SNAP-20070521: -DUSE_SSL needed for imit_gost_vizir

2007-05-22 Thread Richard Chan 
I have just started to  compile SNAPs on linux-ppc (and soon 
linux-ppc64). Please let me know if it's not right to comment on SNAPs
(...too easily overtaken by CVS..), if so, this will be my last report 
on SNAP.


Anyway here goes: SNAP-20070521 on linux-ppc using ./config settings.

[Problem 1]
USE_SSL is never defined - this leads to imit_gost_vizir undeclared problem.

gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -DB_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_BN_ASM_MONT 
-DSHA1_ASM -DSHA256_ASM   -c -o gost_pmeth.o gost_pmeth.c

gost_pmeth.c: In function `pkey_gost_mac_ctrl':
gost_pmeth.c:594: error: `imit_gost_vizir' undeclared (first use in this 
function)

gost_pmeth.c:594: error: (Each undeclared identifier is reported only once
gost_pmeth.c:594: error: for each function it appears in.)
make[2]: *** [gost_pmeth.o] Error 1

Workaround: Manually declare -DUSE_SSL in Makefile CFLAG= works.

[Problem 2]
PPC assembler problem.

Using less aggressive optimization (-O2 -g instead of -O3) get
/usr/bin/perl asm/sha1-ppc.pl sha1-ppc_linux32.s
gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DB_ENDIAN -DTERMIO -O2 -g -Wall 
-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -c  -o sha1-ppc_linux32.o 
sha1-ppc_linux32.s

sha1-ppc_linux32.s: Assembler messages:
sha1-ppc_linux32.s:1101: Error: unaligned opcodes detected in executable 
segment

make[2]: *** [sha1-ppc_linux32.o] Error 1



Workaround: declare .rodata above .byte directive?

   stw 19,12(3)
   mr  10,19
   stw 20,16(3)
   mr  11,20
   addi4,4,64
   bc  17,0,.Lsha1_block_private
   blr
.rodata
.byte   
83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,80,

80,67,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,102,121,46,99,104,97
,108,109,101,114,115,46,115,101,62,0

gcc is 3.4.6 (on RHEL4 ppc64).

Thanks
Richard


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: ECDSA verify fails when digest is all zeros in 0.9.8e

2007-05-22 Thread Bodo Moeller 
On Thu, May 17, 2007 at 08:43:47AM -0700, [EMAIL PROTECTED] wrote:

 This is not a problem with the algorithm or the protocol.  It is a
 bug in the implementation.  Digest values that are zero are allowed
 by the ANSI X9.62 (and there is no special case for them) and they
 work fine in other implementations.
[...]

 compute_wNAF is at ec_mult.c:188.and is called with scalar pointing
 to a zero BIGNUM.  But compute_wNAF, either by design or by
 accident, can't deal with a scalar that is zero.

Let's say that by accident compute_wNAF was designed such that it
cannot deal with a scalar that is zero:  At least it will cleanly
signal an internal error in this special case rather than going
completely mad.

This clearly is a bug in crypto/ec/ec_mult.c; and here is a patch that
should fix it.  (This will be in the next daily snapshots.)


--- crypto/ec/ec_mult.c 14 Mar 2006 22:48:31 -  1.32.2.1
+++ crypto/ec/ec_mult.c 22 May 2007 09:03:47 -
@@ -194,6 +194,19 @@
int bit, next_bit, mask;
size_t len = 0, j;

+   if (BN_is_zero(scalar))
+   {
+   r = OPENSSL_malloc(1);
+   if (!r)
+   {
+   ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+   goto err;
+   }
+   r[0] = 0;
+   *ret_len = 1;
+   return r;
+   }
+   
if (w = 0 || w  7) /* 'signed char' can represent integers with 
absolute values less than 2^7 */
{
ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #1521] bug report

2007-05-22 Thread Dmitri Dmitrienko via RT 

- Original Message - 
From: Andy Polyakov via RT [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: openssl-dev@openssl.org
Sent: Sunday, May 20, 2007 4:42 PM
Subject: Re: [openssl.org #1521] bug report


 Title: Failed to link static openssl libraries (or non-PIC x86_64cpuid.s)
 OS: FC4
 HARDWARE: AMD x86 64bit
 OPENSSL VERSION: 0.9.8e
 OPTIONS:
 CFLAGS=-fPIC -O2 ./config no-dso no-shared no-threads
 no-zlib -fPIC -O2 --prefix=/home/dmitri/php/install

 Details:
 It worked just fine with all 0.9.7*. Since 0.9.8 an attempt to link 
 against
 static openssl like below
 gcc -shared  dbg.lo dbg_bp.lo dbg_cmd.lo dbg_net.lo dbg_ser.lo 
 dbg_prof.lo
 dbg_sec.lo
 bg_logo.lo  -L/home/dmitri/php/install/lib -lssl -lcrypto  -Wl,-rpath 
 -Wl,/home/dmitri/php/install/lib
  -Wl,-soname -Wl,dbg.so -o .libs/dbg.so

 returns with error:

 /usr/bin/ld: /home/dmitri/php/install/lib/libcrypto.a(x86_64cpuid.o):
 relocation R_X86_64_PC32 against `OPENSSL_cpuid_setup' can not be used 
 when
 making a shared object; recompile with -fPIC

Use -Bsymbolic to link your shared object, add -Wl,-Bsymbolic to your
gcc command line. In the nutshell this means that OpenSSL calls your
library makes can't be overridden by another copy of OpenSSL mapped into
application address space. Ideally you should also abstain from
exporting any OpenSSL symbols from your shared object.

One can argue whether or not this is a bug, as OPENSSL_cpuid_setup is an
internal interface and another shared object should not be able to
override it. Well, there is another way to resolve it, but not in the
context of this ticket. I'm dismissing this. A.


Hello Andy,

Thanks for the feedback on the issue.
And no, my library does not export anything that might raise any kind of 
conflicts with OPENSSL. Moreover, it works great under all other platforms, 
including FreeBSD 4.1/x86, Win32, Linux 2.4/x86, Mac OSX 10.4/powerpc. Seems 
that the problem happens under Linux2.6 (FC4)/64bit AMD or with gcc shipped 
with FC4.
Also, I have some doubts. It all worked fine with openssl 0.9.7 under the 
same platform/ditro. Do you have an idea why it did not conflict and why it 
started conflicting with 0.9.8?

I'll try to link my library with -Bsymbolic option soon.

Thanks,
Dmitri.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[PATCH] OpenSSL vs GCC 4.2.0

2007-05-22 Thread Peter Hartley 
Hi there,

Having just downloaded GCC 4.2.0 and discovered that it can't build
OpenSSL (not even in the snapshots AFAICT), I'd like to offer a possible
solution.

The earlier thread on openssl-dev explains that OpenSSL chooses to cast
the function pointers, not the parameters, to achieve type-safety; i.e.
to ensure that errors occur if the wrong types are passed to the
XYZ_of() functions.

So how about using expressions of the form
 (void*)(1 ? x : ((T*)NULL))
instead? That way, if x isn't of the right type, GCC will warn because
the ?: gets different types in the two branches. Meanwhile the function
itself is getting called with the correct types, and while OpenSSL is
still deceiving the type system, it's doing so only via function
pointers (so there's no way that the compiler, examining any one
translation unit, can tell that deception is being attempted). And the
compiler should easily spot that the condition (1) is always true, and
so generate no extra code compared to the direct, non-typesafe call.

Attached is a patch against SNAP-20070516 which lets all the tests pass
under GCC 4.2.0 (on ia32 and amd64).

Peter


--- crypto/asn1/asn1.h~	2007-04-14 19:00:19.0 +0100
+++ crypto/asn1/asn1.h	2007-05-16 14:48:27.0 +0100
@@ -329,6 +329,17 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 #define I2D_OF(type) int (*)(type *,unsigned char **)
 #define I2D_OF_const(type) int (*)(const type *,unsigned char **)
 
+#define CHECKED_D2I_OF(type, d2i) \
+((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+#define CHECKED_I2D_OF(type, i2d) \
+((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+#define CHECKED_NEW_OF(type, xnew) \
+((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+#define CHECKED_PTR_OF(type, p) \
+((void*) (1 ? p : (type*)0))
+#define CHECKED_PPTR_OF(type, p) \
+((void**) (1 ? p : (type**)0))
+
 #define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
 #define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
 #define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
@@ -914,23 +925,41 @@ int ASN1_object_size(int constructed, in
 
 /* Used to implement other functions */
 void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+
 #define ASN1_dup_of(type,i2d,d2i,x) \
-	((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+		 CHECKED_D2I_OF(type, d2i), \
+		 CHECKED_PTR_OF(type, x)))
+
 #define ASN1_dup_of_const(type,i2d,d2i,x) \
-	((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+		 CHECKED_D2I_OF(type, d2i), \
+		 CHECKED_PTR_OF(const type, x)))
 
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
 
 #ifndef OPENSSL_NO_FP_API
 void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
+
 #define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
-	((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x)
+((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+			CHECKED_D2I_OF(type, d2i), \
+			in, \
+			CHECKED_PPTR_OF(type, x)))
+
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
+
 #define ASN1_i2d_fp_of(type,i2d,out,x) \
-	((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+(ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+		 out, \
+		 CHECKED_PTR_OF(type, x)))
+
 #define ASN1_i2d_fp_of_const(type,i2d,out,x) \
-	((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+(ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+		 out, \
+		 CHECKED_PTR_OF(const type, x)))
+
 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
@@ -939,14 +968,26 @@ int ASN1_STRING_to_UTF8(unsigned char **
 
 #ifndef OPENSSL_NO_BIO
 void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
+
 #define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
-	((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x)
+((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+			  CHECKED_D2I_OF(type, d2i), \
+			  in, \
+			  CHECKED_PPTR_OF(type, x)))
+
 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
 int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
+
 #define ASN1_i2d_bio_of(type,i2d,out,x) \
-	((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+(ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+		  out, \
+		  CHECKED_PTR_OF(type, x)))
+
 #define ASN1_i2d_bio_of_const(type,i2d,out,x) \
-	((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+(ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+		  out, \
+

Segfault inside RSA_eay_private_decrypt = BN_bn2bin

2007-05-22 Thread John Rowe 
I have been having segfaults inside SSL when using the dovecot imap
server, specifically within the imap-login process. It happens from
within both 0.9.7a and 0.9.8e, but only with the Mac Mail client. The
trace, when compiled with debug/efence, is:

#0 BN_bn2bin  at bn_lib.c:651
651 *(to++)=(unsigned char)(l(8*(i%
BN_BYTES)))0xff;
#1 RSA_eay_private_decrypt
#2 RSA_private_decrypt
#3 ssl3_get_client_key_exchange
#4 ssl3_accept

The relevant line inside RSA_eay_private_decrypt is:
 j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */

The problem is that inside RSA_eay_private_decrypt
BN_num_bytes(ret);  has the value 254 whereas  the buffer length:
BN_num_bytes(rsa-n) has the value 128 (as does flen).

I'm no expert on RSA but I assume that ret is read from the client and I
suspect that Mail.app is sending invalid data. Should there not be a
test for this condition and an intelligent response? If the buffer size
is changed to the larger value will later routines be able to tell if
the resulting data is valid? I obviously have the fear that other
daemons are simply masking the problem in the classic buffer over-run
way.

I'm running 64-bit Scientific Linux 4.[34] (a RedHat Enterprise clone).
I'm assuming that the fact that integers are 32 bits but pointers 64 is
not the problem, despite the presence in bn_ctx.c of the statement:

fprintf(stderr,(%08x): , (unsigned int)ctx);  (!)

Thanks for your help

John

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Format of X509 Certificate Validity

2007-05-22 Thread Richard Kao 

Hi,

Hope someone can help me understand the validity date and time format of 
x509.


For example, when connecting to https://401k.fidelity.com/, my IE shows it's 
cert validity is

Valid from: August 30, 2006 5:00:00 PM
Valid to:August 31, 2007 4:59:59 PM

Ethereal shows the same fields of the x509 cert as:
decoded notBefore:  0   6   0  8   3   1  0   0   0   0   0  0   Z
   (hex: 30 36 30 38 33 31 30 30 30 30 30 30 5A)
decoded notAfter:0   7   0  8   3   1   2  3   5   9   5   9  Z
   (hex: 30 37 30 38 33 31 32 33 35 39 35 39 5A)

It's staightfoward that 0 6 0 8 3 match 2006 08 3*, 0 7 0 8 3 match 2007 08 
3*; 0 0 0 0 Z match 00:00, 5 9 5 9 Z match 59:59, but I found it's a bit 
confusing to decode the middle digits of notBefore and notAfter.


Any hints?
Rick

_
More photos, more messages, more storage—get 2GB with Windows Live Hotmail. 
http://imagine-windowslive.com/hotmail/?locale=en-usocid=TXT_TAGHM_migration_HM_mini_2G_0507


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Format of X509 Certificate Validity

2007-05-22 Thread Goetz Babin-Ebell 



--On May 22, 2007 16:01:41 -0700 Richard Kao [EMAIL PROTECTED] 
wrote:



Hope someone can help me understand the validity date and time format of
x509.

For example, when connecting to https://401k.fidelity.com/, my IE shows
it's cert validity is
Valid from: August 30, 2006 5:00:00 PM
Valid to:August 31, 2007 4:59:59 PM

Ethereal shows the same fields of the x509 cert as:
decoded notBefore:  0   6   0  8   3   1  0   0   0   0   0  0   Z
(hex: 30 36 30 38 33 31 30 30 30 30 30 30 5A)
decoded notAfter:0   7   0  8   3   1   2  3   5   9   5   9  Z
(hex: 30 37 30 38 33 31 32 33 35 39 35 39 5A)

It's staightfoward that 0 6 0 8 3 match 2006 08 3*, 0 7 0 8 3 match 2007
08 3*; 0 0 0 0 Z match 00:00, 5 9 5 9 Z match 59:59, but I found it's a
bit confusing to decode the middle digits of notBefore and notAfter.


The format of universalTime (time format for certificate times before 2050)
is YYMMDDHHMMSS followed by the time zone (Z means Zulu time (GMT))
IE translates that into the your local time.

Bye

Goetz

--
DMCA: The greed of the few outweights the freedom of the many


pgpan7AcUSGnr.pgp
Description: PGP signature

Re: [PATCH] OpenSSL vs GCC 4.2.0

2007-05-22 Thread Dr. Stephen Henson 
On Tue, May 22, 2007, Peter Hartley wrote:

 Hi there,
 
 Having just downloaded GCC 4.2.0 and discovered that it can't build
 OpenSSL (not even in the snapshots AFAICT), I'd like to offer a possible
 solution.
 
 The earlier thread on openssl-dev explains that OpenSSL chooses to cast
 the function pointers, not the parameters, to achieve type-safety; i.e.
 to ensure that errors occur if the wrong types are passed to the
 XYZ_of() functions.
 
 So how about using expressions of the form
  (void*)(1 ? x : ((T*)NULL))
 instead? That way, if x isn't of the right type, GCC will warn because
 the ?: gets different types in the two branches. Meanwhile the function
 itself is getting called with the correct types, and while OpenSSL is
 still deceiving the type system, it's doing so only via function
 pointers (so there's no way that the compiler, examining any one
 translation unit, can tell that deception is being attempted). And the
 compiler should easily spot that the condition (1) is always true, and
 so generate no extra code compared to the direct, non-typesafe call.
 
 Attached is a patch against SNAP-20070516 which lets all the tests pass
 under GCC 4.2.0 (on ia32 and amd64).
 

Well I'd started using inline functions which add a minimal extra overhead.
That works in a lot of places but can get seriously messy in others.

Would the compiler (or possibly other compilers) give out a warning that a
test was always true?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Format of X509 Certificate Validity

2007-05-22 Thread Richard Salz 
The Z suffix indicates GMT/UTC timezone.  You are seeing them displayed in 
your timezone.
--
STSM
Senior Security Architect
DataPower SOA Appliances

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]