Re: [PATCH] Fix sparcv9 sha512 build with binutils.
From: David Miller Date: Mon, 10 Sep 2012 13:53:26 -0400 (EDT) Ping? > It won't accept: > > cmp CONSTANT, REG > > It will only allow these two forms: > > cmp REG, CONSTANT > cmp REG, REG > > This is with binutils-2.22 under Linux. > > diff --git a/crypto/sha/asm/sha512-sparcv9.pl > b/crypto/sha/asm/sha512-sparcv9.pl > index 71d6726..e728d6e 100644 > --- a/crypto/sha/asm/sha512-sparcv9.pl > +++ b/crypto/sha/asm/sha512-sparcv9.pl > @@ -170,7 +170,7 @@ $code.=<<___ if ($i==0); > ld [$inp+16],%l4 > ld [$inp+20],%l5 > ld [$inp+24],%l6 > - cmp 0,$tmp31 > + cmp $tmp31,0 > ld [$inp+28],%l7 > ___ > $code.=<<___ if ($i<15); __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2875] Limited rsa keysize
Thanks for your reply! Ok, this is an understandable reason.
But I still think this is an issue because the error message (''keys do not
match'') is very misleading and does not point to the actual problem - the
intentionally limitation. There should be an error message which describes that
this is an internationally limitation and that the limitation can be changed
with the compiler switch/constant you described.
Also I wonder, why did OpenSSL create the key and the csr (successfully?) if
there is a limitation?
Daniel
Stephen Henson via RT schrieb:
>> [daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]:
>>
>> Hello, I found out that the rsa keysize is limited.
>> Here is my script: http://www.viathinksoft.de/~daniel-
>> marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/
>> I cannot create a 32768 bits certificate which I want to create as
>> test certificate to find limits in the implementations of x509
>> parsers.
>>
>>
>
>This is intentional as excessively large key sizes can be used in DoS
>attacks.
>
>If you compile openssl with -DOPENSSL_RSA_MAX_MODULUS_BITS= you
>can specify an alternative value to the default which is 16384 bits.
>
>Steve.
>--
>Dr Stephen N. Henson. OpenSSL project core developer.
>Commercial tech support now available see: http://www.openssl.org
Thanks for your reply! Ok, this is an understandable reason.
But I still think this is an issue because the error message (''keys do not match'') is very misleading and does not point to the actual problem - the intentionally limitation. There should be an error message which describes that this is an internationally limitation and that the limitation can be changed with the compiler switch/constant you described.
Also I wonder, why did OpenSSL create the key and the csr (successfully?) if there is a limitation?
Daniel
Stephen Henson via RT schrieb:
> [daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]:Hello, I found out that the rsa keysize is limited.Here is my script: http://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/I cannot create a 32768 bits certificate which I want to create astest certificate to find limits in the implementations of x509parsers.This is intentional as excessively large key sizes can be used in DoSattacks.If you compile openssl with -DOPENSSL_RSA_MAX_MODULUS_BITS= youcan specify an alternative value to the default which is 16384 bits.Steve.
Re: [openssl.org #2836] [PATCH] Staple the correct OCSP Response when multiple certs are configured
On 07/09/12 11:51, Rob Stradling wrote:
> Attached is an updated patch for CVS HEAD, plus a patch for the 1.0.2
> branch.
>
> Are you still accepting patches for 1.0.1?
Attached is a patch for 1.0.1.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Index: ssl/s3_srvr.c
===
RCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.171.2.21.2.26
diff -u -r1.171.2.21.2.26 s3_srvr.c
--- ssl/s3_srvr.c 8 Jun 2012 09:18:46 - 1.171.2.21.2.26
+++ ssl/s3_srvr.c 12 Sep 2012 15:45:12 -
@@ -1183,7 +1183,7 @@
goto f_err;
}
}
- if (ssl_check_clienthello_tlsext(s) <= 0) {
+ if (ssl_check_clienthello_tlsext_early(s) <= 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
@@ -1405,6 +1405,16 @@
* s->tmp.new_cipher- the new cipher to use.
*/
+ /* Handles TLS extensions that we couldn't check earlier */
+ if (s->version >= SSL3_VERSION)
+ {
+ if (ssl_check_clienthello_tlsext_late(s) <= 0)
+ {
+
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ goto err;
+ }
+ }
+
if (ret < 0) ret=1;
if (0)
{
Index: ssl/ssl_lib.c
===
RCS file: /v/openssl/cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.176.2.19.2.25
diff -u -r1.176.2.19.2.25 ssl_lib.c
--- ssl/ssl_lib.c 8 Jun 2012 09:18:46 - 1.176.2.19.2.25
+++ ssl/ssl_lib.c 12 Sep 2012 15:45:12 -
@@ -2287,7 +2287,7 @@
#endif
/* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(SSL *s)
+X509 *ssl_get_server_send_cert(const SSL *s)
{
unsigned long alg_k,alg_a;
CERT *c;
@@ -2780,7 +2780,9 @@
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
- if (s->cert != NULL)
+ if (s->server)
+ return(ssl_get_server_send_cert(s));
+ else if (s->cert != NULL)
return(s->cert->key->x509);
else
return(NULL);
Index: ssl/ssl_locl.h
===
RCS file: /v/openssl/cvs/openssl/ssl/ssl_locl.h,v
retrieving revision 1.100.2.10.2.17
diff -u -r1.100.2.10.2.17 ssl_locl.h
--- ssl/ssl_locl.h 9 Mar 2012 15:52:20 - 1.100.2.10.2.17
+++ ssl/ssl_locl.h 12 Sep 2012 15:45:12 -
@@ -830,7 +830,7 @@
int ssl_undefined_function(SSL *s);
int ssl_undefined_void_function(void);
int ssl_undefined_const_function(const SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
+X509 *ssl_get_server_send_cert(const SSL *);
EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
@@ -1088,7 +1088,8 @@
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char
*d, int n, int *al);
int ssl_prepare_clienthello_tlsext(SSL *s);
int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext_early(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);
#ifndef OPENSSL_NO_HEARTBEATS
Index: ssl/t1_lib.c
===
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.64.2.14.2.33
diff -u -r1.64.2.14.2.33 t1_lib.c
--- ssl/t1_lib.c27 Jun 2012 14:11:40 - 1.64.2.14.2.33
+++ ssl/t1_lib.c12 Sep 2012 15:45:12 -
@@ -1763,7 +1763,7 @@
return 1;
}
-int ssl_check_clienthello_tlsext(SSL *s)
+int ssl_check_clienthello_tlsext_early(SSL *s)
{
int ret=SSL_TLSEXT_ERR_NOACK;
int al = SSL_AD_UNRECOGNIZED_NAME;
@@ -1782,42 +1782,12 @@
else if (s->initial_ctx != NULL &&
s->initial_ctx->tlsext_servername_callback != 0)
ret = s->initial_ctx->tlsext_servername_callback(s, &al,
s->initial_ctx->tlsext_servername_arg);
- /* If status request then ask callback what to do.
-* Note: this must be called after servername callbacks in case
-* the certificate has changed.
-*/
- if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
- {
- int r;
- r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
- switch (r)
- {
- /* We don't want to send a status request response */
- case SSL_TLSEXT_ERR_NOACK:
-
[openssl.org #2878] [PATCH] s_client -fd
Hi,
The attached patch adds the -fd parameter to s_client, to use SSL/TLS
over an already established connection.
This could then be used like this from Bash:
openssl s_client -fd 9 9<> /dev/tcp/encrypted.google.com/443
One application would be to negotiate the use of SSL/TLS in plain text
before SSL/TLS is used for protocols which are not supported by the
-starttls flag.
The following snippet demonstrates this for HTTPS through an HTTP proxy
(again for Bash):
==
# Open a socket on file descriptor 9
exec 9<> "/dev/tcp/$PROXYHOST/$PROXYPORT" || exit 1
# Start the HTTP proxy connection
printf 'CONNECT %s:%s HTTP/1.1\r\nHost: %s:%s\r\nProxy-Connection:
Keep-Alive\r\n\r\n' "$TARGETHOST" "$TARGETPORT" "$TARGETHOST" "$TARGETPORT" >&9
# Read the response until an empty line is encountered.
while :; do
read -r LINE
if [ -z "$LINE" -o '^M' = "$LINE" ]; then
break
fi
done <&9
# Start encryption
openssl s_client -fd 9 -ign_eof
==
Regards,
Serge van den Boom
diff -ur openssl-1.0.1c/apps/s_client.c openssl-1.0.1c-org/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c 2012-09-07 15:03:18.0 +0200
+++ openssl-1.0.1c-org/apps/s_client.c 2012-03-18 19:16:05.0 +0100
@@ -140,7 +140,6 @@
#include
#include
#include
-#include
#include
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
@@ -289,7 +288,6 @@
BIO_printf(bio_err," -host host - use -connect instead\n");
BIO_printf(bio_err," -port port - use -connect instead\n");
BIO_printf(bio_err," -connect host:port - who to connect to (default is
%s:%s)\n",SSL_HOST_NAME,PORT_STR);
- BIO_printf(bio_err," -fd fd - file descriptor to use
(alternative to -connect)\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate
verification\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM
format assumed\n");
@@ -560,7 +558,7 @@
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
- int s,fd=-1,k,width,state=0;
+ int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
@@ -675,13 +673,6 @@
if (!extract_host_port(*(++argv),&host,NULL,&port))
goto bad;
}
- else if (strcmp(*argv,"-fd") == 0)
- {
- if (--argc < 1) goto bad;
- fd=atoi(*(++argv));
- host = "";
- port = 0;
- }
else if (strcmp(*argv,"-verify") == 0)
{
verify=SSL_VERIFY_PEER;
@@ -1261,31 +1252,13 @@
re_start:
- if (fd != -1)
+ if (init_client(&s,host,port,socket_type) == 0)
{
- struct stat sb;
- if (fstat(fd, &sb) == -1)
- {
- BIO_printf(bio_err,"bad file descriptor\n");
- goto end;
- }
- if (!S_ISSOCK(sb.st_mode))
- {
- BIO_printf(bio_err,"file descriptor is not a socket\n");
- goto end;
- }
- s = fd;
- }
- else
- {
- if (init_client(&s,host,port,socket_type) == 0)
- {
-
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- SHUTDOWN(s);
- goto end;
- }
- BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
+
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+ SHUTDOWN(s);
+ goto end;
}
+ BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
#ifdef FIONBIO
if (c_nbio)
diff -ur openssl-1.0.1c/doc/apps/s_client.pod
openssl-1.0.1c-org/doc/apps/s_client.pod
--- openssl-1.0.1c/doc/apps/s_client.pod2012-09-12 16:26:08.0
+0200
+++ openssl-1.0.1c-org/doc/apps/s_client.pod2009-06-26 13:28:51.0
+0200
@@ -9,7 +9,6 @@
B B
[B<-connect host:port>]
-[B<-fd fd>]
[B<-verify depth>]
[B<-cert filename>]
[B<-certform DER|PEM>]
@@ -60,10 +59,6 @@
This specifies the host and optional port to connect to. If not specified
then an attempt is made to connect to the local host on port 4433.
-=item B<-fd fd>
-
-A file descriptor of an open socket to use instead of connecting with
B<-connect>.
-
=item B<-cert certname>
The certificate to use, if one is requested by the server. The default is
[openssl.org #2875] Limited rsa keysize
> [daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]: > > Hello, I found out that the rsa keysize is limited. > Here is my script: http://www.viathinksoft.de/~daniel- > marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ > I cannot create a 32768 bits certificate which I want to create as > test certificate to find limits in the implementations of x509 > parsers. > > This is intentional as excessively large key sizes can be used in DoS attacks. If you compile openssl with -DOPENSSL_RSA_MAX_MODULUS_BITS= you can specify an alternative value to the default which is 16384 bits. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2877] openssl rand does not check write(2) return code
{note: I'm not subscribed to any openssl-mailinglist, please
contact me directly if necessary}
Hi,
I used "openssl rand" to create random data blocks for filesystem
and disk testing and noticed that on a full filesystem openssl
rand does not return a non-zero exit status when the filesystem is
full.
If it cannot open the output file, the return status is 1, indicating
failure.
$ openssl rand -out /etc/cannotwrite 10 ; echo "$?"
5138:error:0200100D:system library:fopen:Permission
denied:bss_file.c:356:fopen('/etc/cannotwrite','w')
5138:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
1
If the filesystem is full, the return status is 1, even though no
actual content has been written.
# openssl rand -out /mnt/fs_full 16 ; echo "$?"
0
# ls -l /mnt/fs_full
-rw-r--r-- 1 root root 0 Sep 12 12:44 /mnt/fs_full
The write() system call fails with ENOSPC:
# strace -e write openssl rand -out /mnt/fs_full 16
write(3, "\224jP\207U\205\236\4\241\356V\16\1q\35\303", 16) = -1 ENOSPC
(No space left on device)
If one looks at the sourcecode, then it's obvious that the return-code
of BIO_write() is not checked:
--- openssl-1.0.1c/apps/rand.c, Line 223
if (!hex)
BIO_write(out, buf, chunk);
else
{
for (i = 0; i < chunk; i++)
BIO_printf(out, "%02x", buf[i]);
}
I don't know the precise semantics of BIO_write, so I can only propose
that the return of BIO_write is checked against the expected return
and the program return code adapted to indicate failure once
an error has occured writing out the random bytes.
Greetings,
Chris
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[openssl.org #2876] SSL reports Too many open files
Hi SSL support team, We are using openssl 9.8l. We phase a problem of "Too many open files" when we run our application for some time on a Solaris host. The error is always reported from SSL lib with a signature like below error:02001018:system library:fopen:Too many open files Error extra data: error:2006D002:BIO routines:BIO_new_file:system lib error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib *** We captured an lsof output from the host , it looks like there are some udp socket descriptor files opened(which is unknown to our application) , Here is the host environment details OS: Solaris version : 2.9 Any thoughts or assistance on this will be very helpful and appreciable. Thanks, Naj.. Hi SSL support team,We are using openssl 9.8l. We phase a problem of "Too many open files" when we run our application for some time on a Solaris host.The error is always reported from SSL lib with a signature like belowerror:02001018:system library:fopen:Too many open filesError extra data:error:2006D002:BIO routines:BIO_new_file:system liberror:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib***We captured an lsof output from the host , it looks like there are some udp socket descriptor files opened(which is unknown to our application) , Here is the host environment details OS: Solarisversion : 2.9 Any thoughts or assistance on this will be very helpful and appreciable. Thanks,Naj..
[openssl.org #2875] Limited rsa keysize
Hello, I found out that the rsa keysize is limited. Here is my script: http://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ I cannot create a 32768 bits certificate which I want to create as test certificate to find limits in the implementations of x509 parsers. Hello, I found out that the rsa keysize is limited. Here is my script: http://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ I cannot create a 32768 bits certificate which I want to create as test certificate to find limits in the implementations of x509 parsers.
[openssl.org #2874] Missing initialization of str in aes_ccm_init_key
The str member of EVP_AES_CCM_CTX structure stays uninitialized when aes ccm is used with the vpaes backend causing it to crash when the str is later called as it is non-NULL. The attached patch fixes the problem. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb diff -up openssl-1.0.1c/crypto/evp/e_aes.c.init-str openssl-1.0.1c/crypto/evp/e_aes.c --- openssl-1.0.1c/crypto/evp/e_aes.c.init-str 2012-09-06 17:20:45.0 +0200 +++ openssl-1.0.1c/crypto/evp/e_aes.c 2012-09-06 17:18:30.0 +0200 @@ -1216,6 +1216,7 @@ static int aes_ccm_init_key(EVP_CIPHER_C vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f)vpaes_encrypt); + cctx->str = NULL; cctx->key_set = 1; break; }
