[openssl.org #2759] SSL_read / SSL_ERROR_WANT_READ / ENOTCONN infinite loop
Type: bug report OS: iOS (but may affect other platforms, mobile in particular) OpenSSL versions: confirmed in 1.0.0.h and 1.0.1 Beta 3 Bug: int BIO_sock_non_fatal_error(int err) in crypto/bio/bss_sock.c returns 1 for ENOTCONN which causes SSL_read to return SSL_ERROR_WANT_READ. In at least some cases, ENOTCONN is fatal. In those cases, the SSL_read caller (in my case, libcurl), ends up calling SSL_read infinitely. This occurs repeatably on iOS and possibly other mobile platforms which tend to tear down socket connections if an app becomes inactive. My workaround has been simply not to include ENOTCONN in the non-fatal codes. This doesn't have any negative side effects in my testing but I'm not sure if it might in general. I don't know enough whether ENOTCONN might be validly returned before TCP handshaking has finished and if, in that case, if the flow of SSL connection creation might go through this function. If that were the case, it seems like it's going to take more significant refactoring to be able to tell from connection context whether ENOTCONN is fatal or not. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2760] possible bug report: DSA_verify() doesn't correctly account for len
/* crypto/dsa/dsatest.c */ /* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (e...@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (t...@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software *must display the following acknowledgement: *This product includes cryptographic software written by * Eric Young (e...@cryptsoft.com) *The word 'cryptographic' can be left out if the rouines from the library *being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from *the apps directory (application code) you must include an acknowledgement: *This product includes software written by Tim Hudson (t...@cryptsoft.com) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED #undef OPENSSL_NO_DEPRECATED #endif #include stdio.h #include stdlib.h #include string.h #include sys/types.h #include sys/stat.h #include ../e_os.h #include openssl/crypto.h #include openssl/rand.h #include openssl/bio.h #include openssl/err.h #include openssl/bn.h #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) { printf(No DSA support\n); return(0); } #else #include openssl/dsa.h #include openssl/hmac.h #ifdef OPENSSL_SYS_WIN16 #define MS_CALLBACK _far _loadds #else #define MS_CALLBACK #endif static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ static unsigned char seed[20]={ 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, }; static unsigned char out_p[]={ 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa, 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb, 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7, 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5, 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf, 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac, 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2, 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91, }; static unsigned char out_q[]={ 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee, 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e, 0xda,0xce,0x91,0x5f, }; static unsigned char out_g[]={ 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13, 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
Re: 1.0.0h apps/s_client.c mystery
In message 12031323361474_20200...@antinode.info on Tue, 13 Mar 2012 23:36:14 -0500 (CDT), Steven M. Schweda s...@antinode.info said: smsRecent discussions on comp.os.vms of problems with apps/s_client.c on sms VMS systems led me to poke around a little. Bearing in mind that I sms know approximately nothing about how apps/s_client.c should work, I seem sms to get the following complaint for no apparently good reason, whenever I sms try to specify a cipher: sms sms JPAKE sets cipher to PSK sms smsThe relevant code in apps/s_client.c seems to be the following: sms sms #if !defined(OPENSSL_NO_JPAKE) !defined(OPENSSL_NO_PSK) smsif (jpake_secret) sms{ smsif (psk_key) sms{ smsBIO_printf(bio_err, sms Can't use JPAKE and PSK together\n); smsgoto end; sms} smspsk_identity = JPAKE; sms} sms smsif (cipher) sms{ smsBIO_printf(bio_err, JPAKE sets cipher to PSK\n); smsgoto end; sms} smscipher = PSK; sms #endif You're right, that code looks quite odd, the following should do better, wouldn't you say? #if !defined(OPENSSL_NO_JPAKE) if (jpake_secret) { # if !defined(OPENSSL_NO_PSK) if (psk_key) { BIO_printf(bio_err, Can't use JPAKE and PSK together\n); goto end; } psk_identity = JPAKE; # endif if (cipher) { BIO_printf(bio_err, JPAKE sets cipher to PSK\n); goto end; } cipher = PSK; } #endif smsNote that the VMS builders currently enable JPAKE unconditionally, Try this before building, should make a difference: $ define OPENSSL_NO_JPAKE yes smsVMS is, by the way, another one of those systems where select() is sms good only on sockets, not on files, so a bunch of the sms Windows/MSDOS/et-al. conditionality in this and nearby modules probably sms needs to be extended to include VMS. Good point. Cheers, Richard -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Fixes to the VMS version(s) of OpenSSL
In message blu0-smtp682c83767b322d11850a9887...@phx.gbl on Mon, 12 Mar 2012 07:02:10 -0400, Neil Rieck n.ri...@sympatico.ca said: n.rieck Team, n.rieck n.rieck * A few weeks back, I discovered a problem with the command “OpenSSL s_client” which (I think) n.rieck has been broken in VMS since 2006. n.rieck * While I was only working with HP-specific OpenSSL source code kits available from the HP, the n.rieck problem still exists in the public sources available from your site. n.rieck * I have posted my changes to file “s_client.c” here: n.rieck http://www3.sympatico.ca/n.rieck/docs/openvms_notes_ssl.html#s_client-fix Glaring things, that (miss)handling of select() on VMS, isn't it (or well, VMS really misshandles select(), but that's another story)? Your fixes really don't catch it all, there's this piece of code that really is an issue: #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) #if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) else if (_kbhit()) #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif #elif defined (OPENSSL_SYS_NETWARE) else if (_kbhit()) #else else if (FD_ISSET(fileno(stdin),readfds)) #endif There's a fix in newer OpenSSL versions, with a variant for BeOS R5 that tries reading stdin in non-blocking mode to see if there's anything there... I'm just now seeing if that can be hijacked for VMS as well, in that case I think we're good to go for a back port. The first change (an extra \n) seem to be cosmetic only, or does it actually change the function in a crutial way? Considering you have marked it optional, I'll guess that it doesn't? Cheers, Richard -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.0h apps/s_client.c mystery
In message 20120314.114607.402413137.rich...@levitte.org on Wed, 14 Mar 2012 11:46:07 +0100 (CET), Richard Levitte rich...@levitte.org said: richard You're right, that code looks quite odd, the following should do richard better, wouldn't you say? Of course not... it should be as you mentioned... #if !defined(OPENSSL_NO_JPAKE) !defined(OPENSSL_NO_PSK) if (jpake_secret) { if (psk_key) { BIO_printf(bio_err, Can't use JPAKE and PSK together\n); goto end; } psk_identity = JPAKE; if (cipher) { BIO_printf(bio_err, JPAKE sets cipher to PSK\n); goto end; } cipher = PSK; } #endif -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.0h apps/s_client.c mystery
From: Richard Levitte rich...@levitte.org Of course not... it should be as you mentioned... [...] I was thinking more like: #if !defined(OPENSSL_NO_JPAKE) !defined(OPENSSL_NO_PSK) if (jpake_secret) { if (psk_key) { BIO_printf(bio_err, Can't use JPAKE and PSK together\n); goto end; } psk_identity = JPAKE; if (cipher) { if (strcmp( cipher, PSK)) { BIO_printf(bio_err, JPAKE sets cipher to PSK\n); goto end; } } else { cipher = PSK; } } #endif But, if I had a fatal message like that, I'd probably want to tell the victim what the bad cipher value was, and that JPAKE demands that it be PSK. Saying JPAKE sets cipher to PSK, and then dying without actually setting cipher to anything seems misleading to me. There's a fix in newer OpenSSL versions, with a variant for BeOS R5 that tries reading stdin in non-blocking mode to see if there's anything there... I'm just now seeing if that can be hijacked for VMS as well, in that case I think we're good to go for a back port. There are VMS-specific terminal things which can be done, but, with the existing lack of descriptive comments in this code, it's not obvious (to a non-Windows/non-BEOS programmer) what the desired behavior is in some of these places. For that matter, simply defining _functional_ macros, like, say, SELECT_WORKS_ON_FILES, and then defining _those_ based on system type, might help someone who's trying to support a new system type. The first change (an extra \n) seem to be cosmetic only, or does it actually change the function in a crutial way? Considering you have marked it optional, I'll guess that it doesn't? I know nothing, but in my playing around, the last line I got before the program got stuck was ---, with the cursor resting over the left-most -. I suspect that the extra \n was intended to get the cursor onto its own line, below the --- line. Considering how differently VMS handles terminal I/O (CR, LF, et c.), I would not bet that any of this stuff would actually look right (without some extra effort, anyway). Of course, I'm not overly fond of programs which wait for user input without putting out an obvious prompt first, so what's my opinion worth? Steven M. Schweda sms@antinode-info 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.1 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1 released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1 of our open source toolkit for SSL/TLS. This new OpenSSL version is a new feature release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1.tar.gz Size: 4453920 MD5 checksum: 134f168bc2a8333f19f81d684841710b SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907 The checksums were calculated using the following commands: openssl md5 openssl-1.0.1.tar.gz openssl sha1 openssl-1.0.1.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7 TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07 LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ== =yHMc -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.0h apps/s_client.c mystery
In message 12031409093019_20200...@antinode.info on Wed, 14 Mar 2012 09:09:30 -0500 (CDT), Steven M. Schweda s...@antinode.info said: sms From: Richard Levitte rich...@levitte.org sms sms Of course not... it should be as you mentioned... sms [...] sms smsI was thinking more like: sms sms #if !defined(OPENSSL_NO_JPAKE) !defined(OPENSSL_NO_PSK) smsif (jpake_secret) sms{ smsif (psk_key) sms{ smsBIO_printf(bio_err, sms Can't use JPAKE and PSK together\n); smsgoto end; sms} smspsk_identity = JPAKE; sms smsif (cipher) sms{ smsif (strcmp( cipher, PSK)) sms{ smsBIO_printf(bio_err, sms JPAKE sets cipher to PSK\n); smsgoto end; sms} sms} smselse sms{ smscipher = PSK; sms} sms} sms #endif That's functionally the same, isn't it? smsBut, if I had a fatal message like that, I'd probably want to tell the sms victim what the bad cipher value was, and that JPAKE demands that it sms be PSK. Saying JPAKE sets cipher to PSK, and then dying without sms actually setting cipher to anything seems misleading to me. I agree. However, JPAKE is considered experimental and should not be enabled by default (that's a mistake in the VMS build, I'm working on that right now (*)). sms There's a fix in newer OpenSSL versions, with a variant for BeOS R5 sms that tries reading stdin in non-blocking mode to see if there's sms anything there... I'm just now seeing if that can be hijacked for VMS sms as well, in that case I think we're good to go for a back port. sms smsThere are VMS-specific terminal things which can be done, but, with sms the existing lack of descriptive comments in this code, it's not obvious sms (to a non-Windows/non-BEOS programmer) what the desired behavior is in sms some of these places. For that matter, simply defining _functional_ sms macros, like, say, SELECT_WORKS_ON_FILES, and then defining _those_ sms based on system type, might help someone who's trying to support a new sms system type. ... and writing an internal application library that takes care of the diversity, yeah I'm with you there. sms The first change (an extra \n) seem to be cosmetic only, or does it sms actually change the function in a crutial way? Considering you have sms marked it optional, I'll guess that it doesn't? sms smsI know nothing, but in my playing around, the last line I got before sms the program got stuck was ---, with the cursor resting over the sms left-most -. I suspect that the extra \n was intended to get the sms cursor onto its own line, below the --- line. Considering how sms differently VMS handles terminal I/O (CR, LF, et c.), I would not bet sms that any of this stuff would actually look right (without some extra sms effort, anyway). Of course, I'm not overly fond of programs which wait sms for user input without putting out an obvious prompt first, so what's my sms opinion worth? s_client is basically supposed to work like telnet (minus the telnet features plus the ssl features), so it's not much of a surprise that it gives you as much a prompt as telnet does. I find it weird that the particular \n there would fail... isn't that something that C library is supposed to deal with properly? Of course, s_client uses BIO_printf(), but that one in turn uses the usual C library... so it's to wonder why \n wouldn't work in that particular spot. I'll have to see if I can reproduce it. -- Richard Levitte rich...@levitte.org http://richard.levitte.org/ Life is a tremendous celebration - and I'm invited! -- from a friend's blog, translated from Swedish __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL 1.0.1 released
Hello, Thank you very much for 1.0.1 release. It builds and works perfect on OpenVMS Alpha and IA64 architectures - as long I could test it. Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill not solved. Thank you. Regards, Z -Original Message- From: OpenSSL [mailto:open...@master.openssl.org] Sent: den 14 mars 2012 16:09 To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.1 released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1 released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1 of our open source toolkit for SSL/TLS. This new OpenSSL version is a new feature release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1.tar.gz Size: 4453920 MD5 checksum: 134f168bc2a8333f19f81d684841710b SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907 The checksums were calculated using the following commands: openssl md5 openssl-1.0.1.tar.gz openssl sha1 openssl-1.0.1.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7 TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07 LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ== =yHMc -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill not solved. http://www.mail-archive.com/openssl-dev@openssl.org/msg29956.html __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: 1.0.0h apps/s_client.c mystery
From: Richard Levitte rich...@levitte.org smsI was thinking more like: [...] sms if (cipher) sms { sms if (strcmp( cipher, PSK)) sms { sms BIO_printf(bio_err, sms JPAKE sets cipher to PSK\n); sms goto end; sms } sms } sms else sms { sms cipher = PSK; sms } sms } sms #endif That's functionally the same, isn't it? Not if cipher was already set to PSK before arriving here. As-was, if cipher was non-NULL, you got the fatal error. My way is intended to allow cipher to be previously set to PSK, not only unset to anything (NULL). ... and writing an internal application library that takes care of the diversity, yeah I'm with you there. With a lot of work, someone could make a regular program out of this thing. s_client is basically supposed to work like telnet (minus the telnet features plus the ssl features), so it's not much of a surprise that it gives you as much a prompt as telnet does. Does Telnet do local echoing of victim input? I find it weird that the particular \n there would fail... isn't that something that C library is supposed to deal with properly? Of course, s_client uses BIO_printf(), but that one in turn uses the usual C library... so it's to wonder why \n wouldn't work in that particular spot. I'll have to see if I can reproduce it. There's a lot of fine print. As usual, everything's complicated. Steven M. Schweda sms@antinode-info 382 South Warwick Street(+1) 651-699-9818 Saint Paul MN 55105-2547 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f What is producing that warning? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, 2012-03-14 at 19:36 +0100, Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f What is producing that warning? This is a problem of the applications (OpenSSH, postgresql,) that do not expect different versions of openssl to be ABI compatible. They compare the version that they were compiled against to the version reported by the library. They usually ignore only the patch level number (abcde...). We had to patch the version number in the library to stay constant. I suppose these applications should have the version check removed as it is not guaranteed to work anyway as the ABI of openssl depends also on the compiled-in ciphers and other compile time options. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 14:36:09 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f What is producing that warning? $ ssh-keygen -l OpenSSL version mismatch. Built against 105f, you have 1000100f -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f As far as I know, we disabled most such checks in Debian because they're not really useful. I can change the ABI without changing the version, or have the same ABI with a different version. If it's not compatible the soname should have changed. The appliation shouldn't go and second guess that it's really compatible or not. And if the soname stays the same but the ABI is not compatible, we also have ways to deal with that. Kurt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably won't work. [...] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Bruce Stephens wrote: open...@master.openssl.org (OpenSSL) writes: [...] o Preliminary FIPS capability for unvalidated 2.0 FIPS module. I note that #2741 appears not to be resolved, so if you build on Windows and use --with-fipsdir=... then that probably won't work. [...] Opps, that's something for 1.0.1a anyway... The alternative of using the FIPSDIR environment variable (you have to use that with the FIPS module anyway) should be OK though. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 17:18:19 Kurt Roeckx wrote: On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote: On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: OpenSSL version 1.0.1 released === http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. i don't see mention of ABI compat changes, and it seems to not be compatible. did someone forget to update the version string in crypto/opensslv.h ? it still says 1.0.0 ... Can you be more specific about seems to not be compatible. if the versions were compatible, there should be no warning when running apps with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: OpenSSL version mismatch. Built against 105f, you have 1000100f As far as I know, we disabled most such checks in Debian because they're not really useful. I can change the ABI without changing the version, or have the same ABI with a different version. If it's not compatible the soname should have changed. The appliation shouldn't go and second guess that it's really compatible or not. And if the soname stays the same but the ABI is not compatible, we also have ways to deal with that. i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? there was nothing in the notes that i saw, and this is a significant change in behavior from how openssl has loong operated. and it wouldn't be the first time that a new openssl release had bugs in it including forgetting to update the version number (which i've reported before) or can't even compile for some targets due to files missing from the release tarball. if, indeed, openssl has started down the enlightened ABI compatible path, then i can work on fixing relevant packages that do runtime version sanity checks such as openssh. but i haven't heard an answer in either direction as to the openssl behavior: it's a bug or it's correct behavior. -mike signature.asc Description: This is a digitally signed message part.
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme introduced with 1.0.0 is: Changes to last letter: security and bugfix only, no new features. E.g. 1.0.0-1.0.0a Changes to last number: new ABI compatible features. E.g. 1.0.0-1.0.1 Changes to middle number: major release, ABI compatibility not guaranteed. E.g. 1.0.0-1.1.0 This is the first feature release that has been done since he versioning scheme changed so there may be some issues to iron out... Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ It seems to be missing from the FTP site. -- Iain Morgan PS: Contrats (and thanks) on releasing 1.0.1! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
On Wed, Mar 14, 2012, Iain Morgan wrote: On Wed, Mar 14, 2012 at 10:09:22 -0500, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- We consider OpenSSL 1.0.1 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ It seems to be missing from the FTP site. Ooops, fixed now. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 released
I've looked at that, and the modes part is quite integral to a number of other algorithms. Supporting it being turned off is likely to be a maintainance nightmare (especially since it will seldom blow up considering most platforms today have a C compiler that supports long long). My conclusion is that we should stop trying to support compilers that don't support long long. Unfortunately for VAX, it means that we have to stop supporting that, unless you know of a compiler that supports long long on that platform. Cheers, Richard In message ed0c8ca331b65bf9ee31289d352ed04d20efff39@localhost on Wed, 14 Mar 2012 17:14:52 +0100, Arpadffy Zoltan zoltan.arpad...@scientificgames.se said: Zoltan.Arpadffy Hello, Zoltan.Arpadffy Zoltan.Arpadffy Thank you very much for 1.0.1 release. Zoltan.Arpadffy Zoltan.Arpadffy It builds and works perfect on OpenVMS Alpha and IA64 architectures - as long I could test it. Zoltan.Arpadffy Zoltan.Arpadffy Unfortunately, it is still not possible to build on VAX architecture, because the [openssl.org #2653] [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX is sill not solved. Zoltan.Arpadffy Zoltan.Arpadffy Thank you. Zoltan.Arpadffy Zoltan.Arpadffy Regards, Zoltan.Arpadffy Z Zoltan.Arpadffy Zoltan.Arpadffy -Original Message- Zoltan.Arpadffy From: OpenSSL [mailto:open...@master.openssl.org] Zoltan.Arpadffy Sent: den 14 mars 2012 16:09 Zoltan.Arpadffy To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Zoltan.Arpadffy Subject: OpenSSL 1.0.1 released Zoltan.Arpadffy Zoltan.Arpadffy -BEGIN PGP SIGNED MESSAGE- Zoltan.Arpadffy Hash: SHA1 Zoltan.Arpadffy Zoltan.Arpadffy Zoltan.ArpadffyOpenSSL version 1.0.1 released Zoltan.Arpadffy=== Zoltan.Arpadffy Zoltan.ArpadffyOpenSSL - The Open Source toolkit for SSL/TLS Zoltan.Arpadffyhttp://www.openssl.org/ Zoltan.Arpadffy Zoltan.ArpadffyThe OpenSSL project team is pleased to announce the release of Zoltan.Arpadffyversion 1.0.1 of our open source toolkit for SSL/TLS. This new Zoltan.ArpadffyOpenSSL version is a new feature release. For a complete Zoltan.Arpadffylist of changes, please see Zoltan.Arpadffy Zoltan.Arpadffyhttp://www.openssl.org/source/exp/CHANGES. Zoltan.Arpadffy Zoltan.ArpadffyThe most significant changes are: Zoltan.Arpadffy Zoltan.Arpadffy o TLS/DTLS heartbeat support. Zoltan.Arpadffy o SCTP support. Zoltan.Arpadffy o RFC 5705 TLS key material exporter. Zoltan.Arpadffy o RFC 5764 DTLS-SRTP negotiation. Zoltan.Arpadffy o Next Protocol Negotiation. Zoltan.Arpadffy o PSS signatures in certificates, requests and CRLs. Zoltan.Arpadffy o Support for password based recipient info for CMS. Zoltan.Arpadffy o Support TLS v1.2 and TLS v1.1. Zoltan.Arpadffy o Preliminary FIPS capability for unvalidated 2.0 FIPS module. Zoltan.Arpadffy o SRP support. Zoltan.Arpadffy Zoltan.ArpadffyWe consider OpenSSL 1.0.1 to be the best version of OpenSSL Zoltan.Arpadffyavailable and we strongly recommend that users of older versions Zoltan.Arpadffyupgrade as soon as possible. OpenSSL 1.0.1 is available for Zoltan.Arpadffydownload via HTTP and FTP from the following master locations (you Zoltan.Arpadffycan find the various FTP mirrors under Zoltan.Arpadffyhttp://www.openssl.org/source/mirror.html): Zoltan.Arpadffy Zoltan.Arpadffy * http://www.openssl.org/source/ Zoltan.Arpadffy * ftp://ftp.openssl.org/source/ Zoltan.Arpadffy Zoltan.ArpadffyThe distribution file name is: Zoltan.Arpadffy Zoltan.Arpadffy o openssl-1.0.1.tar.gz Zoltan.Arpadffy Size: 4453920 Zoltan.Arpadffy MD5 checksum: 134f168bc2a8333f19f81d684841710b Zoltan.Arpadffy SHA1 checksum: a6476d33fd38c2e7dfb438d1e3be178cc242c907 Zoltan.Arpadffy Zoltan.ArpadffyThe checksums were calculated using the following commands: Zoltan.Arpadffy Zoltan.Arpadffy openssl md5 openssl-1.0.1.tar.gz Zoltan.Arpadffy openssl sha1 openssl-1.0.1.tar.gz Zoltan.Arpadffy Zoltan.ArpadffyYours, Zoltan.Arpadffy Zoltan.ArpadffyThe OpenSSL Project Team. Zoltan.Arpadffy Zoltan.Arpadffy -BEGIN PGP SIGNATURE- Zoltan.Arpadffy Version: GnuPG v1.4.11 (GNU/Linux) Zoltan.Arpadffy Zoltan.Arpadffy iQEVAwUBT2CkBKLSm3vylcdZAQJv6wgAmrvhkXBB0rOI2Yt5YkgShq7BqqogFJk7 Zoltan.Arpadffy TBCHP6gR133L08e+WibwLc3HZS8eU2oAyyOYjBiTjO2Dyg5jkkslku2pyX9R8iZd Zoltan.Arpadffy vb0k/ZTuzmNO/6dDYwejbYdLjrPmTKWrcofa9GooWhiFBOzi3fbY0pAIWjHBoY07 Zoltan.Arpadffy LK8HxVzqQ+v/fg3ingqNpD5qJ6y13i4S8wzMPRL/4ox3evRSsEZ2ZTRqCfxwIbQk Zoltan.Arpadffy hZHfNL2sCZ+i/BoPKYxezhRweftDKQJtAm17femzymbQ0NVZfKi2i4kcd0GXS4Ow Zoltan.Arpadffy eaeMwpXdAGDGcj/HzaqxH1lEkKDQB+H9fo9MT2gqawjntiRt6K/oyQ== Zoltan.Arpadffy =yHMc Zoltan.Arpadffy -END PGP SIGNATURE- Zoltan.Arpadffy __ Zoltan.Arpadffy
Re: OpenSSL 1.0.1 released
On Wednesday 14 March 2012 19:23:14 Dr. Stephen Henson wrote: On Wed, Mar 14, 2012, Mike Frysinger wrote: i'm not looking for downstream workarounds here but rather the right answer. is openssl-1.0.1 expected to be ABI compatible with openssl-1.0.0 ? Yes. In brief the versioning scheme introduced with 1.0.0 is: Changes to last letter: security and bugfix only, no new features. E.g. 1.0.0-1.0.0a Changes to last number: new ABI compatible features. E.g. 1.0.0-1.0.1 Changes to middle number: major release, ABI compatibility not guaranteed. E.g. 1.0.0-1.1.0 This is the first feature release that has been done since he versioning scheme changed so there may be some issues to iron out... thanks. i've posted a report for the openssh guys. https://bugzilla.mindrot.org/show_bug.cgi?id=1991 -mike signature.asc Description: This is a digitally signed message part.