Re: [PATCH] Fix sparcv9 sha512 build with binutils.
From: David Miller Date: Mon, 10 Sep 2012 13:53:26 -0400 (EDT) Ping? > It won't accept: > > cmp CONSTANT, REG > > It will only allow these two forms: > > cmp REG, CONSTANT > cmp REG, REG > > This is with binutils-2.22 under Linux. > > diff --git a/crypto/sha/asm/sha512-sparcv9.pl > b/crypto/sha/asm/sha512-sparcv9.pl > index 71d6726..e728d6e 100644 > --- a/crypto/sha/asm/sha512-sparcv9.pl > +++ b/crypto/sha/asm/sha512-sparcv9.pl > @@ -170,7 +170,7 @@ $code.=<<___ if ($i==0); > ld [$inp+16],%l4 > ld [$inp+20],%l5 > ld [$inp+24],%l6 > - cmp 0,$tmp31 > + cmp $tmp31,0 > ld [$inp+28],%l7 > ___ > $code.=<<___ if ($i<15); __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2875] Limited rsa keysize
Thanks for your reply! Ok, this is an understandable reason. But I still think this is an issue because the error message (''keys do not match'') is very misleading and does not point to the actual problem - the intentionally limitation. There should be an error message which describes that this is an internationally limitation and that the limitation can be changed with the compiler switch/constant you described. Also I wonder, why did OpenSSL create the key and the csr (successfully?) if there is a limitation? Daniel Stephen Henson via RT schrieb: >> [daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]: >> >> Hello, I found out that the rsa keysize is limited. >> Here is my script: http://www.viathinksoft.de/~daniel- >> marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ >> I cannot create a 32768 bits certificate which I want to create as >> test certificate to find limits in the implementations of x509 >> parsers. >> >> > >This is intentional as excessively large key sizes can be used in DoS >attacks. > >If you compile openssl with -DOPENSSL_RSA_MAX_MODULUS_BITS= you >can specify an alternative value to the default which is 16384 bits. > >Steve. >-- >Dr Stephen N. Henson. OpenSSL project core developer. >Commercial tech support now available see: http://www.openssl.org Thanks for your reply! Ok, this is an understandable reason. But I still think this is an issue because the error message (''keys do not match'') is very misleading and does not point to the actual problem - the intentionally limitation. There should be an error message which describes that this is an internationally limitation and that the limitation can be changed with the compiler switch/constant you described. Also I wonder, why did OpenSSL create the key and the csr (successfully?) if there is a limitation? Daniel Stephen Henson via RT schrieb: > [daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]:Hello, I found out that the rsa keysize is limited.Here is my script: http://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/I cannot create a 32768 bits certificate which I want to create astest certificate to find limits in the implementations of x509parsers.This is intentional as excessively large key sizes can be used in DoSattacks.If you compile openssl with -DOPENSSL_RSA_MAX_MODULUS_BITS= youcan specify an alternative value to the default which is 16384 bits.Steve.
Re: [openssl.org #2836] [PATCH] Staple the correct OCSP Response when multiple certs are configured
On 07/09/12 11:51, Rob Stradling wrote: > Attached is an updated patch for CVS HEAD, plus a patch for the 1.0.2 > branch. > > Are you still accepting patches for 1.0.1? Attached is a patch for 1.0.1. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Index: ssl/s3_srvr.c === RCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.171.2.21.2.26 diff -u -r1.171.2.21.2.26 s3_srvr.c --- ssl/s3_srvr.c 8 Jun 2012 09:18:46 - 1.171.2.21.2.26 +++ ssl/s3_srvr.c 12 Sep 2012 15:45:12 - @@ -1183,7 +1183,7 @@ goto f_err; } } - if (ssl_check_clienthello_tlsext(s) <= 0) { + if (ssl_check_clienthello_tlsext_early(s) <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); goto err; } @@ -1405,6 +1405,16 @@ * s->tmp.new_cipher- the new cipher to use. */ + /* Handles TLS extensions that we couldn't check earlier */ + if (s->version >= SSL3_VERSION) + { + if (ssl_check_clienthello_tlsext_late(s) <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } + } + if (ret < 0) ret=1; if (0) { Index: ssl/ssl_lib.c === RCS file: /v/openssl/cvs/openssl/ssl/ssl_lib.c,v retrieving revision 1.176.2.19.2.25 diff -u -r1.176.2.19.2.25 ssl_lib.c --- ssl/ssl_lib.c 8 Jun 2012 09:18:46 - 1.176.2.19.2.25 +++ ssl/ssl_lib.c 12 Sep 2012 15:45:12 - @@ -2287,7 +2287,7 @@ #endif /* THIS NEEDS CLEANING UP */ -X509 *ssl_get_server_send_cert(SSL *s) +X509 *ssl_get_server_send_cert(const SSL *s) { unsigned long alg_k,alg_a; CERT *c; @@ -2780,7 +2780,9 @@ /* Fix this function so that it takes an optional type parameter */ X509 *SSL_get_certificate(const SSL *s) { - if (s->cert != NULL) + if (s->server) + return(ssl_get_server_send_cert(s)); + else if (s->cert != NULL) return(s->cert->key->x509); else return(NULL); Index: ssl/ssl_locl.h === RCS file: /v/openssl/cvs/openssl/ssl/ssl_locl.h,v retrieving revision 1.100.2.10.2.17 diff -u -r1.100.2.10.2.17 ssl_locl.h --- ssl/ssl_locl.h 9 Mar 2012 15:52:20 - 1.100.2.10.2.17 +++ ssl/ssl_locl.h 12 Sep 2012 15:45:12 - @@ -830,7 +830,7 @@ int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); -X509 *ssl_get_server_send_cert(SSL *); +X509 *ssl_get_server_send_cert(const SSL *); EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); @@ -1088,7 +1088,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); -int ssl_check_clienthello_tlsext(SSL *s); +int ssl_check_clienthello_tlsext_early(SSL *s); +int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); #ifndef OPENSSL_NO_HEARTBEATS Index: ssl/t1_lib.c === RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.64.2.14.2.33 diff -u -r1.64.2.14.2.33 t1_lib.c --- ssl/t1_lib.c27 Jun 2012 14:11:40 - 1.64.2.14.2.33 +++ ssl/t1_lib.c12 Sep 2012 15:45:12 - @@ -1763,7 +1763,7 @@ return 1; } -int ssl_check_clienthello_tlsext(SSL *s) +int ssl_check_clienthello_tlsext_early(SSL *s) { int ret=SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; @@ -1782,42 +1782,12 @@ else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); - /* If status request then ask callback what to do. -* Note: this must be called after servername callbacks in case -* the certificate has changed. -*/ - if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) - { - int r; - r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); - switch (r) - { - /* We don't want to send a status request response */ - case SSL_TLSEXT_ERR_NOACK: -
[openssl.org #2878] [PATCH] s_client -fd
Hi, The attached patch adds the -fd parameter to s_client, to use SSL/TLS over an already established connection. This could then be used like this from Bash: openssl s_client -fd 9 9<> /dev/tcp/encrypted.google.com/443 One application would be to negotiate the use of SSL/TLS in plain text before SSL/TLS is used for protocols which are not supported by the -starttls flag. The following snippet demonstrates this for HTTPS through an HTTP proxy (again for Bash): == # Open a socket on file descriptor 9 exec 9<> "/dev/tcp/$PROXYHOST/$PROXYPORT" || exit 1 # Start the HTTP proxy connection printf 'CONNECT %s:%s HTTP/1.1\r\nHost: %s:%s\r\nProxy-Connection: Keep-Alive\r\n\r\n' "$TARGETHOST" "$TARGETPORT" "$TARGETHOST" "$TARGETPORT" >&9 # Read the response until an empty line is encountered. while :; do read -r LINE if [ -z "$LINE" -o '^M' = "$LINE" ]; then break fi done <&9 # Start encryption openssl s_client -fd 9 -ign_eof == Regards, Serge van den Boom diff -ur openssl-1.0.1c/apps/s_client.c openssl-1.0.1c-org/apps/s_client.c --- openssl-1.0.1c/apps/s_client.c 2012-09-07 15:03:18.0 +0200 +++ openssl-1.0.1c-org/apps/s_client.c 2012-03-18 19:16:05.0 +0100 @@ -140,7 +140,6 @@ #include #include #include -#include #include #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 @@ -289,7 +288,6 @@ BIO_printf(bio_err," -host host - use -connect instead\n"); BIO_printf(bio_err," -port port - use -connect instead\n"); BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - BIO_printf(bio_err," -fd fd - file descriptor to use (alternative to -connect)\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); @@ -560,7 +558,7 @@ #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif - int s,fd=-1,k,width,state=0; + int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; int sbuf_len,sbuf_off; @@ -675,13 +673,6 @@ if (!extract_host_port(*(++argv),&host,NULL,&port)) goto bad; } - else if (strcmp(*argv,"-fd") == 0) - { - if (--argc < 1) goto bad; - fd=atoi(*(++argv)); - host = ""; - port = 0; - } else if (strcmp(*argv,"-verify") == 0) { verify=SSL_VERIFY_PEER; @@ -1261,31 +1252,13 @@ re_start: - if (fd != -1) + if (init_client(&s,host,port,socket_type) == 0) { - struct stat sb; - if (fstat(fd, &sb) == -1) - { - BIO_printf(bio_err,"bad file descriptor\n"); - goto end; - } - if (!S_ISSOCK(sb.st_mode)) - { - BIO_printf(bio_err,"file descriptor is not a socket\n"); - goto end; - } - s = fd; - } - else - { - if (init_client(&s,host,port,socket_type) == 0) - { - BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); - SHUTDOWN(s); - goto end; - } - BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); + goto end; } + BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); #ifdef FIONBIO if (c_nbio) diff -ur openssl-1.0.1c/doc/apps/s_client.pod openssl-1.0.1c-org/doc/apps/s_client.pod --- openssl-1.0.1c/doc/apps/s_client.pod2012-09-12 16:26:08.0 +0200 +++ openssl-1.0.1c-org/doc/apps/s_client.pod2009-06-26 13:28:51.0 +0200 @@ -9,7 +9,6 @@ B B [B<-connect host:port>] -[B<-fd fd>] [B<-verify depth>] [B<-cert filename>] [B<-certform DER|PEM>] @@ -60,10 +59,6 @@ This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433. -=item B<-fd fd> - -A file descriptor of an open socket to use instead of connecting with B<-connect>. - =item B<-cert certname> The certificate to use, if one is requested by the server. The default is
[openssl.org #2875] Limited rsa keysize
> [daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]: > > Hello, I found out that the rsa keysize is limited. > Here is my script: http://www.viathinksoft.de/~daniel- > marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ > I cannot create a 32768 bits certificate which I want to create as > test certificate to find limits in the implementations of x509 > parsers. > > This is intentional as excessively large key sizes can be used in DoS attacks. If you compile openssl with -DOPENSSL_RSA_MAX_MODULUS_BITS= you can specify an alternative value to the default which is 16384 bits. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2877] openssl rand does not check write(2) return code
{note: I'm not subscribed to any openssl-mailinglist, please contact me directly if necessary} Hi, I used "openssl rand" to create random data blocks for filesystem and disk testing and noticed that on a full filesystem openssl rand does not return a non-zero exit status when the filesystem is full. If it cannot open the output file, the return status is 1, indicating failure. $ openssl rand -out /etc/cannotwrite 10 ; echo "$?" 5138:error:0200100D:system library:fopen:Permission denied:bss_file.c:356:fopen('/etc/cannotwrite','w') 5138:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358: 1 If the filesystem is full, the return status is 1, even though no actual content has been written. # openssl rand -out /mnt/fs_full 16 ; echo "$?" 0 # ls -l /mnt/fs_full -rw-r--r-- 1 root root 0 Sep 12 12:44 /mnt/fs_full The write() system call fails with ENOSPC: # strace -e write openssl rand -out /mnt/fs_full 16 write(3, "\224jP\207U\205\236\4\241\356V\16\1q\35\303", 16) = -1 ENOSPC (No space left on device) If one looks at the sourcecode, then it's obvious that the return-code of BIO_write() is not checked: --- openssl-1.0.1c/apps/rand.c, Line 223 if (!hex) BIO_write(out, buf, chunk); else { for (i = 0; i < chunk; i++) BIO_printf(out, "%02x", buf[i]); } I don't know the precise semantics of BIO_write, so I can only propose that the return of BIO_write is checked against the expected return and the program return code adapted to indicate failure once an error has occured writing out the random bytes. Greetings, Chris __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2876] SSL reports Too many open files
Hi SSL support team, We are using openssl 9.8l. We phase a problem of "Too many open files" when we run our application for some time on a Solaris host. The error is always reported from SSL lib with a signature like below error:02001018:system library:fopen:Too many open files Error extra data: error:2006D002:BIO routines:BIO_new_file:system lib error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib *** We captured an lsof output from the host , it looks like there are some udp socket descriptor files opened(which is unknown to our application) , Here is the host environment details OS: Solaris version : 2.9 Any thoughts or assistance on this will be very helpful and appreciable. Thanks, Naj.. Hi SSL support team,We are using openssl 9.8l. We phase a problem of "Too many open files" when we run our application for some time on a Solaris host.The error is always reported from SSL lib with a signature like belowerror:02001018:system library:fopen:Too many open filesError extra data:error:2006D002:BIO routines:BIO_new_file:system liberror:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib***We captured an lsof output from the host , it looks like there are some udp socket descriptor files opened(which is unknown to our application) , Here is the host environment details OS: Solarisversion : 2.9 Any thoughts or assistance on this will be very helpful and appreciable. Thanks,Naj..
[openssl.org #2875] Limited rsa keysize
Hello, I found out that the rsa keysize is limited. Here is my script: http://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ I cannot create a 32768 bits certificate which I want to create as test certificate to find limits in the implementations of x509 parsers. Hello, I found out that the rsa keysize is limited. Here is my script: http://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ I cannot create a 32768 bits certificate which I want to create as test certificate to find limits in the implementations of x509 parsers.
[openssl.org #2874] Missing initialization of str in aes_ccm_init_key
The str member of EVP_AES_CCM_CTX structure stays uninitialized when aes ccm is used with the vpaes backend causing it to crash when the str is later called as it is non-NULL. The attached patch fixes the problem. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb diff -up openssl-1.0.1c/crypto/evp/e_aes.c.init-str openssl-1.0.1c/crypto/evp/e_aes.c --- openssl-1.0.1c/crypto/evp/e_aes.c.init-str 2012-09-06 17:20:45.0 +0200 +++ openssl-1.0.1c/crypto/evp/e_aes.c 2012-09-06 17:18:30.0 +0200 @@ -1216,6 +1216,7 @@ static int aes_ccm_init_key(EVP_CIPHER_C vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f)vpaes_encrypt); + cctx->str = NULL; cctx->key_set = 1; break; }