1. Decide that multiple locking is a bug (as the stuff in crypto/threads
suggests) and fix any cases found.
This is the best solution.
Under Linux this is just a case of
using recursive mutexes, on other platforms this may not so easy.
Recursive mutexes are a bad thing. They were invented for
The difference is that des_cblock is defined through a typedef.
This is correct explanation.
In such a case, you have built a new type
This is the wrong reason.
Typedef does not introduce a new type, only synonyms for types that could be
declared another way. (KR2nd p 221). However "const"
I patched ssl_engine_kernel.c to realize an OCSP responder function
that check cert status on ldap v2 directory.
I am sorry to be a pain in the neck (or lower down :), but you did not.
Your code does not do OCSP. OCSP is a status query protocol defined by
the IETF. You added "cert lookup" to
Perhaps the simplest solution is to turn deskey into a struct whose
first element is char[8]. I think the only current code it breaks
is requiring {} around initializers and an in key setup functions.:)
__
OpenSSL Project
in crypto/asn1 , many "unsigned char **pp",
Pointer to array of pointers to unsigned char
Sigh. Wrong. It's the address of a character pointer.
As Dr. Henson pointed out, the ASN1 routines typically
take a buffer pointer, parse some bytes, and update
the pointer. Hence the indirection. (In
I implemented CRL issuing distribution point extension.
Is this covered by Entrust's patent?
http://www.entrust.com/news/1998/04_23_98.htm
http://www.entrust.com/news/1998/04_23_98.htm
__
OpenSSL Project
How are you going to handle multiple OUs? In the case where a certificate
contains 4 multiple OUs but a user DN only contains one of those 4?
Shouldn't the user DN exactly match the "subject" field from the cert?
If not, when and why not?
I search in LDAP just by e-mail, and I compare the
It won't always be the case that your directory structure will map
_exactly_ to your certificate heirarchy.
So you need a general filtering of subjectDN to LDAPDN, I guess.
We've come across this issue. Our circumstances are a little different
from yours, since the product (here) is a
I think there are some bugs in the handling of non-ascii chars...
28 $ openssl x509 -in x -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root
I have an ASN1_OBJECT, which in this case is an OID.
How do I get a string out, like "1.2.4.122334.69" ?
tnx.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Or do an "evil hack". ...
I can't believe you wrote that in a public forum. :)
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated
Show me one single .h file that is modified in place.
mkerr.pl It modifies .h files all over the place.
I'd much rather see the header files renamed and
then have some build targets that either copied
the files (i.e., default errors) or invoked mkerrs
(i.e., you've added new error codes)
You don't use mkerr.pl when building OpenSSL, and if you add private
New error codes, you are free to add them manually to the header files.
Okay, I'm convinced.
__
OpenSSL Project
SSLv2 is more tricky as the header is of variable length.
Oh great, bring back BSD4.2 "packet trailers" :)
void *aligned_malloc(size_t total_size,size_t unaligned_size);
Continuing the history reference, what about the old vmalloc API?
although malloc() returns a pointer "suitable aligned",
void *aligned_malloc(size_t total_size,size_t unaligned_size);
Continuing the history reference, what about the old vmalloc API?
Never heard of it... Got a reference/url?
I am tracking it down. I will post what I find.
It might be worthwhile doing some poking around in ACM SIGCOMM papers,
Quite a bit of "noise" would be removed if this was
documented: even if just a digest of the answers
we've given.
There are various auto-faq, distributed-faq, etc., tools
around. The ones the python folks use (www.python.org)
seems pretty nice -- maintains edit histories, etc., and
breaks up
void *aligned_malloc(size_t total_size,size_t unaligned_size);
It will be "interesting" to see how you'll implement this
in a portable manner, such that aligned_free is also
implemented.
Continuing the history reference, what about the old vmalloc API?
Never heard of it... Got a
Maybe a better way of stating my intent would've been to say
that I'd like to
provide the cross platform interface to make a PKCS#11
interface easier.
sigh. Does the world really need another token interface?
(As opposed to PC/SC, PKCS11, CDSA, etc.)
Although there are some things in PKCS#11
Unfortunately the way the original SSLeay (and now OpenSSL) ASN1 works
is to be "memory based"
As almost everyone finds out sooner or later, memory fragmentation can soon
become an issue in the performance of long-running servers. The ASN1
functions are particularly prone to this. I would love
The following certs were generated using a popular commercial CA.
The cert-sign cert verifies okay; the cert-sign cert does NOT verify
the crl-sign cert -- OpenSSL verify command claims the padding is wrong.
Any clues? Any die-hard DER bit-twiddlers have any advice?
Thanks, much, in advance.
It seems to be that this behaviour is implied by the extensions: that is
both certificates have the same subject and issuer names and they match
each other: crl-sign however doesn't have permission to sign
certificates but cert-sign does. Presumably this is intended to mean
that you use the
However when a CA rekeys you'd expect some indicator of the new key
used, not just: "try everything you've got and see what happens".
You're more optimistic than I.
__
OpenSSL Project
Tom is no longer at CertCo.
Because of the US export regulations we cannot help
with this. We wish it were otherwise.
/r$
__
OpenSSL Project http://www.openssl.org
Development Mailing
int is_bigendian() { static int i=1; return (int)(*(char *)i); }
Oh heck, go all the way:
From: Marc W. Mengel [[EMAIL PROTECTED]]
Sent: Tuesday, March 16, 1999 4:25 PM
To:
Subject: From the dim-and-musty department
Someone wanted this a while back, and I had occasion to find it and touch
Have fun with these links.
Bye.
Sorry about that; we got hit with a virus. Fortunately most of the time
the virus itself doesn't get sent.
Our apologies.
__
OpenSSL Project http://www.openssl.org
you can use alloca to
Not if you want to maintain portable code, you can't.
I am concerned that "we'll just always malloc" not
become the standard behavior. This will lead to
memory fragmentation, etc., and ultimately poor
performance in long-running servers.
No entirely true. It's very possible to use, if you make sure you
have a standard replacement alloca() for those architecture that don't
have it.
Oh yuck, recurse once and compare addresses to see which way the
stack grows.
There are other solutions, then, like keeping memory pools to make
but our question is about 5/10 Millions of certificates.
You might look at what typical (traditional?) Usenet
implementations do...
__
OpenSSL Project http://www.openssl.org
Development Mailing
Also there is a crypto api that I
believe gets you the RSA public-key functions.
The CryptoAPI does not export enough functionality to enable you to
implement SSL. This *might* have changed in Win2K. I haven't been following
the discussions that closely; here are two messages on the subject:
As always with Sun, the details are in the license. :) Since they're
releasing it to Mozilla.org, however, then it's unlikely they'll use their
problematic "community license."
http://biz.yahoo.com/prnews/000118/ca_sun_net_1.html
Yahoo - The Sun-Netscape Alliance Releases PKI Library
Why pass a reference? C has been able to passreturn aggregate types since
v7 :)
only way to do this validly is to make the functions
actually take a foo* as their argument, surely?
Yes you must do that.
I'll bet in most cases you can make the foo static
Unless I misunderstand what you mean,
In the ANSI standard C sense, there is no real difference between the C
language and the supporting libraries.
I don't have a copy of the standard handy, but I'm fairly sure it can be
safely castable as I said before.
Therefore if Compaq's C compiler #define's it as void*,
then their "compiler"
can CRLs be signed by a certificate that is not the CA certificate
No.
What do you think ???
Very very bad idea. There are various alternative ways of getting fast
online status; OCSP is one. Valicert has a cute patenteded data structure
called CRT's that can be effective. Entrust has a way
What do you mean by "the CA certificate"?
Yes, you're right; I was being too simplistic.
A CA can delegate it's CRL-signing capability via CRLDP, etc.
I think the concept of "suspension" is worthwhile in realtime environments.
Think "credit card stolen" vs. "spending limit exceeded." I think
The attached CRL shows a date formatting bug in OpenSSL, a snapshot
downloaded last night. (It also appears in 0.9.2)
To see it, save this to a file "foo" and do
openssl crl -in foo | openssl crl
and get the following errors:
unable to load CRL
22903:error:0D08707B:asn1 encoding
Is there any circumstances where the environment isn't safe?
I thought it was readily available on all BSD-derived Unices. viz:
haggis 71 uname ; who ; echo i am `who am i` ; ps -wwe -tp1
BSD/OS
salzrttyp0 Feb 10 14:58 (camstig)
bowe ttyp1 Feb 7 08:36 (taco)
i
US folks exporting software should send their email to
[EMAIL PROTECTED]
it will go to the BXA, and also be kept in a public archive...
Spread the word.
-Original Message-
From: Matt Blaze [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 20, 2000 3:38 PM
To: Salz, Rich
Cc
However your application could just as easily work with a signature.
The difference being, of course, that the info on what to forge (i.e., the
IP address) is now in plaintext. Most license schemes try to keep that info
private. :)
The program should overwrites it's sensible environment variables as soon
as it
has read the content, therefore strongly reducing the problem.
Assuming the ones that "ps" shows are in userspace not kernel space.
Not always a safe assumption.
how about just changing apps.h to be this
extern struct lhash_st * config;
Remember "typedef does not introduce a new name" :)
__
OpenSSL Project http://www.openssl.org
Development Mailing
The folks at the Distributed Systems Technology Center is building
a PKI from the ground up. They've made similar modifications to
SNACC. The primary difference is that VanDyke considers their version
to be frozen ("it does what we need it to do") while DSTC might still
be doing some work on
What's the likelihood of George's XML patch making it into the mainline?
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List
I remember Rich salz talking about some symbol conflicts appearing in
the crypto portion of ms's c-runtime for win2k.
Right. You need something like this
#ifndef NOCRYPT
#define NOCRYPT /* prevent new Platform SDK 2000 .h files from */
#endif /* #including
Object OID's are intended to be universally unique identifiers. They are
distributed hierarchically, just like domain names.
For examle, ISO (1) created a group of organizations (3), and within that
recognized the US Dept of Defense (6), which recognized the IETF (1), who
created a branch for
Perhaps if someone donated a license or two to the core team, they'd be
interested in tracking changes.
As of now, it's sporadic, depending on interested parties to submit patches.
(Including Coverity at times, IIRC)
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge,
There are actually two licenses. The second allows all software (even
closed), but only for non-military use.
I would say that's still a problem. For example, we could use OpenSSL on our
network to provide acceleration for public DoD sites. Is that military use?
Suppose it's for use on a
Is this anyway to set a font type so that it all looks the same ?
This is most definitely NOT an OpenSSL issue. OpenSSL has absolutely no
concept of fonts, markup, or anything like that.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
What do you think about adding a counter (or two) to the SSL structure, to
count every time an alert is sent, and/or every time a crypto operation fails?
Wouldn't this help make it easier to detect (and then prevent)
multi-message-timing attacks?
--
Principal Security Engineer
Akamai
I see that we've used up all 32 bits of options in the SSL structure. Any
thought given on how to extend that? A 64-bit long long seems simplest, but
might have issues with some of your older platforms.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
OpenSSL 1.0.2 has added an extra cert_flags field as part of the CERT
structure. Adding things to
CERT has the advantage that it is one of the few structures in the ssl
library that has always been opaque.
And so do you change the options from a raw hex number (0x08000 etc) to a
bitnumber
Yes, it predates the latest release. I thin in general it's like a makefile
hygiene thing -- if files are read-only, but can be created, then the target
needs to be removed first.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
:��IϮ��r�m�
(Z+�7�zZ)���1���x�
*The* John Nagle?
One possibility is to write your own BIO, perhaps based on the sock_bio, that
buffers the bytes and makes it available.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL
Find an unhappy employee and offer them a couple-hundred thousand Euro for
their password.
The question/requirement as stated is unanswerable, and certainly not by the
well-meaning volunteers who frequent this list.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
http://wiki.opensslfoundation.com/
Great. It would be good to have a link pointing to this on the documents tab
on openssl.org
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
The proper term is proof of possession. SSL/TLS define how to do it in the
protocol spec.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
There are a number of concepts that are related, but they are different, and it
(can be) important to keep them straight.
Proof of possession -- how do you know that someone who gave you a cert has the
private key? This seems to be what the OP was writing about. Conceptually,
you give them
Would there be any interest (and support) from the dev team for patches that
completely remove SSLv2 API's?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
➢ If there is compatibility issue, then it seems we have to recompile our
application with latest openssl library. Please suggest if you have any other
or better solutions.
There is no other solution.
0.9.8 and 1.xxx aren’t binary compatible. For more details, see the FAQ,
It's a general problem; what if the client list contains stronger ciphers but
they appear after the weaker ones?
We modified code so that the server side can have its own ordered list, and it
will search through that list from what the client offers.
If I can get the patches released, is there
Subject: Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5
On Mon, Jun 03, 2013, Salz, Rich wrote:
It's a general problem; what if the client list contains stronger ciphers but
they appear after the weaker ones?
We modified code so that the server side can have its own ordered
Are you running on a 32bit machine? If so, the maximum time is 2038.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Ø Hm, without any SSL_OP_... settings, the expectation generally is that we
kind of sort of follow the specs
Ø and don't do any weird stuff like this for interoperability's sake. If we
switch semantics around for certain
Ø options, the resulting inconsistencies would make all that even
That's a nice small sample program, but your input doesn't decode
; openssl enc -des-cbc -d -k mykey earth.obj.enc
bad magic number
exit 1
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
I am currently comparing SSL handshake performance with/without OpenSSL
engine.
Which engine? The Engine API is just an API (some would call it an SPI,
service provider interface).It doesn't make sense to talk about performance
without talking about a specific implementation of that API.
I'm not sure how to slice the 128- and 192- bits of security, though. Perhaps
a medium-low and medium-high?
This is one reason why subjective terms like low should be avoided.
The other being that the definitions shift over time.
/r$
--
Principal Security Engineer
Akamai
I like your proposal, but I'd prefer to see an already initialized error code
returned. Or a flag to the (new?) init api that says ignore if already set
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
I'm beginning to think it's a bad idea to have cipher names like HIGH because
they are a moving target and bad things can happen when OpenSSL changes the
definitions.
If we need to keep them, would you be interested in code which added a
[cipher_names] block to config, which allowed folks to
You don't and shouldn't free it: it will be free when the SSL_CTX it is added
to is freed.
In other words, if you want a local copy, bump the refcount for yourself.
Right?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
I think a better way to do this would be to have a config param that set the
minimum acceptable size. I.e., a #define
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
It's required by the amd64 ABI, and other things will break if this
requirement is violated.
Do you mean Stack alignment is required, or the ability to have unaligned
stack is required? I think you mean the first one, but it wasn't clear to me.
Tnx.
--
Principal Security Engineer
Akamai
This set of patches normalizes the terminology for Perfect Forward Secrecy
key exchange within OpenSSL to the terms
used by standards bodies and other implementations, while keeping backward
compatibility for existing configurations and other inputs.
This is an amazing set of patches, and
Ø 1.3.6.1.4.1.22232.15.0: Curve25519 (That's out of my arc)
I’ve been in touch with Dan, who sent me to Werner Koch, who said that GPG is
using
{ Curve25519, 1.3.6.1.4.1.3029.1.5.1 }, -- Peter Gutmann's arc
So we should use that
I’m gonna post an I-D today or tomorrow, and ask the TLS-WG
Has anyone thought about how to increase the SSL options? Looking at the
#define's for SSL_OP_... it seems that all 32bits are taken.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
I am not an OpenSSL developer, but it seems to me that system default
cipherlists are not a good idea.
+1
I'd rather see the ability to add a new section openssl.cnf, like
[ cipher-profile ]
redhat-recommended = AES256-CGM-SHA384
and then you could do things like
I, for one, would not want OpenSSL to employ such a complex and fragile
mechanism.
Yeah, it's kinda gross and clunky. On the other hand, it's really all we have
right now, and rejecting a cert with a SAN name of *.com is a good security
thing to do. Perhaps a configure option, or a
Note that the implementation in master (some day 1.1.0) already rejects
*.com, what it fails to reject is *.co.uk
Yes, I understand; my example was wrong, sorry.
I think the onus is on the trusted CA ( that wants to remain trusted) to not
issue such certificates.
And mistake-free?
I am
I don't think it makes sense to have a separate flag.
What's the harm in looking at the CN if you don't find a match in the SAN?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
A quick check of some of our customers shows that out of 4200 SSL certs, 820
have a wildcard CN.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
Right, I think this makes particular sense for Akamai customers, for whom you
likely host multiple related web sites and coordinating the deployment of
multiple certs is likely often too complex.
No, these are individual per-site certs for our customers. And just because
you gave me the
Our server makes sure it sets SSL_OP_NO_QUERY_MTU in the SSL_CTX. ...
This should disable the heartbeat extension requests and responses. Should I
still upgrade it to the 1.0.1g ?
No, it does not disable SSL/TLS heartbeat. Try connecting to your server with
s_client command and type a B
+1!
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Nikos Mavrogiannopoulos via RT
Sent: Thursday, April 10, 2014 2:25 AM
Cc: openssl-dev@openssl.org
Subject:
We've been compiling -DOPENSSL_NO_BUF_FREELISTS forever. Our only complaint is
that the BUF is misspelled :)
Theo can be obnoxious. This should not be news to most folks.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Read what Ted wrote. There's is a use after free if you
-DOPENSSL_NO_BUF_FREELISTS It would have been spotted by OpenBSD's malloc.
I was commenting on Theo, not Ted.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Karma has a sense of humor.
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/ssl/Makefile?f=h;rev=1.29
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/ssl/Makefile.diff?r1=1.29;r2=1.30;f=h
Two people reviewed the change (the ok line) and they got the -D flag wrong for
nearly
Rather than standalone tests, a patch to s_client seems like it would be most
useful: -sslv3, -state, and the other flags for example.
Anyone working on this? Like -heartbleed=N/M (# of bytes to request/# to
actually send)
/r$
--
Principal Security Engineer
Akamai Technology
It would be appreciated if you cared to contribute back your own custom
secure_malloc allocator.
We did. See
http://marc.info/?l=openssl-usersm=139723710923076w=2
and
http://marc.info/?l=openssl-usersm=139723972124003w=2
--
Principal Security Engineer
Akamai Technology
Cambridge,
Would you please elaborate on how it differs from what you've been using in
production?
Local platform issues, mainly. Conceptually, nothing different about the
security.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Why are building your own openssl? Did you try the official Ubuntu update?
Especially since the original poster seems to have problems with the basic
software engineering stuff. (No criticism intended, it can be confusing.)
/r$
--
Principal Security Engineer
Akamai Technology
Recommendation: protect the rest of the private key material.
Yes, we missed some important fields.
Dang is a word that comes to mind. At least, one I can use in polite company.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
This is a revision of a patch we posted earlier. It's much better. It should
compile on any system that has mmap, mprotect, madvise. We would like to thank
Dr. Stephen Henson, Fedor Indutny, Willem Pinckaers and, in particular, Tim
Hudson for feedback and review. No endorsement by any of them
I think a general mechanism that allowed you to set default command-line flags
would be useful. (And of course you'd need a new flag to skip that.)
For example, a new [commandline] section, where command-flag is the key or
command-flag.1, command-flag.2 for repeated instances.
/r$
--
If the API requires the same buffer and count, then perhaps the SSL structure
should hold those values, and require the user to send NULL/0 in subsequent
calls?
Or assert(). It's a programming error that requires source changes to fix.
--
Principal Security Engineer
Akamai Technologies,
While rpaths are not needed in some contexts, they are important in others,
please do not remove rpath support.
Yes, such as cross-compiling or embedded systems. I think it's reasonable to
make it a config option tho.
/r$
--
Principal Security Engineer
Akamai Technologies,
Steve, have you considered trimming the DEFAULT cipher list?
It's currently...
#define SSL_DEFAULT_CIPHER_LISTALL:!aNULL:!eNULL:!SSLv2
I wonder how many of these ciphers are actually ever negotiated in real-world
use.
I'm forwarding a bit of internal discussion; hope it's useful. This
The IETF TLS-WG is likely (my opinion) to soon put out an RFC that, basically
deprecates RC4.
We have customers with many embedded devices (old web TV's, almost every game
console, etc), not just browsers. But for OpenSSL and in particular new code,
dropping RC4 is the thing to do.
After scanning Alexa top 1 million sites (as a semi-representative sample)
the stats look like this:
How many of those sites are served by CDN's, for example?
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
How many of those sites are served by CDN's, for example?
I don't know, if you have a semi-robust way to detect that I'm willing to
implement it.
Short of giving out customer lists :) I don't. I suppose you could do a DNS
lookup and see if you got a CNAME to something else.
Though, the
Discussions on what the One True Ciphersuite List should be tend to result
in multiple correct answers.
:)
Placing a set of recommendations on the wiki (wiki.openssl.org) along with
their rationale would be a good step to providing a selection of choices for
OpenSSL users.
Yes, and
I dunno about this.
Fprintf(NULL, ...
Crashes... And shows that you didn't check back at the fopen call.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
Some folks might find this useful:
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.memailto:rs...@jabber.me; Twitter: RichSalz
From: certificate-transpare...@googlegroups.com
[mailto:certificate-transpare...@googlegroups.com]
Sent: Tuesday, May 06, 2014 8:16
1 - 100 of 1073 matches
Mail list logo
