a noise, here is even better version of this patch.
Without BUF_MEM_grow() calls, which were actually useless,
and with clearer state management.
On Fri, Sep 19, 2014 at 12:30 PM, Fedor Indutny fe
Hello!
I'm not a OpenSSL core developer, but anyway here are some thoughts from me.
SIGILL is totally a normal condition, as it is caught by:
https://github.com/openssl/openssl/blob/dabfbea7d91619b286e5d32ffc68ec7e5bd7e9bf/crypto/armcap.c#L96-L101
This is a part of detecting features, so if
-openssl-...@openssl.org [mailto:
owner-openssl-...@openssl.org] *On Behalf Of *Fedor Indutny
*Sent:* 10 October 2014 15:29
*To:* openssl-dev@openssl.org
*Subject:* Re: Error _armv7_tick openssl
Hello!
I'm not a OpenSSL core developer, but anyway here are some thoughts from
me.
SIGILL
Hello!
Have you seen: `openssl ciphers -v` output?
Cheers,
Fedor.
On Sun, Oct 12, 2014 at 8:13 PM, dE de.tec...@gmail.com wrote:
Hi.
I was reading the openssl ciphers command, where I would like to suggest
something for the CIPHER STRINGS.
Currently all possible cipher strings are listed
In situations like [0] the server may provide alternative certificate
chain, which is no longer valid in the current certificate store. In
fact the issuer of the leaf (or some intermediate) cert is known and
trusted, but the alternative chain certs that are sent by server are
not trusted, thus
.
On Thursday, January 15, 2015, Matt Caswell m...@openssl.org wrote:
On 15/01/15 14:21, Matt Caswell wrote:
On 15/01/15 14:13, Fedor Indutny wrote:
Hello!
During the course of deprecation of stale 1024bit CA certs,
node.js and io.js project teams have identified the problem with
how
Hello!
During the course of deprecation of stale 1024bit CA certs,
node.js and io.js project teams have identified the problem with
how OpenSSL client handles the server's certificate chain. It is
quite evident that it ignores certificate store and loads issuer
from the chain that was received.
Thank you!
On Tue, Jan 27, 2015 at 6:02 PM, Matt Caswell m...@openssl.org wrote:
On 15/01/15 17:06, Fedor Indutny wrote:
Matt,
Thank you for reply.
May I ask you when do you think your patch may land in 1.0.2 or whatever?
If this is something of your long term goals
Hello Tigran!
I was using:
https://github.com/indutny/bud/compare/master...feature/async-key-ex
For quite a long time now. It seems that you have your own solution, but
anyway posted it here in case you are interested.
Cheers!
On Tue, Mar 17, 2015 at 8:44 AM, Tigran Gyonjyan (BLOOMBERG/ 731
Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for
reporting the segfault in a first place!
On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org
wrote:
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate if it wasn't supplied. In fact, in case of
absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the
memory will be corrupted (which sometimes leads to the crash).
NOTE:
Thank you very much, Matt, Rich.
I will read through these docs tomorrow.
On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT wrote:
>
>
> On 04/02/16 06:34, Salz, Rich via RT wrote:
> > It’s late and my response was incomplete.
> > The other part has already landed in
in real situations. Just sharing some immediate
concerns with you.
Thank you,
Fedor.
On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org> wrote:
> Thank you very much, Matt, Rich.
>
> I will read through these docs tomorrow.
>
> On Thu, Feb 4, 2016 at 4:29 AM
On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote:
>
>
> On 05/02/16 22:42, Fedor Indutny wrote:
> > Matt,
> >
> > I have looked through the APIs. Will have to experiment with them
> > somewhen later to see how well they will perform, b
Rich,
Thank you for response.
There is quite a lengthy discussion on that github PR. Is there any TL;DR
version of it?
That PR's diff doesn't really look similar to changes proposed here, as I
was mostly curious about splitting the state maching to allow deferring
things until the required data
Hello Rich,
Do I need to submit updated patch separately, or was it ok to attach it to
the second email?
Thank you,
Fedor.
On Sat, Jan 30, 2016 at 7:14 PM, Rich Salz via RT wrote:
> cancelling as OP suggests.
> --
> Rich Salz, OpenSSL dev team; rs...@openssl.org
>
>
This actually sounds like a lovely idea.
See: https://github.com/openssl/openssl/pull/603
Thank you!
On Sat, Jan 30, 2016 at 8:16 PM, Salz, Rich via RT wrote:
> I closed the first ticket, so everything is okay.
> If you want to do GitHub pull requests and just open an RT to
Hello again,
Do you use renegotiation?
On Sat, Jul 16, 2016 at 3:09 AM, paladinchen(陈奇)
wrote:
> Hi,
>Thank you for your replay, how to resovle this issue or avoid it
> hanppen ? when this error occur , will reconnect to server,affect normal
> use .
>
> i think
opinion, and
I'm trying to persuade everyone here in this too :)
Thank you,
Fedor.
On Sat, Dec 10, 2016 at 2:35 PM, Alessandro Ghedini <alessan...@ghedini.me>
wrote:
> On Sat, Dec 10, 2016 at 11:13:48AM +0100, Fedor Indutny wrote:
> > This totally makes sense. Unfortunately, adding a
Thank you for feedback, though!
On Sat, Dec 10, 2016 at 11:13 AM, Fedor Indutny <fe...@indutny.com> wrote:
> This totally makes sense. Unfortunately, adding a new API method for this
> means that I'll have to re-introduce ClientHello parser in bud, and make a
> wider use of it i
This totally makes sense. Unfortunately, adding a new API method for this
means that I'll have to re-introduce ClientHello parser in bud, and make a
wider use of it in Node.js again.
On Sat, Dec 10, 2016 at 3:07 AM, Salz, Rich wrote:
> > Oh, just to restate it. I'm willing to
Hello Benjamin,
On Fri, Dec 9, 2016 at 11:24 PM, Benjamin Kaduk <bka...@akamai.com> wrote:
> On 12/09/2016 01:43 PM, Fedor Indutny wrote:
>
> Hello,
>
> During development of one feature for my TLS proxy bud, I have discovered
> that the cert_cb is invoked only for
On Fri, Dec 9, 2016 at 11:13 PM, Viktor Dukhovni <openssl-us...@dukhovni.org
> wrote:
> On Fri, Dec 09, 2016 at 09:47:19PM +0100, Fedor Indutny wrote:
>
> > > The callback is *correctly* only called when choosing the server
> > > certificate. In *that* case, it is
Oh, just to restate it. I'm willing to submit the patch if we agree on what
exactly it should do.
On Fri, Dec 9, 2016 at 11:29 PM, Fedor Indutny <fe...@indutny.com> wrote:
> Hello Benjamin,
>
> On Fri, Dec 9, 2016 at 11:24 PM, Benjamin Kaduk <bka...@akamai.com> wrote:
>
&
Hello,
During development of one feature for my TLS proxy bud, I have discovered
that the cert_cb is invoked only for newly generated tickets/sessions. The
reasoning behind this is clear, but I believe that it is most likely needs
a revision. Here is my reasoning:
The major use case is choosing
Hello Viktor!
Replying inline.
On Fri, Dec 9, 2016 at 9:28 PM, Viktor Dukhovni <openssl-us...@dukhovni.org>
wrote:
> On Fri, Dec 09, 2016 at 08:43:01PM +0100, Fedor Indutny wrote:
>
> > During development of one feature for my TLS proxy bud, I have discovered
> > tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello devs!
It has just caught my attention that `SSL_get_peer_cert_chain` does
not contain `SSL_get_peer_certificate`'s value for server, but it does for
client.
Would you mind accepting patch for fixing it?
Here are relevant lines of code:
*
Hello everyone!
Discovered this problem while trying to fix
https://github.com/joyent/node/issues/7704.
Attached is a fix for it.
Cheers,
Fedor.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From c6a4d5ff66cd886023f75780e876053f019ed8de Mon Sep 17 00:00:00 2001
From: Fedor Indutny fe
Andy,
I'd still pull Adam's changes, at least for consistency reasons. Other
assembly files seems to be using signed comparison for the same kinds of
operations.
What do you think about it?
Cheers,
Fedor.
On Wed, Jul 2, 2014 at 9:54 PM, Andy Polyakov via RT r...@openssl.org wrote:
I'm totally willing to cooperate on this, and may have enough skills to do
it.
Do you think it could be possible for us to collaborate on this topic?
Thank you,
Fedor.
On Wed, Jul 2, 2014 at 11:08 PM, Andy Polyakov via RT r...@openssl.org
wrote:
I'd still pull Adam's changes, at least for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello devs!
Here is a patch that implements asynchronous RSA key operation
mode for a TLS/SSL implementation in OpenSSL.
Here is some technical info about it:
Support async RSA exchange by providing new SSL_want_rsa_sign(),
SSL_want_rsa_decrypt()
In situations like [0] the server may provide alternative certificate
chain, which is no longer valid in the current certificate store. In
fact the issuer of the leaf (or some intermediate) cert is known and
trusted, but the alternative chain certs that are sent by server are
not trusted, thus
Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for
reporting the segfault in a first place!
On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org
wrote:
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate if it wasn't supplied. In fact, in case of
absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the
memory will be corrupted (which sometimes leads to the crash).
NOTE:
in real situations. Just sharing some immediate
concerns with you.
Thank you,
Fedor.
On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org> wrote:
> Thank you very much, Matt, Rich.
>
> I will read through these docs tomorrow.
>
> On Thu, Feb 4, 2016 at 4:29 AM
Thank you very much, Matt, Rich.
I will read through these docs tomorrow.
On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT wrote:
>
>
> On 04/02/16 06:34, Salz, Rich via RT wrote:
> > It’s late and my response was incomplete.
> > The other part has already landed in
On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote:
>
>
> On 05/02/16 22:42, Fedor Indutny wrote:
> > Matt,
> >
> > I have looked through the APIs. Will have to experiment with them
> > somewhen later to see how well they will perform, b
Rich,
Thank you for response.
There is quite a lengthy discussion on that github PR. Is there any TL;DR
version of it?
That PR's diff doesn't really look similar to changes proposed here, as I
was mostly curious about splitting the state maching to allow deferring
things until the required data
Hello Rich,
Do I need to submit updated patch separately, or was it ok to attach it to
the second email?
Thank you,
Fedor.
On Sat, Jan 30, 2016 at 7:14 PM, Rich Salz via RT wrote:
> cancelling as OP suggests.
> --
> Rich Salz, OpenSSL dev team; rs...@openssl.org
>
>
This actually sounds like a lovely idea.
See: https://github.com/openssl/openssl/pull/603
Thank you!
On Sat, Jan 30, 2016 at 8:16 PM, Salz, Rich via RT wrote:
> I closed the first ticket, so everything is okay.
> If you want to do GitHub pull requests and just open an RT to
When connecting to pool of diverse servers (both TLS1.0 and TLS1.2), a
following scenario may happen:
1. Connect to TLS1.2 server, receive new session
2. Store this session
3. Attempt to reuse it later when connecting to server
4. Connect to different server from the pool, which speaks
ket = 1` on renegotiation? Why is it DTLS-only right
now? Should this patch do anything else to reset the current
session?
Thank you very much,
Fedor.
On Sat, Jan 30, 2016 at 5:04 PM, Fedor Indutny <fe...@indutny.com> wrote:
> When connecting to pool of diverse servers (both TLS1.
78 matches
Mail list logo