Re: A possible way to against DoS in openssl
Hi All, Openssl Developers, Anyone is considering this is good solution or a bad solution? I sent this serveral days ago,and didn't get any response. anybody please give some response! should I add some more informations? the testing steps and result? Thanks a lot for your response! Guanjun On 11/21/2011 at 05:49 PM, in message 4ECA1E9C.19D : 22 : 21801, Guan Jun He wrote: Hi, I have just produced a patch against the upstream HEAD version, to seek a way to against DoS attack in openssl itself, the logic is simple, get client's ip addressin BIO layer, and send this info to upper SSL layer; In SSL layer, according to the client ip and control policy to do control. Now, the basic data struct used is list, that's simply, but time-consuming if large amount of client accessing it concurrently. So, next step, I'm considering change to use rb-tree to gain performance, but I have not the environment to test the accurate performance. For now, I can only run a DoS attack script to simulate a DoS attack. below are the mails discussed about this issuse several days ago. On 11/16/2011 at 02:09 PM, in message 4ec3c40402169...@novprvlin0050.provo.novell.com, Guan Jun He g...@suse.com wrote: On 11/15/2011 at 10:42 PM, in message 2015154237.7dca96f4@laverne, Hanno Böckha...@hboeck.de wrote: Am Tue, 15 Nov 2011 02:48:28 -0700 schrieb Guan Jun He g...@suse.com: Add a switch to renegotiation, so that renegotiation can be controled by program. And it provides a way to programmer to implement some sort of custom throttling. Basically, this patch is produced with the background of CVE-2011-1473, the DoS against renegotiation.You guys must have known it.Maybe the patch is not that useful for some use cases.But, it's the first step, and it gives apps a easy choise to fight against DoS. And, maybe the second steps can also be done in openssl, add a simple monitor to monitor client initiatd renegotiations(for each session or just globally), and according to the monitoring result to set the renegotiation switch for a time slice.the monitor can be as simple as just a counter,I'm still seeking an efficient way to do this.And ask for comments and advices from you guys. If I understood the THC DoS, this is completely pointless. Their tool uses renegotiation, but there's absolutely nothing special about renegotiation, the attack works also with normal connections. See THC on this matter: SSL-DOS released. Some organizations already found out about this release a while ago and mistakenly identified it as an SSL-RENEGOTIATION BUG. This is not true. The tool can be modified to work without SSL-RENEGOTIATION by just establishing a new TCP connection for every new handshake. http://www.thc.org/thc-ssl-dos/ Also, there's been a lot of mixup with old and new renegotiation and wrong infos floating around. The THC DoS is not really related to that. It's not easy to find a clean way to mitigate those issues - the core problem is that a connection causes more load on the server than on the initiating client - changing that would be possible only in the TLS design. Connection limits can help (though they shouldn't be limited to renegotiation), but it's not really a nice solution. A simple renegotiation needs more actions than normal connection on the server, so it can do some help if the attacking client ask for renegotiations. For normal connections, if not do connection limits,perhaps there is no way to do control in tls itself without changing the design.And that's an issuse that any server must face to, and basically that can not be done in high layer of the protocals, but it's possible to do it in the low layer of the protocals or need info from the low layer. It would be possible only in the tcp/ip connection layers,in that layer server side can get the ip address of the client,according to that the tcp/ip layer can do control only against the attacking client. By the above tips, * client and server co-work. tls can add an item ip-address-of-the-client to the handshake protocal in client side(this can be done transparently in SSL_set_bio), and in server side tls can change to ask for client's ip address while establishing a tls connection. but this is not compatible with the tls version not added this. * do all transparently in server side. in BIO level get client's ip address, add it to the SSL struct, and send it to do subsequent process. this is compatible. the left steps are to 'monitor' the actions of each client, if decided an attack,simply take some actions to against that client, e.g. forbid that client for a time slice. Regards, Guanjun __ OpenSSL Project
[openssl.org #2646] Bug: Error building OpenSSL for Windows x64 platform with VC2008
Hi, I have downloaded openssl-1.0.0e and try to build the binaries for Windows x64 using VC2008. I open the 'Visual Studio 2008 x64 Cross Tools Command Prompt' and follow the procedure described in INSTALL.W64 1.) perl Configure VC-WIN64A seems to work ... Configured for VC-WIN64A 2.) ms\do_win64a seems to work ... 3.) nmake -f ms\ntdll.mak C:\Daten\openssl\openssl-1.0.0enmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 9.00.30729.01 Copyright (C) Microsoft Corporation. All rights reserved. Building OpenSSL perl util/copy.pl .\crypto\buildinf.h tmp32dll\buildinf.h Copying: ./crypto/buildinf.h to tmp32dll/buildinf.h perl util/copy.pl .\crypto\opensslconf.h inc32\openssl\opensslconf.h Copying: ./crypto/opensslconf.h to inc32/openssl/opensslconf.h ml64 /c /Cp /Cx /Zi /Fotmp32dll\md5-x86_64.obj tmp32dll\md5-x86_64.asm Microsoft (R) Macro Assembler (x64) Version 9.00.30729.01 Copyright (C) Microsoft Corporation. All rights reserved. Assembling: tmp32dll\md5-x86_64.asm tmp32dll\md5-x86_64.asm(8) : error A2009:syntax error in expression tmp32dll\md5-x86_64.asm(9) : error A2009:syntax error in expression tmp32dll\md5-x86_64.asm(677) : error A2009:syntax error in expression tmp32dll\md5-x86_64.asm(678) : error A2009:syntax error in expression NMAKE : fatal error U1077: 'c:\Programme\VC2008\VC\BIN\x86_amd64\ml64.EXE' : ret urn code '0x1' Stop. So the problem is in an assembly step. I have found some hints at stackoverflow.com, but they do not work for me either. They advise to 'Configure with perl Configure VC-WIN64A no-shared no-idea' When I do i this way and start the nmake with 'nmake -f ms\nt.mak', the process seems to get much further, but finally crashes with an assembly error. set ASM=ml64 /c /Cp /Cx /Zi perl crypto\md5\asm\md5-x86_64.pl tmp32\md5-x86_64.asm Use of uninitialized value in pattern match (m//) at crypto\md5\asm\md5-x86_64.p l line 115. ml64 /c /Cp /Cx /Zi /Fotmp32\md5-x86_64.obj tmp32\md5-x86_64.asm Microsoft (R) Macro Assembler (x64) Version 9.00.30729.01 Copyright (C) Microsoft Corporation. All rights reserved. Assembling: tmp32\md5-x86_64.asm tmp32\md5-x86_64.asm(8) : error A2009:syntax error in expression tmp32\md5-x86_64.asm(9) : error A2009:syntax error in expression tmp32\md5-x86_64.asm(677) : error A2009:syntax error in expression tmp32\md5-x86_64.asm(678) : error A2009:syntax error in expression NMAKE : fatal error U1077: 'c:\Programme\VC2008\VC\BIN\x86_amd64\ml64.EXE' : ret urn code '0x1' Stop. This is a x64-specific problem. We build OpenSSL successfully for Win32 according to procedures described in INSTALL.W32. Appreciate your feedback. Thanks. Lutz Weihrich Research Development Tel: +49 6251 7000 - 355 Fax: +49 6251 7000 - 140 l...@tonbeller.com TONBELLER AG Werner-von-Siemens-Str. 2 D-64625 Bensheim Germany www.tonbeller.com Register Court: District Court Darmstadt / Registration: HRB 21474 Managing Board: Rutger Hetzler (CEO), Sebastian Hetzler, Torsten Mayer Chairman of the Supervisory Board: R?diger Brand This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorised copying or dissemination of this message is strictly prohibited. Diese E-Mail enth?lt vertrauliche und/oder rechtlich gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die Weitergabe dieser E-Mail ist nicht gestattet. Hi,I have downloaded openssl-1.0.0e and try to build the binaries for Windows x64 using VC2008.I open the 'Visual Studio 2008 x64 Cross Tools Command Prompt' and follow the procedure described in INSTALL.W641.) perl Configure VC-WIN64A seems to work...Configured for VC-WIN64A2.) ms\do_win64a seems to work...3.) nmake -f ms\ntdll.makC:\Daten\openssl\openssl-1.0.0enmake -f ms\ntdll.makMicrosoft (R) Program Maintenance Utility Version 9.00.30729.01Copyright (C) Microsoft Corporation. All rights reserved.Building OpenSSLperl util/copy.pl .\crypto\buildinf.h tmp32dll\buildinf.hCopying: ./crypto/buildinf.h to tmp32dll/buildinf.hperl util/copy.pl .\crypto\opensslconf.h inc32\openssl\opensslconf.hCopying: ./crypto/opensslconf.h to inc32/openssl/opensslconf.hml64 /c /Cp /Cx /Zi /Fotmp32dll\md5-x86_64.obj tmp32dll\md5-x86_64.asmMicrosoft (R) Macro Assembler (x64) Version 9.00.30729.01Copyright (C) Microsoft Corporation. All rights reserved.Assembling: tmp32dll\md5-x86_64.asmtmp32dll\md5-x86_64.asm(8) : error A2009:syntax error in _expression_tmp32dll\md5-x86_64.asm(9) : error A2009:syntax error in _expression_tmp32dll\md5-x86_64.asm(677) : error A2009:syntax error in _expression_tmp32dll\md5-x86_64.asm(678) : error A2009:syntax
[openssl.org #2647] OPENSSL_ia32cap problem regarding reading/writing in 1.0.1-stable and HEAD
Hi, In CVS OPENSSL_1_0_1-stable branch, on a ILP32 target (where sizeof(long) == 4), the function OPENSSL_ia32cap_loc() is clearing upper bits of capability vector which disable support for SSE3, AES-NI, etc... See http://www.openssl.org/docs/crypto/OPENSSL_ia32cap.html for more information. In crypto/crypto.h: unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) In crypto/cryptlib.c: unsigned int OPENSSL_ia32cap_P[2]; unsigned long *OPENSSL_ia32cap_loc(void) { if (sizeof(long)==4) /* * If 32-bit application pulls address of OPENSSL_ia32cap_P[0] * clear second element to maintain the illusion that vector * is 32-bit. */ OPENSSL_ia32cap_P[1]=0; return (unsigned long *)OPENSSL_ia32cap_P; } A user program not reading/writing OPENSSL_ia32cap before using other encryption, decryption or digest functions would benefit from SSE3, AES-NI and such if available. But after calling the function, those support would be disabled. In CVS HEAD, the problem does not exist. OPENSSL_ia32cap_loc() returns a pointer to int instead of a pointer to long (this is an ABI change between 1.0.1 and HEAD), and doesn't clear upper bits. In crypto/crypto.h: unsigned int *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0]) In crypto/cryptlib.c: extern unsigned int OPENSSL_ia32cap_P[2]; unsigned int *OPENSSL_ia32cap_loc(void) { return OPENSSL_ia32cap_P; } The solution currently in HEAD is not perfect since it doesn't allow user program to read upper bits of the capability vector. Worse, it doesn't allow it to write upper bits of the vector, for example to disable some capabilities. I think that a better way to expose capabilities to user program would be an array and a count/length: In crypto/crypto.h: extern unsigned int *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (OPENSSL_ia32cap_loc()) extern unsigned int OPENSSL_ia32cap_cnt(void); #define OPENSSL_ia32cap_cnt (OPENSSL_ia32cap_cnt()) In crypto/cryptlib.c: #define OPENSSL_ia32cap_CNT 2 extern unsigned int OPENSSL_ia32cap_P[OPENSSL_ia32cap_CNT]; unsigned int *OPENSSL_ia32cap_loc(void) { return OPENSSL_ia32cap_P; } unsigned int OPENSSL_ia32cap_cnt(void) { return OPENSSL_ia32cap_CNT; } Regards -- Yann Droneaud __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2648] Bug report: error in openssl-1.0.0e/crypto/bn/asm/x86-mont.pl
Hello, It looks like a bug inopenssl-1.0.0e x86 (Windows, Linux, etc.): functions BN_mod_mul and BN_mod_mul_mongomery sometimes (very rarely) yield different results when squaring (multiplication at the same time works fine). Compile time options include -DOPENSSL_BN_ASM_MONT, ie the assembler code produced by crypto/bn/asm/x86-mont.pl is used. For example: BN_mod_mul (right): 8C7C5B150FB3A60BAEFFCDA2D051580F557DCB07A9F6154703148CB2DED90ACD ^ 2 mod FD97 = AEE8FA51C255352180017E30FBA665CEC9EB4475D454D33B847E8F096613FDD9 BN_mod_mul_montgomery (wrong): 8C7C5B150FB3A60BAEFFCDA2D051580F557DCB07A9F6154703148CB2DED90ACD ^ 2 mod FD97 = 39134C78C255352180017E30FBA665CEC9EB4475D454D33B847E8F096613FEF5 --- Sincerely yours, Victor M. Timakov __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2649] 'make' or 'make install' failed when in another Makefile
I’m building nginx with openssl 1.0.1-stable-SNAPSHOT-2020 There is a target like this in the Makefile of nginx: openssl-1.0.1/.openssl/include/openssl/ssl.h: objs/Makefile cd openssl-1.0.1 \ $(MAKE) clean \ ./config --prefix=/home/weiyue/rpmbuild/BUILD/tengine-ssl-1.0.8/openssl-1.0.1/.openssl no-shared no-threads \ $(MAKE) \ $(MAKE) install LIBDIR=lib Remove “ $(MAKE) clean \”, but the target will fail to make, however it can be done successfully under command line Openssl 0.9.8 will not act like this. This email (including any attachments) is confidential and may be legally privileged. If you received this email in error, please delete it immediately and do not copy it or use it for any purpose or disclose its contents to any other person. Thank you. ???(??)?? I??m building nginx with openssl 1.0.1-stable-SNAPSHOT-2020 There is a target like this in the Makefile of nginx: openssl-1.0.1/.openssl/include/openssl/ssl.h: objs/Makefile cd openssl-1.0.1 \ $(MAKE) clean \ ./config --prefix=/home/weiyue/rpmbuild/BUILD/tengine-ssl-1.0.8/openssl-1.0.1/.openssl no-shared no-threads \ $(MAKE) \ $(MAKE) install LIBDIR=lib Remove ?? $(MAKE) clean \??, but the target will fail to make, however it can be done successfully under command line Openssl 0.9.8 will not act like this. This email (including any attachments) is confidential and may be legally privileged. If you received this email in error, please delete it immediately and do not copy it or use it for any purpose or disclose its contents to any other person. Thank you. ??(??)???露???
[openssl.org #2647] OPENSSL_ia32cap problem regarding reading/writing in 1.0.1-stable and HEAD
The problem of the upper capability bytes is also affecting OPENSSL-1.0.0-stable, see [openssl.org #2176] http://rt.openssl.org/Ticket/Display.html?id=2176 Regards. -- Yann Droneaud __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org