Re: [openssl.org #1162] add a discover-server-ciphers to s_client
[ I resend this message in case someone else at the openssl-dev list is interested in my reply. The message was originally blocked by SpamCop at openssl.org mail server. I hope my mail relay is off the SpamCop list by now. ] via RT [EMAIL PROTECTED] writes: However, it would be great to allow openssl diagnostically to discover the entire cipher-list a server accepts, i.e. it would iterate through all its ciphers and attempt to perform a handshake and only print out the ciphers where that succeeded. I have written a stand-alone tool for doing this. You can download the source code from URL: http://www.pvv.ntnu.no/~josteitv/papers/ssl_vuln_code.tar.gz if you are interested. The file you want to look at is sslciphercheck.c. -- Jostein Tveit [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl-0.9.8-beta6 tested ok on Solaris 8 cc (32+64 bit) and gcc 2.95.3 (32 bit)
openssl-0.9.8-beta6 compiled and tested ok on the following combinations: - Solaris 8 SPARC cc: Sun C 5.7 2005/01/07 32-bit (./Configure solaris-sparcv9-cc shared) - Solaris 8 SPARC cc: Sun C 5.7 2005/01/07 64-bit (./Configure solaris64-sparcv9-cc shared) - Solaris 8 SPARC gcc 2.95.3 32-bit (./Configure solaris-sparcv9-gcc shared) -- Jostein Tveit [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl-0.9.8-beta5 solaris64-sparcv9-cc make test fails
Solaris /dev/random patch is installed. $ uname -a SunOS bid-dev22 5.8 Generic_117350-08 sun4u sparc SUNW,Sun-Fire-V240 $ cc -V cc: Sun C 5.7 2005/01/07 $ ./Configure solaris64-sparcv9-cc shared $ make test [...] Generate and certify a test certificate make a certificate request using 'req' rsa Generating a 512 bit RSA private key ... ... writing new private key to 'keyCA.ss' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Dodgy CA convert the certificate request into a self signed certificate using 'x509' unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). Signature ok subject=3D/C=3DAU/O=3DDodgy Brothers/CN=3DDodgy CA Getting Private key 23545:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html 23545:error:04088003:rsa routines:RSA_setup_blinding:BN lib:rsa_lib.c:407: 23545:error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error:rsa_eay.c:364: 23545:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:276: error using 'x509' to self sign a certificate request make[1]: *** [test_ss] Error 1 make[1]: Leaving directory `/opt/home/jtv/apps/openssl-0.9.8-beta5/test' make: *** [tests] Error 2 -- Jostein Tveit [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl-0.9.8-beta3, Sun Forte compiler, 64-bit Solaris 8, core dump and RNG error.
Hi, OpenSSL developers.
I try to compile openssl-0.9.8-beta3 on Solaris 8, using 64-bit
Sun Forte compiler (cc: Sun C 5.7 2005/01/07)
When doing 'make test' I get a core dump. But after applying a
simple patch, I am unable to track down the bug any further.
The Solaris PRNG patch 112438 (as mentioned in the FAQ) is
installed.
$ ./Configure solaris64-sparcv9-cc shared
$ make
$ make test
[...]
-
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Dodgy CA
convert the certificate request into a self signed certificate
using 'x509'
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a
file that
'random' data can be kept in (the file will be overwritten).
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
Getting Private key
Segmentation Fault - core dumped
error using 'x509' to self sign a certificate request
make[1]: *** [test_ss] Error 1
make[1]: Leaving directory
`/opt/home/jtv/apps/openssl-0.9.8-beta3/test'
make: *** [tests] Error 2
core dump stack trace:
program terminated by signal SEGV (no mapping at the fault
address)
0x7f0af3cc: BN_BLINDING_set_thread_id+0x0004: stx
%o1, [%o0 + 32]
(dbx) where
=[1] BN_BLINDING_set_thread_id(0x0, 0x5b0c, 0x1001dcca0, 0x0,
0x7f2881d8, 0x30), at 0x7f0af3cc
[2] RSA_setup_blinding(0x0, 0x1001eb000, 0x1001eb000, 0x1b87c4,0x0,
0x1001dcc10), at 0x7f0cfc44
[3] RSA_eay_private_encrypt(0x0, 0x1001aeaf0, 0x1001eb000,0x1001dcd00, 0x1,
0x1001e91a0), at 0x7f0cd6b8
[4] RSA_sign(0x1001aeaf0, 0x7fffdf70, 0x23,0x1001ea470,
0x7fffe0ac, 0x1001dcd00), at0x7f0d007c
[5] EVP_SignFinal(0x7fffe088, 0x1001ea470,0x7fffe0ac,
0x100190860, 0x7fffdf70, 0x18fe9c),at 0x7f0f8414
[6] ASN1_item_sign(0x1001ea470, 0x100194620, 0x100194540,0x1001dbbf0, 0x40,
0x100190860), at 0x7f1049e4
[7] X509_sign(0x1001ae480, 0x100190860, 0x7f2a7f50,0x100187e68,
0x15895c, 0x3c00), at 0x7f12f8ac
[8] sign(0x1001ae480, 0x100190860, 0x1e, 0x0,0x7f2a7f50, 0x5c00), at
0x100031dc0
[9] x509_main(0x2bc8, 0x719d, 0x0, 0x100169c68,0x0, 0x1001800e0),
at 0x1000310dc
[10] do_cmd(0x10017fe10, 0x10, 0x7fffed70,0x7128,
0x158ed4, 0x7fffed70), at0x100010dcc
[11] main(0x10017fe10, 0x7fffed68, 0x100176a68,0x100176a90,
0x7e7bf5f0, 0x1001d3450), at 0x100010b18
Then I applied the following patch to prevent the core dump:
diff -ur openssl-0.9.8-beta3-orig/crypto/rsa/rsa_lib.c
openssl-0.9.8-beta3-work/crypto/rsa/rsa_lib.c
--- openssl-0.9.8-beta3-orig/crypto/rsa/rsa_lib.c 2005-05-11 03:45:33.0
+
+++ openssl-0.9.8-beta3-work/crypto/rsa/rsa_lib.c 2005-06-01 12:31:33.490002000
+
@@ -402,6 +402,11 @@
ret = BN_BLINDING_create_param(NULL, e, rsa-n, ctx,
rsa-meth-bn_mod_exp,
rsa-_method_mod_n);
+ if (!ret)
+ {
+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
err:
BN_CTX_end(ctx);
And then compiled again:
$ ./Configure solaris64-sparcv9-cc shared
$ make
$ make test
[...]
convert the certificate request into a self signed certificate
using 'x509'
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a
file that
'random' data can be kept in (the file will be overwritten).
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
Getting Private key
29274:error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You
need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html
29274:error:04088041:rsa routines:RSA_setup_blinding:malloc
failure:rsa_lib.c:407:
29274:error:04066044:rsa
routines:RSA_EAY_PRIVATE_ENCRYPT:internal error:rsa_eay.c:364:
29274:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
lib:a_sign.c:276:
error using 'x509' to self sign a certificate request
make[1]: *** [test_ss] Error 1
make[1]: Leaving directory
`/opt/home/jtv/apps/openssl-0.9.8-beta3-work/test'
make: *** [tests] Error 2
It seemes to be some kind of problem with RNG seeding.
I tried to set RANDFILE, but that didn't help.
Is it possible to turn on some RNG debugging?
Regards,
--
Jostein Tveit [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1090] [BUG] Segfault in dgst signing with rsa private key
Dmitry Belyavsky via RT [EMAIL PROTECTED] writes:
I use 0.9.8-stable-SNAP-20050601 snapshot. Problem occurs on digest
signing.
This seems to be the same bug as I reported just a couple of
hours ago on openssl-dev.
(Se post with subject openssl-0.9.8-beta3, Sun Forte compiler,
64-bit Solaris 8, core dump and RNG error.)
Try to see if you get the same error as me if you apply the error
checking patch:
diff -ur openssl-0.9.8-beta3-orig/crypto/rsa/rsa_lib.c
openssl-0.9.8-beta3-work/crypto/rsa/rsa_lib.c
--- openssl-0.9.8-beta3-orig/crypto/rsa/rsa_lib.c 2005-05-11 03:45:33.0
+
+++ openssl-0.9.8-beta3-work/crypto/rsa/rsa_lib.c 2005-06-01 12:31:33.490002000
+
@@ -402,6 +402,11 @@
ret = BN_BLINDING_create_param(NULL, e, rsa-n, ctx,
rsa-meth-bn_mod_exp, rsa-_method_mod_n);
+ if (!ret)
+ {
+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
err:
BN_CTX_end(ctx);
--
Jostein Tveit [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
General PKCS#11 engine module
Hello, OpenSSL developers! Have you ever thought of making a general PKCS#11 engine module in OpenSSL? Do you see any reasons why such a module wouldn't fit in? Regards, -- Jostein Tveit [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_get_shared_ciphers question
Lutz Jaenicke [EMAIL PROTECTED] writes: On Tue, Feb 03, 2004 at 08:41:23AM +0100, Jostein Tveit wrote: What exactly does the comment in ssl/ssl_lib.c mean: /* works well for SSLv2, not so good for SSLv3 */ char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) Its part of the protocol (SSLv3, TLSv1, ...). The client sends its list of supported ciphers, based upon which the server decides which cipher to use. The server never leaks the information about the ciphers supported. Yes, I know. So the function SSL_get_shared_ciphers can only be used on the server side. What happen if you try to use it on the client side? Does it only report one common cipher? And what exactly does the comment works well for SSLv2, not so good for SSLv3 mean? As far as I know, both SSLv2 and SSLv3/TLSv1 client hello include a list with perfered ciphers. -- Jostein Tveit ([EMAIL PROTECTED]) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_get_shared_ciphers question
A quick question about the SSL_get_shared_ciphers function. What exactly does the comment in ssl/ssl_lib.c mean: /* works well for SSLv2, not so good for SSLv3 */ char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) Are there any other ways than sending x number of client hellos with only one cipher suite to determine the shared ciphers? Thanks in advance. Regards, -- Jostein Tveit ([EMAIL PROTECTED]) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #794] BUG - BIO printf problem on HP-UX
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes:
OK, the bug is found. This is the code that causes the problem, do
you think you can spot it? A hint: the integer part will *always* be
truncated to the three least significant digits...
/* convert integer part */
do {
iconvert[iplace++] =
(caps ? 0123456789ABCDEF
: 0123456789abcdef)[intpart % 10];
intpart = (intpart / 10);
} while (intpart (iplace (int)sizeof(iplace)));
sizeof(iplace) should have been sizeof(iconvert). Since sizeof an
int most likely is 4, you will only loop 3 times.
if (iplace == sizeof iplace)
Same bug here, I think.
iplace--;
iconvert[iplace] = 0;
A bit further in the code
/* convert fractional part */
do {
fconvert[fplace++] =
(caps ? 0123456789ABCDEF
: 0123456789abcdef)[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace max);
if (fplace == sizeof fplace)
Same bug. Should probably be sizeof(fconvert), not fplace.
fplace--;
fconvert[fplace] = 0;
--
Jostein Tveit ([EMAIL PROTECTED])
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: NISCC ASN.1 test suite available ?
Goetz Babin-Ebell [EMAIL PROTECTED] writes: is the NISCC test suite that found the ASN.1 bugs in OpenSSL somewhere available ? This was the answer I got when I contacted NISCC some days after the ASN.1 bug was discovered: : NISCC has a policy of only releasing the test-suite to recognised : developers of products that provide SSL/TLS services and therefore may be : vulnerable to the generic problems discovered. Unfortunately this means : that we will not be able to release the material to you. -- Jostein Tveit ([EMAIL PROTECTED]) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
