OpenSSL server failure

2011-02-08 Thread Lutz Jaenicke 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi!

unfortunately the OpenSSL project has been hit by a hardware defect
(hard disk and power supply). The project hence had to be migrated to
a different server using a later version of the operating system and
tools.
Services are currently being restored:
* source code repositories have not been affected(!)
* mailing list services should now be up and running again, messages sent
  between Sunday evening and Tuesday afternoon that have not yet made
  it to the list are most likely lost.
* RT still seems to have some issues.
We apologize for any inconvenience.
Many thanks to Ralf S. Engelschall who is currently very busy on
restoring the services.

Best regards,
Lutz (on behalf of the team)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBTVFgH3iZOxScWKZtAQLM1QP/bTl9bn2cXxikm07AoVJhLv2jaZEXhdqJ
WkBYh8CTaB/FH8FK7K6NntIeyqLK/LjTolU1qpyDxeTRWfxQk/Eiv3Oy6qajJ6tX
tHWrwsKlC1mK07BmzNJnabR/YV1BIcAoCA3Y9oK/0Z4+oB3UjI/ehtnK23N9sgKn
EY3MqVk/T1Y=
=oC9H
-END PGP SIGNATURE-

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

OpenSSL 1.0.0d released

2011-02-08 Thread Bodo Moeller 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.0.0d released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.0d of our open source toolkit for SSL/TLS. This new
   OpenSSL version is a security and bugfix release. For a complete
   list of changes, please see

   http://www.openssl.org/source/exp/CHANGES.

   The most significant changes are:

  o Fix for security issue CVE-2011-0014
[http://www.openssl.org/news/secadv_20110208.txt]

   We consider OpenSSL 1.0.0d to be the best version of OpenSSL
   available and we strongly recommend that users of older versions
   upgrade as soon as possible. OpenSSL 1.0.0d is available for
   download via HTTP and FTP from the following master locations (you
   can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.0d.tar.gz
  Size: 4025484
  MD5 checksum: 40b6ea380cc8a5bf9734c2f8bf7e701e
  SHA1 checksum: 32ca934f380a547061ddab7221b1a34e4e07e8d5

   The checksums were calculated using the following commands:

openssl md5 openssl-1.0.0d.tar.gz
openssl sha1 openssl-1.0.0d.tar.gz

   Yours,

   The OpenSSL Project Team...

Mark J. Cox Nils Larsch Ulf Möller
Ralf S. Engelschall Ben Laurie  Andy Polyakov
Dr. Stephen Henson  Richard Levitte Geoff Thorpe
Lutz JänickeBodo Möller



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQCVAgUBTVGBGapYnaxaapuFAQJltgP/UWoaBO5R7WAGB3p0TBPODCU6Aaw8MroO
p4qKI7363uBnLgLGQIgS8BBar0n8QARYv4t6c7O+HR3Kn7VCix8cErUm5MkoL79n
C2YJVRKPmpuwoPkLGwC6beB1fBiwvUaJd/n+BSU5LO534QcSzF+u4UKczsGnPX72
HSA/Mzf8C6w=
=Rpu4
-END PGP SIGNATURE-


--
Bodo Moellerb...@openssl.org
OpenSSL Project http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

OpenSSL Security Advisory: OCSP stapling vulnerability

2011-02-08 Thread Bodo Moeller 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

OpenSSL Security Advisory [8 February 2011]

OCSP stapling vulnerability in OpenSSL
==

Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.

This issue applies to the following versions:
  1) OpenSSL 0.9.8h through 0.9.8q
  2) OpenSSL 1.0.0 through 1.0.0c

The parsing function in question is already used on arbitary data so no
additional vulnerabilities are expected to be uncovered by this.
However, an attacker may be able to cause a crash (denial of service) by
triggering invalid memory accesses.

The results of the parse are only availible to the application using
OpenSSL so do not directly cause an information leak. However, some
applications may expose the contents of parsed OCSP extensions,
specifically an OCSP nonce extension. An attacker could use this to read
the contents of memory following the ClientHello.

Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release,
which contains a patch to correct this issue. If upgrading is not
immediately possible, the source code patch provided in this advisory
should be applied.

Neel Mehta (Google) identified the vulnerability. Adam Langley and
Bodo Moeller (Google) prepared the fix.

Which applications are affected
- ---

Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd = 2.3.3.

Patch
- -

- --- ssl/t1_lib.c  25 Nov 2010 12:28:28 -  1.64.2.17
+++ ssl/t1_lib.c8 Feb 2011 00:00:00 -
@@ -917,6 +917,7 @@
}
n2s(data, idsize);
dsize -= 2 + idsize;
+   size -= 2 + idsize;
if (dsize  0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -955,9 +956,14 @@
}
 
/* Read in request_extensions */
+   if (size  2)
+   {
+   *al = SSL_AD_DECODE_ERROR;
+   return 0;
+   }
n2s(data,dsize);
size -= 2;
- - if (dsize  size) 
+   if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;

References
- --

This vulnerability is tracked as CVE-2011-0014.

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20110208.txt

OCSP stapling is defined in RFC 2560.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQCVAgUBTVGA/qpYnaxaapuFAQJSqAQAo3zal2kp+/ZcBcdhXnn98kuDDJaUhCqz
tG+IpnKRqQsGqprz72cOsdlB6C1pzlaLt5tofkxVlXBiAtx1Vn8YeJwQIXAj2CEi
6edgg/w+ni1hBASZBbCQUGLfAmW5tsOxp1ShxCovwh/I+7eetzuSeDfIbB+NYpz7
p3xrSBAVwTY=
=zV3P
-END PGP SIGNATURE-



--
Bodo Moellerb...@openssl.org
OpenSSL Project http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

OpenSSL Security Advisory: OCSP stapling vulnerability

2011-02-08 Thread Bodo Moeller 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

OpenSSL Security Advisory [8 February 2011]

OCSP stapling vulnerability in OpenSSL
==

Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.

This issue applies to the following versions:
  1) OpenSSL 0.9.8h through 0.9.8q
  2) OpenSSL 1.0.0 through 1.0.0c

The parsing function in question is already used on arbitary data so no
additional vulnerabilities are expected to be uncovered by this.
However, an attacker may be able to cause a crash (denial of service) by
triggering invalid memory accesses.

The results of the parse are only availible to the application using
OpenSSL so do not directly cause an information leak. However, some
applications may expose the contents of parsed OCSP extensions,
specifically an OCSP nonce extension. An attacker could use this to read
the contents of memory following the ClientHello.

Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release,
which contains a patch to correct this issue. If upgrading is not
immediately possible, the source code patch provided in this advisory
should be applied.

Neel Mehta (Google) identified the vulnerability. Adam Langley and
Bodo Moeller (Google) prepared the fix.

Which applications are affected
- ---

Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd = 2.3.3.

Patch
- -

- --- ssl/t1_lib.c  25 Nov 2010 12:28:28 -  1.64.2.17
+++ ssl/t1_lib.c8 Feb 2011 00:00:00 -
@@ -917,6 +917,7 @@
}
n2s(data, idsize);
dsize -= 2 + idsize;
+   size -= 2 + idsize;
if (dsize  0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -955,9 +956,14 @@
}
 
/* Read in request_extensions */
+   if (size  2)
+   {
+   *al = SSL_AD_DECODE_ERROR;
+   return 0;
+   }
n2s(data,dsize);
size -= 2;
- - if (dsize  size) 
+   if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;

References
- --

This vulnerability is tracked as CVE-2011-0014.

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20110208.txt

OCSP stapling is defined in RFC 2560.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQCVAgUBTVGA/qpYnaxaapuFAQJSqAQAo3zal2kp+/ZcBcdhXnn98kuDDJaUhCqz
tG+IpnKRqQsGqprz72cOsdlB6C1pzlaLt5tofkxVlXBiAtx1Vn8YeJwQIXAj2CEi
6edgg/w+ni1hBASZBbCQUGLfAmW5tsOxp1ShxCovwh/I+7eetzuSeDfIbB+NYpz7
p3xrSBAVwTY=
=zV3P
-END PGP SIGNATURE-


-- 
Bodo Moellerb...@openssl.org
OpenSSL Project http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

OpenSSL 1.0.0d released

2011-02-08 Thread Bodo Moeller 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.0.0d released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.0d of our open source toolkit for SSL/TLS. This new
   OpenSSL version is a security and bugfix release. For a complete
   list of changes, please see

   http://www.openssl.org/source/exp/CHANGES.

   The most significant changes are:

  o Fix for security issue CVE-2011-0014
[http://www.openssl.org/news/secadv_20110208.txt]

   We consider OpenSSL 1.0.0d to be the best version of OpenSSL
   available and we strongly recommend that users of older versions
   upgrade as soon as possible. OpenSSL 1.0.0d is available for
   download via HTTP and FTP from the following master locations (you
   can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.0d.tar.gz
  Size: 4025484
  MD5 checksum: 40b6ea380cc8a5bf9734c2f8bf7e701e
  SHA1 checksum: 32ca934f380a547061ddab7221b1a34e4e07e8d5

   The checksums were calculated using the following commands:

openssl md5 openssl-1.0.0d.tar.gz
openssl sha1 openssl-1.0.0d.tar.gz

   Yours,

   The OpenSSL Project Team...

Mark J. Cox Nils Larsch Ulf Möller
Ralf S. Engelschall Ben Laurie  Andy Polyakov
Dr. Stephen Henson  Richard Levitte Geoff Thorpe
Lutz JänickeBodo Möller



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQCVAgUBTVGBGapYnaxaapuFAQJltgP/UWoaBO5R7WAGB3p0TBPODCU6Aaw8MroO
p4qKI7363uBnLgLGQIgS8BBar0n8QARYv4t6c7O+HR3Kn7VCix8cErUm5MkoL79n
C2YJVRKPmpuwoPkLGwC6beB1fBiwvUaJd/n+BSU5LO534QcSzF+u4UKczsGnPX72
HSA/Mzf8C6w=
=Rpu4
-END PGP SIGNATURE-


--
Bodo Moellerb...@openssl.org
OpenSSL Project http://www.openssl.org/
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2447] possible weakness, encryption password truncation (FreeBSD 8.0; OpenSSL 0.9.8n)

2011-02-08 Thread Alan Hughes via RT 
I've attempted to trace through the source code to verify this, but I'm
not a C programmer so just ended up in knots.

When encrypting using a password it is hashed to give key and IV. It
appears and is stated in the docs that the default password hash used is
crypt style, which truncates the password to the first 8 bytes,
effectively limiting encryption strength to 64 bits at best regardless
of chosen algorithm. There appears to be no way to override the default
(except when specifically using the password hash function in
isolation). This may also impact other password based functions
(SSL/TLS, certificate/PK passwords).

Could someone familiar with the relevant parts of the source code check
this, and hopefully tell me I got myself misdirected.

Alan.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL 1.0.0d released

2011-02-08 Thread Corinna Vinschen 
On Feb  8 18:56, Bodo Moeller wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 
OpenSSL version 1.0.0d released
===

I'm missing an official release mail for 0.9.8r.  Will you create one?


Thanks,
Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL 1.0.0d released

2011-02-08 Thread Bodo Moeller 
On Tue, Feb 8, 2011 at 7:48 PM, Corinna Vinschen vinsc...@redhat.comwrote:

OpenSSL version 1.0.0d released



 I'm missing an official release mail for 0.9.8r.  Will you create one?


I wasn't planning to -- http://www.openssl.org/news/secadv_20110208.txt also
announces 0.9.8r for those using the 0.9.8 branch, but a separate
announcement for 0.9.8r doesn't seem right (or at least not using our
template claiming that this is the best version of OpenSSL available).

(Maybe we should have had a combined release announcement OpenSSL versions
1.0.0d and 0.9.8r released?)

Bodo

Re: OpenSSL 1.0.0d released

2011-02-08 Thread Corinna Vinschen 
On Feb  8 21:22, Bodo Moeller wrote:
 On Tue, Feb 8, 2011 at 7:48 PM, Corinna Vinschen vinsc...@redhat.comwrote:
 
 OpenSSL version 1.0.0d released
 
 
 
  I'm missing an official release mail for 0.9.8r.  Will you create one?
 
 
 I wasn't planning to -- http://www.openssl.org/news/secadv_20110208.txt also
 announces 0.9.8r for those using the 0.9.8 branch, but a separate
 announcement for 0.9.8r doesn't seem right (or at least not using our
 template claiming that this is the best version of OpenSSL available).
 
 (Maybe we should have had a combined release announcement OpenSSL versions
 1.0.0d and 0.9.8r released?)

Good idea.  I just think it's a good idea to have an offical release
mail for all new versions.  It's also a good thing to have the MD5 and
SHA1 checksums independently from the download area.


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL HEAD on UnixWare

2011-02-08 Thread Andy Polyakov 
 It's been a while since I attempted to build HEAD on my UnixWare 7.1.4 box
 so I gave it a try. Unfortunately it blows up on crypto/modes/ghash-x86.s
 
   cc -I.. -I../.. -I../asn1 -I../evp -I../../include  -DZLIB_SHARED 
 -DZLIB -DOPENSSL_THREADS -Kthread -DDSO_DLFCN -DHAVE_DLFCN_H -Kpentium_pro 
 -D__i386__ -O -DFILIO_H -Kalloca -DOPENSSL_BN_ASM_PART_WORDS 
 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
 -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o ghash-x86.o 
 ghash-x86.s
 UX:as: ERROR: ghash-x86.s:917:unknown directive: .word
 UX:as: ERROR: ghash-x86.s:918:unknown directive: .word
 [snip more errors]
 
 Hopefully there is a more portable way to do the assembler on ghash-x86.s

could you compile following snippet:

shor i=5;

generate assembler output with cc -S and submit it? a.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: OpenSSL HEAD on UnixWare

2011-02-08 Thread Tim Rice 
On Wed, 9 Feb 2011, Andy Polyakov wrote:

  Hopefully there is a more portable way to do the assembler on ghash-x86.s
 
 could you compile following snippet:
 
 shor i=5;
 
 generate assembler output with cc -S and submit it? a.

I'm guessing you mean short i=5;
..
.file   x.c
.version01.01
.data
.globl  i
.align  2
i:
.value  5
.type   i,object
.size   i,2
.ident  acomp: (CCS) 4.2  05/13/08 (uw714mp4.bl3h)
/REGAL  0   EXTDEF  i   2
..

-- 
Tim RiceMultitalents
t...@multitalents.net


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org