OpenSSL server failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! unfortunately the OpenSSL project has been hit by a hardware defect (hard disk and power supply). The project hence had to be migrated to a different server using a later version of the operating system and tools. Services are currently being restored: * source code repositories have not been affected(!) * mailing list services should now be up and running again, messages sent between Sunday evening and Tuesday afternoon that have not yet made it to the list are most likely lost. * RT still seems to have some issues. We apologize for any inconvenience. Many thanks to Ralf S. Engelschall who is currently very busy on restoring the services. Best regards, Lutz (on behalf of the team) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBTVFgH3iZOxScWKZtAQLM1QP/bTl9bn2cXxikm07AoVJhLv2jaZEXhdqJ WkBYh8CTaB/FH8FK7K6NntIeyqLK/LjTolU1qpyDxeTRWfxQk/Eiv3Oy6qajJ6tX tHWrwsKlC1mK07BmzNJnabR/YV1BIcAoCA3Y9oK/0Z4+oB3UjI/ehtnK23N9sgKn EY3MqVk/T1Y= =oC9H -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.0d released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0d released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0d of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2011-0014 [http://www.openssl.org/news/secadv_20110208.txt] We consider OpenSSL 1.0.0d to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0d is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0d.tar.gz Size: 4025484 MD5 checksum: 40b6ea380cc8a5bf9734c2f8bf7e701e SHA1 checksum: 32ca934f380a547061ddab7221b1a34e4e07e8d5 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0d.tar.gz openssl sha1 openssl-1.0.0d.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQCVAgUBTVGBGapYnaxaapuFAQJltgP/UWoaBO5R7WAGB3p0TBPODCU6Aaw8MroO p4qKI7363uBnLgLGQIgS8BBar0n8QARYv4t6c7O+HR3Kn7VCix8cErUm5MkoL79n C2YJVRKPmpuwoPkLGwC6beB1fBiwvUaJd/n+BSU5LO534QcSzF+u4UKczsGnPX72 HSA/Mzf8C6w= =Rpu4 -END PGP SIGNATURE- -- Bodo Moellerb...@openssl.org OpenSSL Project http://www.openssl.org/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL Security Advisory: OCSP stapling vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [8 February 2011] OCSP stapling vulnerability in OpenSSL == Incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This issue applies to the following versions: 1) OpenSSL 0.9.8h through 0.9.8q 2) OpenSSL 1.0.0 through 1.0.0c The parsing function in question is already used on arbitary data so no additional vulnerabilities are expected to be uncovered by this. However, an attacker may be able to cause a crash (denial of service) by triggering invalid memory accesses. The results of the parse are only availible to the application using OpenSSL so do not directly cause an information leak. However, some applications may expose the contents of parsed OCSP extensions, specifically an OCSP nonce extension. An attacker could use this to read the contents of memory following the ClientHello. Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release, which contains a patch to correct this issue. If upgrading is not immediately possible, the source code patch provided in this advisory should be applied. Neel Mehta (Google) identified the vulnerability. Adam Langley and Bodo Moeller (Google) prepared the fix. Which applications are affected - --- Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd = 2.3.3. Patch - - - --- ssl/t1_lib.c 25 Nov 2010 12:28:28 - 1.64.2.17 +++ ssl/t1_lib.c8 Feb 2011 00:00:00 - @@ -917,6 +917,7 @@ } n2s(data, idsize); dsize -= 2 + idsize; + size -= 2 + idsize; if (dsize 0) { *al = SSL_AD_DECODE_ERROR; @@ -955,9 +956,14 @@ } /* Read in request_extensions */ + if (size 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } n2s(data,dsize); size -= 2; - - if (dsize size) + if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0; References - -- This vulnerability is tracked as CVE-2011-0014. URL for this Security Advisory: http://www.openssl.org/news/secadv_20110208.txt OCSP stapling is defined in RFC 2560. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQCVAgUBTVGA/qpYnaxaapuFAQJSqAQAo3zal2kp+/ZcBcdhXnn98kuDDJaUhCqz tG+IpnKRqQsGqprz72cOsdlB6C1pzlaLt5tofkxVlXBiAtx1Vn8YeJwQIXAj2CEi 6edgg/w+ni1hBASZBbCQUGLfAmW5tsOxp1ShxCovwh/I+7eetzuSeDfIbB+NYpz7 p3xrSBAVwTY= =zV3P -END PGP SIGNATURE- -- Bodo Moellerb...@openssl.org OpenSSL Project http://www.openssl.org/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL Security Advisory: OCSP stapling vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [8 February 2011] OCSP stapling vulnerability in OpenSSL == Incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This issue applies to the following versions: 1) OpenSSL 0.9.8h through 0.9.8q 2) OpenSSL 1.0.0 through 1.0.0c The parsing function in question is already used on arbitary data so no additional vulnerabilities are expected to be uncovered by this. However, an attacker may be able to cause a crash (denial of service) by triggering invalid memory accesses. The results of the parse are only availible to the application using OpenSSL so do not directly cause an information leak. However, some applications may expose the contents of parsed OCSP extensions, specifically an OCSP nonce extension. An attacker could use this to read the contents of memory following the ClientHello. Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release, which contains a patch to correct this issue. If upgrading is not immediately possible, the source code patch provided in this advisory should be applied. Neel Mehta (Google) identified the vulnerability. Adam Langley and Bodo Moeller (Google) prepared the fix. Which applications are affected - --- Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd = 2.3.3. Patch - - - --- ssl/t1_lib.c 25 Nov 2010 12:28:28 - 1.64.2.17 +++ ssl/t1_lib.c8 Feb 2011 00:00:00 - @@ -917,6 +917,7 @@ } n2s(data, idsize); dsize -= 2 + idsize; + size -= 2 + idsize; if (dsize 0) { *al = SSL_AD_DECODE_ERROR; @@ -955,9 +956,14 @@ } /* Read in request_extensions */ + if (size 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } n2s(data,dsize); size -= 2; - - if (dsize size) + if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0; References - -- This vulnerability is tracked as CVE-2011-0014. URL for this Security Advisory: http://www.openssl.org/news/secadv_20110208.txt OCSP stapling is defined in RFC 2560. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQCVAgUBTVGA/qpYnaxaapuFAQJSqAQAo3zal2kp+/ZcBcdhXnn98kuDDJaUhCqz tG+IpnKRqQsGqprz72cOsdlB6C1pzlaLt5tofkxVlXBiAtx1Vn8YeJwQIXAj2CEi 6edgg/w+ni1hBASZBbCQUGLfAmW5tsOxp1ShxCovwh/I+7eetzuSeDfIbB+NYpz7 p3xrSBAVwTY= =zV3P -END PGP SIGNATURE- -- Bodo Moellerb...@openssl.org OpenSSL Project http://www.openssl.org/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.0d released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0d released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0d of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2011-0014 [http://www.openssl.org/news/secadv_20110208.txt] We consider OpenSSL 1.0.0d to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0d is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0d.tar.gz Size: 4025484 MD5 checksum: 40b6ea380cc8a5bf9734c2f8bf7e701e SHA1 checksum: 32ca934f380a547061ddab7221b1a34e4e07e8d5 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0d.tar.gz openssl sha1 openssl-1.0.0d.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQCVAgUBTVGBGapYnaxaapuFAQJltgP/UWoaBO5R7WAGB3p0TBPODCU6Aaw8MroO p4qKI7363uBnLgLGQIgS8BBar0n8QARYv4t6c7O+HR3Kn7VCix8cErUm5MkoL79n C2YJVRKPmpuwoPkLGwC6beB1fBiwvUaJd/n+BSU5LO534QcSzF+u4UKczsGnPX72 HSA/Mzf8C6w= =Rpu4 -END PGP SIGNATURE- -- Bodo Moellerb...@openssl.org OpenSSL Project http://www.openssl.org/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2447] possible weakness, encryption password truncation (FreeBSD 8.0; OpenSSL 0.9.8n)
I've attempted to trace through the source code to verify this, but I'm not a C programmer so just ended up in knots. When encrypting using a password it is hashed to give key and IV. It appears and is stated in the docs that the default password hash used is crypt style, which truncates the password to the first 8 bytes, effectively limiting encryption strength to 64 bits at best regardless of chosen algorithm. There appears to be no way to override the default (except when specifically using the password hash function in isolation). This may also impact other password based functions (SSL/TLS, certificate/PK passwords). Could someone familiar with the relevant parts of the source code check this, and hopefully tell me I got myself misdirected. Alan. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0d released
On Feb 8 18:56, Bodo Moeller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0d released === I'm missing an official release mail for 0.9.8r. Will you create one? Thanks, Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0d released
On Tue, Feb 8, 2011 at 7:48 PM, Corinna Vinschen vinsc...@redhat.comwrote: OpenSSL version 1.0.0d released I'm missing an official release mail for 0.9.8r. Will you create one? I wasn't planning to -- http://www.openssl.org/news/secadv_20110208.txt also announces 0.9.8r for those using the 0.9.8 branch, but a separate announcement for 0.9.8r doesn't seem right (or at least not using our template claiming that this is the best version of OpenSSL available). (Maybe we should have had a combined release announcement OpenSSL versions 1.0.0d and 0.9.8r released?) Bodo
Re: OpenSSL 1.0.0d released
On Feb 8 21:22, Bodo Moeller wrote: On Tue, Feb 8, 2011 at 7:48 PM, Corinna Vinschen vinsc...@redhat.comwrote: OpenSSL version 1.0.0d released I'm missing an official release mail for 0.9.8r. Will you create one? I wasn't planning to -- http://www.openssl.org/news/secadv_20110208.txt also announces 0.9.8r for those using the 0.9.8 branch, but a separate announcement for 0.9.8r doesn't seem right (or at least not using our template claiming that this is the best version of OpenSSL available). (Maybe we should have had a combined release announcement OpenSSL versions 1.0.0d and 0.9.8r released?) Good idea. I just think it's a good idea to have an offical release mail for all new versions. It's also a good thing to have the MD5 and SHA1 checksums independently from the download area. Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL HEAD on UnixWare
It's been a while since I attempted to build HEAD on my UnixWare 7.1.4 box so I gave it a try. Unfortunately it blows up on crypto/modes/ghash-x86.s cc -I.. -I../.. -I../asn1 -I../evp -I../../include -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -Kthread -DDSO_DLFCN -DHAVE_DLFCN_H -Kpentium_pro -D__i386__ -O -DFILIO_H -Kalloca -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o ghash-x86.o ghash-x86.s UX:as: ERROR: ghash-x86.s:917:unknown directive: .word UX:as: ERROR: ghash-x86.s:918:unknown directive: .word [snip more errors] Hopefully there is a more portable way to do the assembler on ghash-x86.s could you compile following snippet: shor i=5; generate assembler output with cc -S and submit it? a. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL HEAD on UnixWare
On Wed, 9 Feb 2011, Andy Polyakov wrote: Hopefully there is a more portable way to do the assembler on ghash-x86.s could you compile following snippet: shor i=5; generate assembler output with cc -S and submit it? a. I'm guessing you mean short i=5; .. .file x.c .version01.01 .data .globl i .align 2 i: .value 5 .type i,object .size i,2 .ident acomp: (CCS) 4.2 05/13/08 (uw714mp4.bl3h) /REGAL 0 EXTDEF i 2 .. -- Tim RiceMultitalents t...@multitalents.net __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org