[openssl-dev] Fwd: Problem with encoding a CRL's signing algorithm
Hi, I think there is somewhat strange behaviour in OpenSSL that causes interesting bugs to happen when trying to encode CRLs based on deltas. More information about the issue (causing a segfault under certain conditions) is in the attached mail by Felix who discovered it. Regards, BenBE. ---BeginMessage--- Hi, I am trying to encode deltas between CRLs directly in ASN1 (DER), which works quite fine. Thereby I stumbled across a problem with encoding X509_ALGORS to ASN1: I want to encode a new CRL's (X509_CRL_new), currently invalid, Signing algorithm (i2d_X509_ALGOR( crl-siging_alg, ... ) ) and restore that with d2i_X509_ALGOR( crl-signing_alg, ...) afterwards. Restoring of the algorithm works fine in OpenSSL 1.0.1.f, but fails in OpenSSL 1.0.1j and 1.0.1l. This is probably because the i2d function encodes the (invalid) Signing algorithms slightly different in the different versions. This happens, because the invalid signing algorithm is represented slightly different in the internal structure. In version 1.0.1f the invalid algorithm is encoded as sequence with an object id with length 1 and content 00 ( - 30 03 06 01 00). In the newer versions (1.0.1j and 1.0.1l) the invalid algorithm gets encoded as sequence with an object id of length 0 ( - 30 02 06 00). This new encoding causes the d2i function to fail. Now the d2i function nulls the sig_alg. This causes a X509_CRL_verify to cause a segfault. Is this behavior expected? Am I doing something wrong? Is there a problem with what X509_CRL_new does (setting different UNDEFINED-ObjectId-Objects)? For better clarifying my problem, I have attached a small example code that creates such a CRL, tries to verify it (what will fail, but not crash), does the i2d, d2i re-setting of the Algorithm and re-calls X509_CRL_verify which now crashes in 1.0.1j and 1.0.1l, but works fine in 1.0.1.f. For executing the sample, compile it with something like gcc -g -std=c99 crl.c $YOUR_LIBCRYPTO and attach the version of libcrypto you want to test with. The example should segfault with 1.0.1j and 1.0.1l but run fine with 1.0.1f. Thank you very much for your help, Kind regards, Felix #include openssl/ssl.h #include openssl/err.h #include stdio.h int main( int argc, char *argv[] ) { ERR_load_crypto_strings(); // Generate some Public key EVP_PKEY_CTX *ctx; EVP_PKEY *pkey = NULL; ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (!ctx) exit(-1); if (EVP_PKEY_keygen_init(ctx) = 0) exit(-1); if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) = 0) exit(-1); if (EVP_PKEY_keygen(ctx, pkey) = 0) exit(-1); // Generate a new CRL X509_CRL *crl = X509_CRL_new(); unsigned char buffer[256]; unsigned char *pos = buffer; // DER encode its X509 ALGORITHM i2d_X509_ALGOR( crl-sig_alg, pos); printf(output: %d\n, (int) ( pos - buffer) ); ERR_print_errors_fp(stdout); // Verification fails (but does not crash) int i = X509_CRL_verify( crl, pkey ); printf(verify: %d\n, i); ERR_print_errors_fp(stdout); for( int i = 0; i 5;i++){ printf(%x , (unsigned int) buffer[i] ); } printf(\n); printf(%x\n, (unsigned int) crl-sig_alg-algorithm); const unsigned char *pos2 = buffer; // This is the broken output of openssl 1.0.1j, 1.0.1l and correct (30 02 06 01 00) in 1.0.1f /*buffer[0] = 0x30; buffer[1] = 0x02; buffer[2] = 0x06; buffer[3] = 0x00;*/ ERR_print_errors_fp(stdout); d2i_X509_ALGOR( crl-sig_alg, pos2, 9); // this nulls crl-sig_alg with the broken output see above printf(%d\n, (int) ( pos2 - buffer) ); i = X509_CRL_verify( crl, pkey ); // this finally crashes in 1.0.1j, 1.0.1l but works great in 1.0.1.f printf(verify: %d\n, i); // Free things, if the program is still running. ERR_print_errors_fp(stdout); EVP_PKEY_free( pkey ); EVP_PKEY_CTX_free( ctx ); X509_CRL_free( crl ); } ---End Message--- signature.asc Description: OpenPGP digital signature ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL patches and enhancements from Akamai
* Add task for decryption of client key exchange response * Add task for generating client certificate verify message * Add task for signing of server key exchange message Can you explain this a little more? I can. I mentioned this on the -team mailing list. The idea is that an application can register callbacks so that CPU-intensive intructions, RSA and ECC ops for now, can get spun off into a separate thread. The top-level SSL_accept/connect return a new error code not ready yet and then can poll or wait for the background processor to tell the main thread it's ready, etc. Again referring to internal knowledge, this might be moot. But it might be a quick win for some of downstream distro's ... ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OpenSSL patches and enhancements from Akamai
On Fri, Feb 13, 2015 at 09:05:53AM -0600, Short, Todd wrote: Hello openssl-dev: We at Akamai have a number of enhancements and fixes for OpenSSL that we would like to contribute. Before I inundate r...@openssl.orgmailto:r...@openssl.org and openssl-dev mailing lists, I am asking if there's a desire to provide the changes as one large patch file, or as separate patch files. These have yet to be merged into the latest branch and still have to be formatted to the new coding standards, so they aren't going to be posted immediately. Do not send 1 large patch. I suggest an RT ticket per issue. But you might think about spreading that out over time. * IPv6 support in s_client/s_server No need to submit this, there are already a few of those and I'm working on something more general for IPv6 support. * Add task for decryption of client key exchange response * Add task for generating client certificate verify message * Add task for signing of server key exchange message Can you explain this a little more? Kurt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Proposed cipher changes for post-1.0.2
Hello, Dr. Stephen Henson st...@openssl.org wrote: |On Fri, Feb 13, 2015, Viktor Dukhovni wrote: | On Fri, Feb 13, 2015 at 11:59:13AM +, Salz, Rich wrote: | Some time ago, I had submitted a patch which allows administrators, but | most importantly OS distributors to set their own strings \ | in the configuration | And my intent is to pull this into master pretty soon. | We may not need a patch for this, I thought we were about to deprecate | OpenSSL_config() with its void return status and encourage folks |Just clarification. The initialisation we're recommending I normally refer |to as config modules. NCONF is a more general API for configuration files. I think an interesting question would be wether that configuration API will eventually obsolete the direct function interface? |Config modules were intended to be used for application setup so would |be a good place to add a system cipher string instead of a \ |whole new mechanism. |The only problem is that it would only work with application that supported |config modules. So break API compatibility and extend the mandatory SSL_library_init() to incorporate the functionality of CONF_modules_load_file(), introducing a SSL_library_free() counterpart? Or don't break compatibility and let SSL_library_init() internally do OPENSSL_config() unless OPENSSL_INIT_DONT_LOAD_CONF is defined? Or ditto but introduce a new SSL_library_init_with_conf() with an SSL_library_free_with_conf(), too. It will be very interesting to see how you will overcome that deadlocked situation. Have a nice weekend. --steffen ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] ossl-1.0.2 needs a tweak for CodeWarrior4
G/Morning, Found 1.0.2\crypto\rand\rand_nw.c needs a tweak for CW4 to compile: --- rand_nw.c.orig 2015-01-23 01:58:32.0 +1100 +++ rand_nw.c 2015-01-28 14:33:04.18750 +1100 @@ -155,8 +155,11 @@ for (i = 2; i ENTROPY_NEEDED; i++) { # ifdef __MWERKS__ -asm { -rdtsc mov tsc, eax} + asm + { + rdtsc + mov tsc, eax + } # elif defined(__GNUC__) __GNUC__=2 !defined(OPENSSL_NO_ASM) !defined(OPENSSL_NO_INLINE_ASM) asm volatile (rdtsc:=a (tsc)::edx); # endif The acceptable format is the same as 1.0.1l, so no idea where the 1.0.2 version came from, unless done by hand. Otherwise 1.0.2 builds without issue. Norm ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev