Re: Patch to mitigate CVE-2014-3566 (POODLE)
mancha manc...@zoho.com: Any reason for the s_client -fallback_scsv option check to be within an #ifndef OPENSSL_NO_DTLS1 block? Thanks for catching this. No, there's no good reason for that; I should move it elsewhere. Bodo
[openssl.org #3552] aesni_ecb_encrypt clobbers Win64 callee-save registers
The ABI fix is committed, unfortunately RT number is off by one in commit message, 3553 instead of 3552. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2593] [PATCH] 1.0.1-STABLE build fails on VMS
Been fixed since summer of 2014, if not earlier :) -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL version 0.9.8zc released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8zc released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8zc of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-0.9.8-notes.html OpenSSL 0.9.8zc is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.8zc.tar.gz Size: 3735406 MD5 checksum: 1b239eea3a60d67863e7b66700e47a16 SHA1 checksum: c7c4715b09d1b68aec564671afd7ec416edf764f The checksums were calculated using the following commands: openssl md5 openssl-0.9.8zc.tar.gz openssl sha1 openssl-0.9.8zc.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUPm1GAAoJENnE0m0OYESRdV4H/Ru7FVmravb8pXFkhyOV/OVC ujwTDySxsz99vntee4/35nsqApTbC91Y0RRh/yGPwK82uAB97wimf/ZozwPko9xM B96+r4IbMNEz4kkTL8OHINtd/DUqeQFe0IZ6mEUT00teUaZVu9FtcnOqXccty2ku zwSXztG6L52TDHf4VGE+e3ZIIAb52sXObqVOLgD0ON1EUjUZMvOz1aH0qfnrzkcy AFuqxuRukLyxn+HYb9jkBCoMXM6pGn8O2OGp0tiEn32OeuPvJzCMA+Hfi/rpcFa7 ImsJzBmglxCSso6jcprj23xxtSRGpvV2p0PS2M4Jfjk0W2MWbGNaN81u0BRBeAk= =kBYh -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL version 1.0.0o released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0o released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0o of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.0-notes.html OpenSSL 1.0.0o is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0o.tar.gz Size: 4003271 MD5 checksum: 473b311354b7b19d624a4f291580e82e SHA1 checksum: c258be34c3d20967c881c9fff46b0d4730f1b7d3 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0o.tar.gz openssl sha1 openssl-1.0.0o.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUPm4AAAoJENnE0m0OYESR1dMIAK+3GVv2D4G55yRErzlj00m3 AcHQkk+7XeqTLXcM8LSj00jehDA1EoKUb7/RV1VziPSTjMHj6n5EEF7nF+gMRrGK YlNmg5eKXcBBbj3nr2QJgqoA3mcHyuox7plofj9Q9X/j0qsPFM5rzY6WaG7/3+/P SEgB9McCdXUtQfS5b11m0YTqn92gisaGC8U9wqgv6zq6y2i6AwdGPepaWUAww3Cl +EXvo81eZzh0tgNiSjl8ivuozb+5Zc02NX/FsQXgLcRERaUiHlQNYon7wDXZ7lXB gUi0c31Cbulb/STWiaQMsN9cVBMUidxLiVScohjr4v6CV/g9pB8/0gHcqXgYPSU= =2Pi5 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL version 1.0.1j released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1j released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1j of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1j is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1j.tar.gz Size: 4432964 MD5 checksum: f7175c9cd3c39bb1907ac8bba9df8ed3 SHA1 checksum: cff86857507624f0ad42d922bb6f77c4f1c2b819 The checksums were calculated using the following commands: openssl md5 openssl-1.0.1j.tar.gz openssl sha1 openssl-1.0.1j.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEbBAEBAgAGBQJUPm6fAAoJENnE0m0OYESRkJ4H9ing12otDoFR/IvmUU7tFIci plQS1tlqZmniU1ikymLigbN/FNzRGHOLC/5HtCeKHvDG6AZkRrjJ6xQ5aug0tl+k tJxyG8+g97hFqEiGwGtCMknb9tr/qSX+WkHaDFpLMsb6WNfQiOeRy/CGbFMPEPGW fvUNnBkDI2w007oJjUfyD8YwPO01z6OfR8NWq+jP2uM0MeGnz8WrV0Q+4IZwyk1X 557rlL6lQCRNQe/sERFCMgDU3sASjvFrplK8BhhAUbVyfhM8BfS4YvI/F2cHjQ7J JV7sXgeNtmAJ6u/ehY/dz6hOm83smbaxPzpAaNYaOGPmSnVLkkMNFgZuJL0SIg== =o1Qd -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [15 Oct 2014] === SRTP Memory Leak (CVE-2014-3513) Severity: High A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. OpenSSL 1.0.1 users should upgrade to 1.0.1j. This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team. The fix was developed by the OpenSSL team. Session Ticket Memory Leak (CVE-2014-3567) == Severity: Medium When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc. This issue was reported to OpenSSL on 8th October 2014. The fix was developed by Stephen Henson of the OpenSSL core team. SSL 3.0 Fallback protection === Severity: Medium OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566). OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc. https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 https://www.openssl.org/~bodo/ssl-poodle.pdf Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller. Build option no-ssl3 is incomplete (CVE-2014-3568) == Severity: Low When OpenSSL is configured with no-ssl3 as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc. This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014. The fix was developed by Akamai and the OpenSSL team. References == URL for this Security Advisory: https://www.openssl.org/news/secadv_20141015.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUPnPYAAoJENnE0m0OYESRaBsH/Au+URgDVRsG/LJT89adeBnA jPEdxf2CV2M4aH5bs2FRES43iWQNQUtDHkmSfOfyICLHYN8no2/78QqMhPr1/euA bRGB7+P+Epac8LRjXGR9+CJx46Oc0LqDgXdU/7nGe2qB8qo0oR6S3M+ZUsuSB6IU XbQC0wTeDRXZKJ0dLXLj1ro7JaFd2F692XKilUVdg4cLUuK5IbxdXWzp2ttgoQGB EbBNHSbbSbbNODUyr/oyna+c+FImAbcTOee0PuGOukEmsDQh/wofbRDb9tn0JdZw /ZJDJtU1VVeIl+j+uU9fQ0aG/TTjPBMeT5uelA9P/t4SPh+7JDneHbuhY5GCfnI= =ic92 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Vuln in SSL 3.0
Hi, there's a workaround here : https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it aims to forbid protocol downgrade, except for interoperability however I don't know when draft will be accepted and included to TLS protocols Nicolas - Mail original - De: Dominyk Tiller dominyktil...@gmail.com À: openssl-dev@openssl.org Envoyé: Mardi 14 Octobre 2014 18:19:34 Objet: Re: Vuln in SSL 3.0 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 If there is a threat in SSLv3 it seems almost certain to affect OpenSSL. The upstream dev team not commenting on this is probably fairly standard protocol; I believe they don't comment on anything critical that could be exploited before patches are imminent or available. I guess the situation is Watch this space. Sent from Thunderbird for OS X. My PGP public key is automatically attached to this email. On 14/10/2014 15:19, Krzysztof Kwiatkowski wrote: Hi, Any idea what this is about? Is it a threat for OpenSSL users: http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/ Regards, Kris __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -BEGIN PGP SIGNATURE- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJUPU0UAAoJEIclJNuddDJsNYUP/A00vuZ/PUsoIG/rORgw9yvj Gg9IIfybSodxdVpeQeI98z1wxEh4+6p99MYmZTvJ3RnRATrMn2ymjrYbJz4Jj43q 0d3kg3QQCPnPimFkgCo2IwdT/K2TCZl2pAwIOJn5Mo25nGnVL7WpH62PXjtBLpvz Im7WME5W8qzhZ+cHQJA3A+P5ow9q+aS++/bNk/dq80EON4/gyxRvu/BNl+/DmCfw 2SKP57k8huHj5F0voziNPKLPd2RBtgxS9iAEVZ9bmWLLTxdfTfTs19+VZRm2yyXw KFM2DbeWJORrWkxO0yDPS5FNVv54brkmvu8Iu7Ge3fbYNXSAe5SKJMhmwiXone7S XZFLY9KceZjj1jrX9JLDE8Ivp/gp+9W2LrafguZhYnSeZ2SRtx/vDloPDKrv1V/N ny2EudnX+vN6KRMqfpcGc/NR3/ODfkHkXfKVuZ056oPxsSBCFJSzlVl2gDfMTCDV fH+emZEN2lN9okRIbZadNlGy8Ef34ZvX52CzBonA1u30YI/PiSjiC+8l8HxjEDJv VhZSJb2dwMJX/7AtXGcEL9C9avRmfzjFullbaCM5HDnKlwvUC/04HkYuydft66XW VrILhscdrGiBOIiQTaJuiJPBavSQEt8LCYpZOS74icvlB5RzI8Mk8I6V976XzBoS QAGulIxAp/+CYisBYr6j =3vi3 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Vuln in SSL 3.0
On 15/10/14 14:43, nicolas@free.fr wrote: Hi, there's a workaround here : https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it aims to forbid protocol downgrade, except for interoperability however I don't know when draft will be accepted and included to TLS protocols The latest versions of OpenSSL that have just been released today implement this capability. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3565] bug report: s_client: -ssl2 is present in usage with OPENSSL_NO_SSL2 defined
Running the openssl binary configured with no-ssl2: $ openssl version OpenSSL 1.0.1i 6 Aug 2014 $ openssl s_client -ssl2 21 | fgrep ssl2 unknown option -ssl2 -ssl2 - just use SSLv2 -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol That is, -ssl2 is an unknown option, still it's documented in the usage block after the error message. It's compiled out at 913 #ifndef OPENSSL_NO_SSL2 914 else if (strcmp(*argv,-ssl2) == 0) 915 meth=SSLv2_client_method(); 916 #endif but similar conditions should be applied around 338 BIO_printf(bio_err, -ssl2 - just use SSLv2\n); as well. Same for the other protocols. It's a rather misleading documentation bug, please consider fixing it. -- Thanks, Feri. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3565] bug report: s_client: -ssl2 is present in usage with OPENSSL_NO_SSL2 defined
This is already fixed in https://github.com/akamai/openssl/tree/rsalz-monolith which will be merged into the next release after 1.0.2 -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 0.9.8 End Of Life Announcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL 0.9.8 End Of Life Announcement == The OpenSSL Project is today making the following announcement: Support for version 0.9.8 will cease on 31st December 2015. No further releases of 0.9.8 will be made after that date. Security fixes only will be applied to 0.9.8 until then. Yours, The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUPop/AAoJENnE0m0OYESR/d4IALZm8mKyFhJnOdUXyY6u4hUJ Nc+HqEFI6IThTZrLisPeW3OSeW8EvAnLwy7Ie3HK1X8LoMvyoeJ/r8Mlcg1MYTlM 9n3IxCnDTI4avkMTUoeyen2sedmBcvxkyBAofqxi+A/3sZbGSNDQwIjPSdorv9xh TY/yoOoelOECR7QetgJoOD+mYMG7Rt6xgF1EsFwna1Z5UKcXcVz/Yab8A3sF5ohz XySf5TPSQJhaISWzXmCIYntUGVbh9mKz+KgJ4DUcri4xbuTqm1XoL1ZaYwxOGKDQ K44RwGj/e3QfPBhXAZkAFzIjvqVG0mfHCWhy8ufrMkkncUIklVBOnvDIdmGmHpU= =zZcP -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Vuln in SSL 3.0
Great! I suppose it fixes both - client and server ? On 15 October 2014 15:59:13 CEST, Matt Caswell m...@openssl.org wrote: On 15/10/14 14:43, nicolas@free.fr wrote: Hi, there's a workaround here : https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it aims to forbid protocol downgrade, except for interoperability however I don't know when draft will be accepted and included to TLS protocols The latest versions of OpenSSL that have just been released today implement this capability. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
RE: Vuln in SSL 3.0
I suppose it fixes both - client and server ? The server-side is automatic: when it sees the SCSV fallback, it sends a fatal alert back to the client. Clients that will do fallback must call a new API; see the changes file. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz :��IϮ��r�m (Z+�7�zZ)���1���x��hW^��^��%�� ��jם.+-1�ځ��j:+v���h�
[openssl.org #590] [PATCH] Confirm and reopening X509_get_signature_type() returning NID_undef
X509_get_signature_type() returns NID_undef for any certificate given. Bug exists as far back as I could compile (0.9.6). Attached patch for git master branch makes X509_get_signature_type() a synonym for X509_get_signature_nid(), which makes more sense and won't break anything because the function never worked. Also adds macro X509_get_signature_algs(), which properly extracts public key and digest algorithms as X509_get_signature_type() was supposed to. Ben __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #590] [PATCH] Confirm and reopening X509_get_signature_type() returning NID_undef
Adding patch On Wed, Oct 15, 2014 at 9:38 PM, Ben Fogle benfo...@gmail.com wrote: X509_get_signature_type() returns NID_undef for any certificate given. Bug exists as far back as I could compile (0.9.6). Attached patch for git master branch makes X509_get_signature_type() a synonym for X509_get_signature_nid(), which makes more sense and won't break anything because the function never worked. Also adds macro X509_get_signature_algs(), which properly extracts public key and digest algorithms as X509_get_signature_type() was supposed to. Ben 590_fixed_X509_get_signature_type.patch Description: Binary data