Integration of #2578
Hi OpenSSL dev team ! Would you be able to integrate #2578 into next version of OpenSSL? http://rt.openssl.org/Ticket/Display.html?id=2578 Kris __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Integration of #2578
Hello! +1. It's a very useful feature for testing purposes. On Thu, Sep 18, 2014 at 11:31 AM, Krzysztof Kwiatkowski krzys...@leeds.pl wrote: Hi OpenSSL dev team ! Would you be able to integrate #2578 into next version of OpenSSL? http://rt.openssl.org/Ticket/Display.html?id=2578 Kris __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- SY, Dmitry Belyavsky
[openssl.org #3536] [PATCH] make locking code in load_builtin_compressions() look less scary
From 151cc7b47ebf8530c0357ddc909cea5c070fb023 Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer e...@emlix.com
Date: Thu, 18 Sep 2014 11:12:10 +0200
Subject: [PATCH] make locking code in load_builtin_compressions() look less
scary
This way it is obvious that read and write locks are not mixed.
---
ssl/ssl_ciph.c | 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 8188ff5..ffcef37 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -441,15 +441,12 @@ static int sk_comp_cmp(const SSL_COMP * const *a,
static void load_builtin_compressions(void)
{
- int got_write_lock = 0;
-
CRYPTO_r_lock(CRYPTO_LOCK_SSL);
if (ssl_comp_methods == NULL)
{
CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- got_write_lock = 1;
-
+
if (ssl_comp_methods == NULL)
{
SSL_COMP *comp = NULL;
@@ -476,10 +473,8 @@ static void load_builtin_compressions(void)
}
MemCheck_on();
}
- }
-
- if (got_write_lock)
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ }
else
CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
}
--
1.8.1.4
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
Re: Windows folks -- comment on this patch for RT 2301?
I am programming in win32 for years, still today. The patch seems relevant, compliant with MS guidelines on Bitmaps manipulations. Anyway, it is documented that other memory allocation than VirtualAlloc for use with getdibits is not safe : http://msdn.microsoft.com/en-us/library/windows/desktop/dd144879%28v=vs.85%29.aspx Personnally, I can state that on MS Windows including w8, malloc is not MT safe (while HeapAlloc is; but unfortunately I did not test with VirtualAlloc). Ok...I know that openssl itself is not MT safe today. Is Openssl_ALLOC safer than all this MS stuff ? hope so. Original code (NOT patched) had a little mistake by restoring a useless bitmap in a useless memory DC. The patch fix this. Patched and original code are just seeding the random generator with multiple hashes computed from 16 lines blocks taken from the screen : is it enough when it is not guaranteed that the screen is changing from time to time, eg on non interactive machines (servers) ? is it enough on small devices such as phones, most of the time displaying the same main screen ? Anyway, I am not an openssl expert to explain why the code is acting by computing many hashes on small block of lines of the screen, instead of computing one single hash on the complete screen: is it to save memory consumption ?not really a problem these days as screens still have limited resolution compared to the PC amount of memory... is is to get some more entropy on randomization ? not really relevant to my point of view. For the screen capture method : there are alternatives, eg based on createDIBsection, that may give even more compact code and avoid questioning about OPENSSL_ALLOC. GetDibits COULD also have returned itself the proper buffer, if called 2 times, first with lpvbits at NULL and then with the first call returned value. A suggestion : on modern PC or phones, something can give much more entropy than the screen : the camera with its natural electronic noise...but using it without the consent of the user is not correct... Or the sound speakers...but not correct either... anyway, from a consent point of view, it is the same problem as capturing the PC screen without the consent of the user. **WCE : The patched code, as the original, are NOT WCE compatible : for WCE, all the routine is empty'ed...is it a good behavior ?...I do not think so... If needed I CAN offer a WCE version. Yours sincerely Pierre Delaage Le 14/09/2014 21:05, Salz, Rich a écrit : Any input from Windows folks on the attached? -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me mailto:rs...@jabber.me Twitter: RichSalz
Re: Windows folks -- comment on this patch for RT 2301?
I meant in fact that calling two times getdibits could have given the necessary info to, then, allocate the proper buffer, instead of using getobject. Getdibits does not return a new pointer by itself. Sorry for the mistake. Le 18/09/2014 12:49, Pierre DELAAGE a écrit : GetDibits COULD also have returned itself the proper buffer, if called 2 times, first with lpvbits at NULL and then with the first call returned value. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3535] TS high-precision time malformation - demo
Quick demonstration - doing a statistics on first
decimal place digit of large number of time-stamps:
- sample output:
...
### BEFORE:
0: 0% --- !
1:11%
2:11%
3:11%
4:10%
5:11%
6:11%
7:12%
8:12%
9:11%
### AFTER:
0:10%
1:10%
2:10%
3:10%
4:10%
5:10%
6:10%
7:10%
8:10%
9:10%
- script:
#!/bin/sh
cp apps/openssl.cnf /tmp/ossl.cnf
cat EOF /tmp/ossl.cnf
[ tsa_test ]
basicConstraints=CA:TRUE
extendedKeyUsage=critical,timeStamping
[ tsr_test ]
clock_precision_digits = 6
serial = /tmp/serial
default_policy = 2.999.0
digests = sha1
EOF
openssl req -x509 -newkey rsa:2048 -config /tmp/ossl.cnf -nodes -batch \
-extensions tsa_test -out /tmp/tsa_.pem -keyout /tmp/tsa_.pem
for ossl in openssl /usr/local/ssl/bin/openssl; do
[ $ossl = openssl ] echo ### BEFORE: || echo ### AFTER:
for i in `seq 1 2000`; do
$ossl ts -reply -config /tmp/ossl.cnf -queryfile /tmp/x.tsq \
-signer /tmp/tsa_.pem -inkey /tmp/tsa_.pem -section tsr_test \
| openssl ts -reply -in /dev/stdin -text \
| grep '^Time stamp'
done 2/tmp/osslerr.out | perl -ne \
'/\.(\d)/;$h{$1}++}{for(0..9){printf%i:%2.f%%\n,$_,100*$h{$_}/$.}'
done
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[openssl.org #3535] TS high-precision time malformation - demo fix
There is one missing step in the script above: echo foo | openssl ts -query -out /tmp/x.tsq (to be added e.g. below the EOF line) Michal Bozon __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: Integration of #2578
It's too late for 1.0.2, which is in feature-freeze and only getting bugfixes. But I'll put it in my branch on github for inclusion in the next release after. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #3535] TS high-precision time malformation - demo
The default time comes from the gettimeofday() system call (see def_time_cb in
ts_rsp_sign.c).
I don't see any openssl bug here.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-
d...@openssl.org] On Behalf Of Michal Bozon via RT
Sent: Thursday, September 18, 2014 7:55 AM
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3535] TS high-precision time malformation - demo
Quick demonstration - doing a statistics on first decimal place digit of large
number of time-stamps:
- sample output:
...
### BEFORE:
0: 0% --- !
1:11%
2:11%
3:11%
4:10%
5:11%
6:11%
7:12%
8:12%
9:11%
### AFTER:
0:10%
1:10%
2:10%
3:10%
4:10%
5:10%
6:10%
7:10%
8:10%
9:10%
- script:
#!/bin/sh
cp apps/openssl.cnf /tmp/ossl.cnf
cat EOF /tmp/ossl.cnf
[ tsa_test ]
basicConstraints=CA:TRUE
extendedKeyUsage=critical,timeStamping
[ tsr_test ]
clock_precision_digits = 6
serial = /tmp/serial
default_policy = 2.999.0
digests = sha1
EOF
openssl req -x509 -newkey rsa:2048 -config /tmp/ossl.cnf -nodes -batch \
-extensions tsa_test -out /tmp/tsa_.pem -keyout /tmp/tsa_.pem
for ossl in openssl /usr/local/ssl/bin/openssl; do
[ $ossl = openssl ] echo ### BEFORE: || echo ### AFTER:
for i in `seq 1 2000`; do
$ossl ts -reply -config /tmp/ossl.cnf -queryfile /tmp/x.tsq \
-signer /tmp/tsa_.pem -inkey /tmp/tsa_.pem -section tsr_test \
| openssl ts -reply -in /dev/stdin -text \
| grep '^Time stamp'
done 2/tmp/osslerr.out | perl -ne \
'/\.(\d)/;$h{$1}++}{for(0..9){printf%i:%2.f%%\n,$_,100*$h{$_}/$.}'
done
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
RE: [openssl.org #3535] TS high-precision time malformation - demo
Jeremy Farrell was kind enough off-list to provide me with a clue :) There is a bug in openssl formatting. :��IϮ��r�m (Z+�7�zZ)���1���x ��hW^��^��%�����jם.+-1�ځ��j:+v���h�
Re: [openssl.org #3333] [PATCH] Revert Make Makefiles OSF-make-friendly.
On Tue 16 Sep 2014 08:15:37 Andy Polyakov via RT wrote: This reverts commit d1cf23ac86c05b22b8780e2c03b67230564d2d34. When gcc is given a .s file and told to preprocess it, it outputs nothing. Since gcc targets are more common/important than OSF, revert it and let the original submitter sort out the problem. URL: https://bugs.gentoo.org/499086 --- alphacpuid.s:alphacpuid.pl - (preproc=/tmp/.$@; trap rm $$preproc INT; \ - $(PERL) alphacpuid.pl $$preproc \ - $(CC) -E $$preproc $@ rm $$preproc) + $(PERL) $ | $(CC) -E - | tee $@ /dev/null Can you confirm that preproc=/tmp/.$@.S in original snippet solves the problem? i don't understand what you mean. the code as written in the tree does not work with gcc. preproc will expand into /tmp/pid.alphacpuid.s, and since gcc will skip .s files with -E, you get no output. But if you name the file /tmp/pid.alphacpuid.s.S, then it should work. Because gcc driver looks at last extension, right? sorry, missed the .S suffix in all the noise :) i'd also highlight that relying on the pid # to give you a global unique tmp file is very very broken. it's easy for malicious people to clobber, and it's not even unique on modern Linux systems with pid namespaces. it should really just write it to $@.tmp instead and then do `mv $@ $@.tmp`. OK, preproc=$@.S then. Can you confirm that it works? that seems to work -mike signature.asc Description: This is a digitally signed message part.
[openssl.org #2301] Re: Slow crypto initialization.
Fixed in master and 1.0.2 OpenSSL_1_0_2-stable 5015a93 RT2301: GetDIBits, not GetBitmapBits in rand_win master 99b00fd RT2301: GetDIBits, not GetBitmapBits in rand_win Author: Jake Goulding gould...@vivisimo.com Date: Fri Sep 5 11:13:23 2014 -0400 RT2301: GetDIBits, not GetBitmapBits in rand_win GetDIBits has been around since Windows2000 and BitBitmapBits is an old Win16 compatibility function that is much slower. Reviewed-by: Tim Hudson t...@openssl.org ; -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3530] Problems measuring openssl speed
On Wed Sep 17 21:41:01 2014, beld...@gmail.com wrote: Hello Matt, the improved patch is attached. It uses the EVP_DigestSign* API instead of EVP_digest and does not modify any header files. Thank you! Hi Dmitry There are still some significant problems with this patch as it is currently written. We don't really want to have lots of engine specific code within the apps. Ideally we should be writing for the generic case...and then it should just work (or at least with a bare minimum of tweaking) for an engine specific implementation. By writing this just for gost-mac, I think you are making assumptions about how things work generally. As I said in my previous response I would write this for HMAC/CMAC first, and then extend to gost-mac as required. I'm not convinced that the overloading of the evp option to do lots of different things is going to work out too well. Its already overloaded to handle ciphers and digests...and the code tries to work out which one you have supplied. You are overloading it further (but your approach only works for one mac). It could probably be made to work...but only after jumping through various hoops to get there. I'm also not convinced that you are timing the right thing. You are setting up the context, generating a new mac key, freeing the key and freeing the context all within the timing loop...which doesn't seem right. For all of the above reasons I am rejecting this patch at the current time. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN
Dong a spot-check, it looks like this code was integrated by Ben and maybe others. closing ticket. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3291] Resolved: Patch/enhancement to CA.pl script
Thanks for taking into consideration my small contribution. I guess this will also impact on an update of the documentation. 2014-09-08 17:22 GMT+02:00 Rich Salz via RT r...@openssl.org: According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3528] [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is an example of how it could be used (in my TLS terminator): https://github.com/indutny/bud/compare/master...feature/async-key-ex Basically, if you have ever used async SSL API, you should be aware of things like: SSL_ERROR_WANT_READ SSL_ERROR_WANT_WRITE In addition to these two, my patch adds: SSL_ERROR_WANT_SIGN SSL_ERROR_WANT_RSA_DECRYPT If one of these is returned - you may get the data that should be signed/decrypted with: SSL_get_key_ex_data() SSL_get_key_ex_len() Get the key type (in case of SIGN): SSL_get_key_ex_type() // Returns EVP_PKEY_RSA, EVP_PKEY_ECC And get signature digest nid with: SSL_get_key_ex_md() Please be aware of the fact that `md` could be `NID_md5_sha1`, take a look at bud's code to figure out what should be done in this case (basically, you'll need to use raw `RSA_decrypt_private()`). After performing sign/decrypt (which could happen in other thread, or on a different server) you should call: SSL_supply_key_ex() to supply the result and continue handshake process. At this point `SSL_read()`/`SSL_write()` will start returning proper values. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUG2D2AAoJENcGPM4Zt+iQJdoQAKZxbcGpzHFktSbU3uDocy3R fywWmqkYnoJ5jWF3xn4Excv4dAGhMfb/7tm9nt9zyV8g0Qsu8ChqWTl+kgK+hj9o mV+3jhqPDWR2VhmAC3J5ZsCpNm3IW/iNgGiU+u/k9N2i0WHjYSoTHM/NooN5GIu2 KKhNXPw1Y05yxOZWmbUInMl/uscGWDtzylRNyJpfLFFu3JDQy1sBTKD6UAZC5ERY 7LUZ1TqVdk1DPY3Tf/j4IaB9Ds9teGLGj63J8upJhDjWHibFzV5bx6X+FjknUB9M xaebV4yfHZNRHseBu2ZqTQ2f2MNnXVisdzJRX6oyYeyq872MsJjAFhbFhFTi0sTI T8Y9n8cjuctbn+zTISVyVqEEBl8udWTY1t14SJ9lNcdU3xAf9OzEBVdORpUDqFl+ zteRC145o7gs7mEtJjyBpy8mhXB3mc13ZkC2qaJIyqkqAPODu/xlqCga7oaogHNy Q2wy0HUeX69Ra0ada3TcJQgB14qESj3Uvq1hcgFk7SEXBxkU5NJ2OcItvU1+emd7 hRlQvDqiiQcK9WgsdOIKZpovtT3FswhsIy0Tv77Nx9PY04urOTEgmhPJHveCJOQq i0apvI09YgimXs4Sd5h3rs9TsKrDtG0BG0jM1zfo5zbcKE2IbMpmzOc84MxkwUSl tPV48uw46UVpu4zOOByM =zJGs -END PGP SIGNATURE- On Sat, Sep 13, 2014 at 10:59 PM, Fedor Indutny fe...@indutny.com wrote: Here is an additional patch, to expose the type of key that should be used for a signature. On Thu, Sep 11, 2014 at 10:59 AM, Fedor Indutny via RT r...@openssl.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello devs! Here is a patch that implements asynchronous RSA key operation mode for a TLS/SSL implementation in OpenSSL. Here is some technical info about it: Support async RSA exchange by providing new SSL_want_rsa_sign(), SSL_want_rsa_decrypt() API methods. After getting such want values - SSL_supply_key_ex_data() should be invoked to continue handshake with a sign/decrypt data that was received from the remote server. - --- ssl/s3_srvr.c | 398 - ssl/ssl.h | 28 ssl/ssl3.h | 6 + ssl/ssl_lib.c | 31 - ssl/ssl_locl.h | 2 + ssl/ssl_rsa.c | 24 ++-- ssl/ssltest.c | 116 - test/testssl | 6 + 8 files changed, 475 insertions(+), 136 deletions(-) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUEWeCAAoJENcGPM4Zt+iQPcoP/0R9wJz0gvqi5QFiGiAyOXyD uWWB+lkGlB4r6AOhu1D02tQaQTaiRhSO3theSMOCZ4fQ+BMqZdyk37zq/6Z/rjnJ jkd062SgYeh8WCvoJSoNF+gSeDgM/WnWw2q6R1Ls+DuYdQstym9+VIgx3LLd0LO8 19mYHPUms0TFkzPfLqST4keHyZlLa1HzsEpdEQ8TWaU1vqqSrH6NfvPDjwwzMVWG yMOW8tM8I2WDU9V6zMm+Mr7qmU/zowwVmOnVu0Mi8wBpcpN1GvFGbN8oXispnLc/ uccrKK1l98p3wnI0uXe5SmXWB5ksaEtz6CMewZotRgKR8dluwEHqIZ1mzE4+TMxK iFDqUlCcRIjGgssGyjbHC23inwDeN1lZjOxE0G0dhzJZcYAYWJ2rWSQQGxBJJy5Z VFxaElNImDyZ9uUFUtEhzGoaAV7isC9h78anTFzJMuJLTiukHERwFPvRgU/HQPNx EG481cmnjJ2M2hyWRBrvCna8SftUPmGHczqDPD+Tt4Ry/msoZpdwEcLNossl6GcF wXoAMeV5Jg8CenVobdLDQ53G1pJCcY58Zk+Ep9Va+DqfoEsyHc+XhhApMP8B4leC R2mwi0KVL5F6NPhqJmDi1aXKtUu4A50j3yk35aJrEjQCKv3BW1gHvlL763Sve/GL CAsACbfGic+GRS52Pmo2 =f3GH -END PGP SIGNATURE-
[openssl.org #3291] Patch/enhancement to CA.pl script
Right, doc updated: commit e8185aea878a5a83712ad40a2740edc47442a1c3 Author: Rich Salz rs...@openssl.org Date: Thu Sep 18 21:45:41 2014 -0400 RT3291: Add -crl and -revoke options to CA.pl Document the new features Reviewed-by: Tim Hudson t...@openssl.org --- -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
