Re: [openssl.org #2549] [Bug report / Linux / openssl 0.9.8k-7ubuntu8.6] openssl s_client does not verify certificate against server's host name

2011-06-26 Thread David Schwartz
On 6/26/2011 5:59 AM, Alain Knaff via RT wrote: openssl s_client -connect hostname.domain.com:443 does not verify that the certificate matches the hostname. (i.e. hostname.domain.com should match either the CN of subject, or in one of the subjectAltNames) Without such verification any web

Re: FW: To collect SSL certificate domain name issue.

2011-04-30 Thread David Schwartz
On 4/29/2011 3:40 AM, Bhagyashri Patel wrote: Hello Supportl, Here I have attached two document one with CN= “rightwaysolution” and second with CN = “righwaysolution.com”. We are using test mode account and able to generate the Comodo certificate Order Id using righwaysolution_CSR.txt. We

Re: DTLSv1_listen in non-blocking

2011-02-10 Thread David Schwartz
On 2/9/2011 10:59 AM, Nilesh Vaghela wrote: Hi, I just realized that may be DTLSv1_get_timeout and handle timeout is important because when server sends Server Hello we need to get back the response in time out. Is that right understanding ? If that is the case then in select I can not mix other

Re: Non empty error stack failing non-blocking SSL IO

2011-01-05 Thread David Schwartz
On 1/3/2011 4:22 AM, Uri Simchoni wrote: I’m using OpenSSL 0.9.8i, and have noticed the following scenario: -Some OpenSSL crypto function returns with an error, leaving a description of the error on the error queue -The application neglects to call ERR_clear_error() -SSL_read() is then

Re: segmentation fault printing x509 attributes

2010-11-28 Thread David Schwartz
On 11/28/2010 1:53 AM, Ignacio Amoeiro Bosch wrote: The following code Works in a standalone c program, but crash (with a seg fault) using it as a module. The crash occurs at line : X509_get_version(x), or any method that uses x My guess would be that the OpenSSL headers you are compiling

Re: OpenSSL without Transport

2010-11-09 Thread David Schwartz
On 11/9/2010 4:06 PM, Karthick Ramu wrote: I know that SSL requires a transport layer for reliability purpose. But if there is a reliable, pre-provisioned and lossless network is it possible to transport a SSL packet without any transport layer protocol. Does OpenSSL support SSL without

Re: License question regarding static linking

2010-10-12 Thread David Schwartz
On 10/6/2010 10:24 PM, Pierre DELAAGE wrote: I cannit answer to all the point but at least I can comment the redistribution one : To my point of view, a static linking is NOT a redistribution, just because the liked library is not usable by the end user. It most certainly is a

RE: [openssl.org #2293] OpenSSL dependence on external threading functions is a critical design flaw

2010-06-28 Thread David Schwartz
Guess I replied too quickly... I see why you thought I was spreading misinformation. Of course I agree that every library could be modified to use atomic instructions available on their CPU to synchronize. Its just a lot of modifications to be made considering the vast amount of code out

RE: [openssl.org #2293] OpenSSL dependence on external threading functions is a critical design flaw

2010-06-28 Thread David Schwartz
Darryl Miles wrote: David Schwartz wrote: Actually, that wouldn't work. What if you're using a threading library that permits threads to run in different SMP domains? In that case, the atomic instructions would only synchronize between threads running in the same SMP domain

RE: Potential fix

2010-05-18 Thread David Schwartz
Joakim Tjernlund wrote: If the server wants to timeout the connection, it can and should do so. Right, but I could not find how/where to do so. Can you give me some hints? There's no one right way to do it. If the program only ever has to deal with a single connection, using 'signal'

RE: Potential fix

2010-05-17 Thread David Schwartz
Joakim Tjernlund wrote: I once wrote this patch to solve a problem which I logged to be: Let EAGAIN be fatal for write to socket. Needed to unlock a hung connection where the www client has stopped reading its socket. Umm, if your code asks to wait forever until it can write, then that

RE: -DPURIFY, why not default?

2010-05-14 Thread David Schwartz
Nicholas Maniscalco wrote: Can someone help me understand the motivation for why -DPURIFY isn't the default? I've read through the openssl-dev@ and openssl-users@ archives and have found several threads involving -DPURIFY, but I've been unable to glean the motivation behind it being off

RE: Pre Master Secret Regarding

2010-04-03 Thread David Schwartz
Aravinda babu wrote: During SSL/TLS handshake,a pre master secret is sent from client to the server by encrypting pre master secret with server's public key. From that both client and server derive master secret and finally one symmetric key. My doubt is, why both cannot use pre master

RE: libcrypto safe for library use?

2010-04-01 Thread David Schwartz
Peter Waltenberg wrote: Document that this can only be done from the top level executable NOT from a shared library - and the top level app can switch the lock model if it wants. Changing the locking model is something that really can only be done by whatever owns main() anyway - it's not

RE: libcrypto safe for library use?

2010-03-31 Thread David Schwartz
P Kamath wrote: I don't think you can avoid a dependency on the system threading library though, but I don't see why that would be an issue. Many single- threaded programs wind up requiring the threading library on many platforms anyway as it may contain functions like 'clock_gettime'

RE: libcrypto safe for library use?

2010-03-31 Thread David Schwartz
Mark Phalan wrote: Imagine the above case happening in one thread while another thread makes a similar seemingly innocuous call with a similar effect (dlopen a library which uses OpenSSL). What should pkinit and the second library which uses OpenSSL do? If they set callbacks they'll be

RE: libcrypto safe for library use?

2010-03-31 Thread David Schwartz
Mark Phalan wrote: Because it fixes the race when libraries are correctly checking to see if the callbacks are already set before setting their own. It's a one or two line change to modify the mis-behaving libraries and new libraries can take advantage of the new locking. Two questions: 1)

RE: libcrypto safe for library use?

2010-03-30 Thread David Schwartz
Mark Phalan wrote: In this case, I presume 'pkinit' only supports one threading model (or one set of compatible threading models). So it can set the callbacks. It can set the callbacks but it can't set them in a way which is safe from races. It can set them before it performs any

RE: libcrypto safe for library use?

2010-03-30 Thread David Schwartz
Mark Phalan wrote: On 29 Mar 2010, at 20:20, David Schwartz dav...@webmaster.com wrote: Mark Phalan wrote: I think this fix is actually a bad one. I'm still not clear why you think that. Because it doesn't solve the problem case -- where one library user sets callbacks that another

RE: libcrypto safe for library use?

2010-03-30 Thread David Schwartz
Darryl Miles wrote: How does each of the 3 threads arbitrate in a thread-safe manner the initialization of the OpenSSL related libraries. How does any one of them know it is the first user ? For existing code, there is no fix. They will set incompatible callbacks and they will break. I don't

RE: libcrypto safe for library use?

2010-03-29 Thread David Schwartz
Mark Phalan wrote: I'm just suggesting a compile-time option. The application could always set the locking callbacks back to NULL if it knew what it was doing. -M I think this fix is actually a bad one. Will existing libraries continue to not set the locking callbacks and fail horribly if

RE: libcrypto safe for library use?

2010-03-26 Thread David Schwartz
Mark Phalan wrote: Unfortunately that's not really practical. To take an example I'm familiar with - libgss. libgss can end up calling into OpenSSL in the following way: libgss - kerberos - pkinit plugin - openssl It's simply not practical to change libkrb5 and libgss and all

RE: libcrypto safe for library use?

2010-03-25 Thread David Schwartz
Mark Phalan wrote: The threads(3) manpage states that to use OpenSSL in multi-threaded applications then locking callback functions must be set otherwise random crashes may occur. That is correct. This poses a challenge when using OpenSSL in a library which should be MT safe. There is no

RE: Calling SSL_read/write in client application

2010-02-09 Thread David Schwartz
Ofer Avitzur wrote: Hi I am trying to add openssl to my multithreaded client application (on linux). Currently my application sends data (over tcp socket) from one thread and read incoming data on another thread. Does openssl allow writing/reading from 2 different contexts ? What is the

RE: Change needed for -DPURIFY builds.

2010-01-04 Thread David Schwartz
Allan K Pratt wrote: EASY FIX: wherever RAND_add is defined (macro? function?), give it a different body for -DPURIFY builds. When PURIFY is defined, don't use the memory being passed in at all. This sounds extreme, but it should work. Sure, the entropy factors will change and the resulting

RE: Change needed for -DPURIFY builds.

2010-01-02 Thread David Schwartz
You're missing the point -- your comment is the height of irony, in a way. Use a suppression to make Valgrind shut up. /r$ I think you misunderstand his issue. His issue is not valgrind reports a spurious error/warning. His issue is -DPURIFY does not do what I think it's supposed

RE: SSL_write reurns SSL3_WRITE_PENDING

2009-11-05 Thread David Schwartz
I tried after setting mode SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER. Still I am facing the same problem. It is successfully transmitting data of more than 2000 bytes but consistently giving problem in sending 166 bytes. After failing once it never succeds and we have to terminate the connection.

RE: Official code contribution policy

2009-10-07 Thread David Schwartz
Can copyright can be added to modified files or new files be contributed under a different (but compatible) license? Thanks, -Mark I don't specifically know the policy of the OpenSSL project, but I strongly recommend simply adding them under the project's existing license if the

RE: OpenSSL and HTTP Keep-Alive, handshake or read?

2009-09-27 Thread David Schwartz
Kinstantin Ivanov wrote: hi all, I have a question about implementing http keep-alive when going over SSL connection. If successfully established, after I've serviced the request and I want to keep connection alive, should I listen for the handshake again or just read the expected data?

RE: DTLS: Fragmentation of user data due to PMTU limits makes no sense

2009-08-10 Thread David Schwartz
Daniel Mentz wrote: In my understanding DTLS should provide UDP semantics when run over the later. That is correct. That is if a user message is too large in terms of the PMTU it should either be silently discarded or the sender should be notified by an error message similar to Message

RE: openssl s_client behind proxy server

2009-08-10 Thread David Schwartz
Gordon Brown wrote: However, when I try to do the same on another machine that is behind a proxy server, I noticed that this same command does not work. NAT? Socks proxy? Squid proxy? Transparent proxy? It's not clear what you're talking about. I got an error message like this: Loading

RE: [openssl.org #1743] crasher due to lack of threadsafety on names_lh

2009-07-08 Thread David Schwartz
John Wilkinson wrote: That's a useful tip, perhaps, but if the underlying calls are embedded in a third-party libraries, such as handled by cURL etc, the end user has no choice as to when they're being initialized. A third-party library that monkeys with process resources (such as

RE: Determining if client requests ssl handshake

2009-07-07 Thread David Schwartz
Howard Chu wrote: David Schwartz wrote: I've managed to do this without problems for SMTP, POP, HTTP, and a few custom text-based protocols. Note that the protocol must be such that the client sends data first. If the server must send data first, then there is no way

RE: Determining if client requests ssl handshake

2009-07-06 Thread David Schwartz
Konstantin Ivanov I was wondering if it is possible to determine if client is requesting an ssl handshake on regular socket connection and if client does request it, continue with SSL handshake and enable secure communication? What is happening is that if I have a server, but I accept a

RE: SSL_library_init() EVP_sha256

2009-06-15 Thread David Schwartz
Phil Pennock wrote: The approach of the Exim MTA to cryptography is simple -- don't second-guess the SSL library developers when it comes to choosing which algorithms/digests/etc to load, and provide a knob (tls_require_ciphers) for administrators to restrict what can be loaded. The MTA

RE: SSL_library_init() EVP_sha256

2009-06-15 Thread David Schwartz
Phil Pennock wrote: That just won't work. Cryptography is not a drop in a library and mark a checkbox on your product thing. It has to be properly integrated in an application with decisions made as to what the application actually needs, what threat models it faces, and so on.

RE: SSL_renegotiate broken in non-blocking mode with PARTIAL_WRITE?

2009-05-23 Thread David Schwartz
On Fri, May 22, 2009 at 03:14:46PM -0700, David Schwartz wrote: Thor Lancelot Simon wrote: 1) I have data to write, and the SSL session's descriptor selects as ready-to-write. This already scares me. You have data to write on the unencrypted stream to the SSL connection

RE: SSL_renegotiate broken in non-blocking mode with PARTIAL_WRITE?

2009-05-23 Thread David Schwartz
Thor Lancelot Simon On Sat, May 23, 2009 at 05:30:54AM -0700, David Schwartz wrote: Let me start out by saying I think you're correct on most of your points, and I was incorrect. But I do want to clarify one issue. Set SSL_ACCEPT_MOVING_WRITE_BUFFER. The only requirement

RE: SSL_renegotiate broken in non-blocking mode with PARTIAL_WRITE?

2009-05-22 Thread David Schwartz
Thor Lancelot Simon wrote: 1) I have data to write, and the SSL session's descriptor selects as ready-to-write. This already scares me. You have data to write on the unencrypted stream to the SSL connection. The SSL session's descriptor write is for the encrypted stream between

RE: select before SSL_read call

2009-05-13 Thread David Schwartz
Sudarshan Soma wrote: I have added SSL_pending after select call just to ensure that data is even not present in SSL buffers, incase select returns no data. That just makes more work for you. Unless you have some good reason not to, you should just call SSL_read. If there is data already

RE: Confused by OpenSSL

2009-05-01 Thread David Schwartz
Now, from whatever I know about the public key cryptography, it is not possible to generate private key from the public key and vice versa. Both the keys can only be generated together through some algorithm. The depends on the algorithm and your precise definition of private key. There is no

RE: Memory leak while using OpenSSL library

2009-04-10 Thread David Schwartz
Now at last, there is only 48 bytes leak of (in 0.9.8k and 1.0.0 beta1 its 36 bytes) of SSL_library_init(), is of not a big issue but I will have look into openssl to just as minimize as I can. (Because restarting the application many times will slowly eat up the memory.. and will require to

RE: [openssl.org #1856] [PATCH] Fix null pointer deref under low memory

2009-03-05 Thread David Schwartz
--- crypto\pkcs12\p12_crt.c � Wed Mar �4 13:37:26 2009 +++ crypto\pkcs12\p12_crt.c � �Wed Mar �4 12:44:40 2009 @@ -168,7 +168,8 @@ PKCS12 *PKCS12_create(char *pass, char * �� � � �sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); �� � � �bags = NULL; - � � � p12 = PKCS12_add_safes(safes,

RE: [openssl.org #1856] [PATCH] Fix null pointer deref under low memory

2009-03-05 Thread David Schwartz
Oh, one more thing. This is a very common type of error. It's very hard to test all possible out-of-memory paths. Worse, leaks in the error paths is common (your submitted fix even had one) making it hard to recover from an out-of-memory condition. If you are trying to code

RE: [openssl.org #1856] [PATCH] Fix null pointer deref under low memory

2009-03-05 Thread David Schwartz
What if the best solution is to abort the operation requesting the big chunk of unavailable memory? We don't have any significant cache in this process to dump, and it wouldn't have helped for long anyway. That should be handled in the code that deals with requesting big chunks of memory.

RE: [openssl.org #1850] AutoReply: Bug Report--openssl crashes at SSL_write()

2009-03-02 Thread David Schwartz
Hi, Request for an Update on this issue. Request for a high priority check on the same. Will provide additional information if needed. You could start with: 1) The code around the line of code in SSL_write that fails. 2) Identifying the exact line in SSL_write that fails. 3) The contents

RE: [openssl.org #1848] Bug found in BN_is_prime_fasttest_ex( )

2009-02-24 Thread David Schwartz
/* I found a bug in BN_is_prime_fasttest_ex() in which it erroneously reports small primes as being composite. The fix is below. I also think that the number 1 should be reported as prime. Please download this poster: http://www.adrianbruce.com/maths/prime-numbers/mathhelp1.gif If one was

RE: [openssl.org #1834] PKCS7_verify return value -1?

2009-01-30 Thread David Schwartz
Hi, The documentation for PKCS7_verify says: PKCS7_verify() returns 1 for a successful verification and zero or a negative value if an error occurs. This is correct. And in apps/smime.c there is this code: if (PKCS7_verify(p7, other, store, indata,

RE: Abbreviated handshake

2008-12-03 Thread David Schwartz
Is it possible to perform the shortened (session resumption) handshake without reconnecting the socket? TLS 1.2 RFC 5246 states: Yes. [ClientHello] The session identifier MAY be from an earlier connection, this connection, or from another currently active connection. The second option is

RE: [PATCH] ts verify for expired certificate patch

2008-12-01 Thread David Schwartz
Problem Description: When a digest has been signed and a response is produced, the current version of openssl will not verify the contents correctly if the certificate used to sign the digest has expired. Solution: When verifying the response/token, the time at which the digest was signed

RE: OpenSSL compile issues using workshop compiler on Solaris (my program)

2008-11-30 Thread David Schwartz
CryptManager.cc, line 731: Error: Formal argument st of type stack_st* in call to sk_pop_free(stack_st*, void(*)(void*)) is being passed void*. Any simple suggestions? These function calls are pretty much the same as in the ca.c etc under the apps directory. Any help would be

RE: OpenSSL FIPS 140-2 validation

2008-11-18 Thread David Schwartz
The problem is the root CA uses MD2WithRSAEncryption as a signature algorithm and that is prohibited in FIPS mode. I'm pretty ignorant when it comes to FIPS, is this a limitation of the FIPS requirements itself or a limitation of OpenSSL's FIPS validation? The former. FIPS does not

RE: [openssl.org #1770] 'make test' failure for OpenSSL 9.8g

2008-10-30 Thread David Schwartz
I tried to install OpenSSL 9.8g as follows on linux-x86_64 1. Edited config and Configure to replace ‘perl5’ with ‘perl’ 2. ./config 386 no-asm 3. Modifed the CFLAGS in Makefile (removed –m64 and added –m32) 4. Make 5. Make test ….’make test fails’ . Why does it

RE: Simple non-blocking TCP connect

2008-10-24 Thread David Schwartz
Gabriel Soto wrote: { // Create BIO with some random nonexistent host. BIO *bio = BIO_new_connect(192.168.9.9:); if (bio == NULL) { // Failed to obtain BIO. return false; } // Set as non-blocking. BIO_set_nbio(bio, 1); // Attempt to

RE: ssl teses forbidden in FIPS mode

2008-09-18 Thread David Schwartz
Is this correct for openssl 0.9.8 using FIPS? test SSL protocol test ssl3 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA 1 handshakes of 256 bytes done gmake[1]: ***

RE: Openssl banner

2008-09-05 Thread David Schwartz
Is there a command I can run to view the openssl banner? Thanks. Bernie If I understand your question correctly, the answer is to run the OpenSSL command line utility with the parameters 'version -a'. DS __ OpenSSL Project

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-11 Thread David Schwartz
Ted T'so wrote: At this point, you've just spent reams and reams of electrons stating the obvious. Yes, for the second time, because some people *still* don't understand it. (It's quite obvious to you and me, not so obvious to the people who still don't get it.) If the endpoint is

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-11 Thread David Schwartz
Michael Sierchio wrote: Theodore Tso wrote: As the old saying goes, better to be silent, and thought to be a fool, and to speak, and remove all doubt. Well, Brahma said, even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-11 Thread David Schwartz
Kurt Roeckx wrote: David, I think you have a problem of not making clear what you actually mean. I'm going to give 3 examples of how I could read what you were saying so far: 1. A client connects to a server, but the server has been compromised and someone knows it's secret key. The

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-10 Thread David Schwartz
Michael Sierchio wrote: Are you or are you not the same David Schwartz who claimed that SSLv3 is vulnerable to MITM? If so, what have you learned since then? If a browser has a maliciously-included root certificate placed there by an attacker and is using a SOCKS proxy also

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-10 Thread David Schwartz
Richard Salz wrote: If a browser has a maliciously-included root certificate placed there by an attacker and ... I'm not aware of any definition of MITM that includes compromising any part of an endpoint. Could you point to one? /r$ I didn't say you are vulnerable

RE: David is off to the entropy store to get some fresh entropy

2008-08-09 Thread David Schwartz
David Schwartz wrote: No, we count on it [RSA] being (for practical purposes) irreversible. That's why you need a different key to decrypt than you used to encrypt. If it was reversible, like say DES, you could decrypt with the same key you encrypted with by simply reversing

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-08 Thread David Schwartz
Kyle Hamilton wrote: On Thu, Aug 7, 2008 at 6:59 AM, David Schwartz [EMAIL PROTECTED] wrote: Kyle Hamilton wrote: If the pool is seeded once, the randomness will be random for as long as the amount of entropy in the seed holds out. After this, the numbers generated won't really

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-08 Thread David Schwartz
David Schwartz wrote: Deterministic is the antithesis of truly random. You've said some truly stupid things, David, but that one wins the prize. Do you know of a way that an algorithmic process can produce more truly random output than it has truly random input? Or do disagree

RE: David is off to the entropy store to get some fresh entropy

2008-08-08 Thread David Schwartz
Michael Sierchio wrote: David Schwartz wrote: Deterministic is the antithesis of truly random. I think you're obliged to define what you mean by truly random -- maybe even think about it before using such terms. It's a well-understood term in the art. Understanding the distinction

RE: David is off to the entropy store to get some fresh entropy

2008-08-08 Thread David Schwartz
Michael Sierchio wrote: No. We know what cryptographically useful random bitstreams are. [snip] But you said it was cryptographically secure (not a term of art, btw). Umm, yes, cryptographically secure is a term of art. It means that a hypothetical attacker with a specific set of information

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-08 Thread David Schwartz
Micahel Sierchio: David Schwartz wrote: do disagree with my claim that an algorithmic process can produce an very large amount of cryptographically-strong random output with a small amount of truly random input? Yes. A small amount of random input might mean that the entire

RE: David is off to the entropy store to get some fresh entropy

2008-08-08 Thread David Schwartz
David Schwartz wrote: RSA is reversible. I never claimed otherwise. What I said is: So /dev/random tries to provide truly random numbers while /dev/urandom tries to provide only cryptographically-secure pseudo-random numbers. It's as assured by the implementation as RSA assures

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-07 Thread David Schwartz
David Shambroom wrote: You're right: You are completely wrong. /dev/urandom never blocks. See the man page. Is this is the excerpt from the man page you are referring to? A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-07 Thread David Schwartz
Kyle Hamilton wrote: David S: to my knowledge you're at least somewhat incorrect, and part of your advice is rather dangerous to rely upon (from a cryptographic theory perspective). You are at least somewhat incorrect too. And yes, it is possible to run out the entropy pool. The amount

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-06 Thread David Schwartz
Tried many many times, even two running at the same time or poll timeout set to zero, not one instance of blocking even with od -x /dev/urandom and od -x /dev/random running simultaneously (the second one blocks, of course). H.. what the #$%# is happening here.. more ideas?

RE: [openssl.org #1727] No License error getting

2008-08-06 Thread David Schwartz
I am seenivasan , working in MNC. When i tried to compile (make) openssl in AIX boxes i am getting below errors. After 4 hours also the compilation has not been finished. cc -I. -I.. -I../include -DOPENSSL_THREADS -qthreaded -DDSO_DLFCN - 1506-507 (W) No licenses available. Contact

RE: Couldn't obtain random bytes in sshd - problem in RAND_poll?

2008-08-06 Thread David Schwartz
David Schwartz wrote: Try launching your test program automatically on boot up at the saem time you launch ssh or whatever application is failing. I bet '/dev/urandom' will fail then. The program had no problems running with simultaneous od -x /dev/random, that was blocking because

RE: non-blocking SSL_read() API problem

2008-08-01 Thread David Schwartz
Care to explain why you can't discuss how the API might or might not work without throwing around gratuitous insults? They are warnings, not insults. I'm sorry you see them that way. This last message to which I'm responding is merely condescending; the previous was downright insulting and

RE: Last portion SSL_read only after a SSL_write . Please Help.

2008-08-01 Thread David Schwartz
Hurrey I have the solution! :clap::-D If SSL_get_error give SSL_ERROR_NONE I test with strcmp ( at the end, /soap:Envelope) . because all data from the server must end with /soap:Envelope. If my data is not complete I send CR LF and the last 975 Bytes appeared

RE: non-blocking SSL_read() API problem

2008-07-31 Thread David Schwartz
3) We call SSL_read with our 8k buffer. The received data does not fit, so OpenSSL buffers it internally and returns 8K with SSL_ERROR_WANT_READ. How it can both succeed (returning 8K) and fail (returning SSL_ERROR_WANT_READ)? DS

RE: non-blocking SSL_read() API problem

2008-07-31 Thread David Schwartz
Let me trace through the application. Looking at the source code, it appears that the application may have a bug (checking the SSL error stack via SSL_get_error() when SSL_read() returned 0) but that what is actually happening here is: 1) SSL_read() is returning 0, SSL_get_error() is

RE: non-blocking SSL_read() API problem

2008-07-31 Thread David Schwartz
If this is really what's happening, it's a bug in OpenSSL. The application should be able to pass a 1-byte buffer the OpenSSL and get 1 byte of decrypted data. Consider that when running with the current non-blocking API, once OpenSSL takes the data out of the socket buffer, both

RE: non-blocking SSL_read() API problem

2008-07-31 Thread David Schwartz
Let me just state this one more time one other way to help people wrap their brain around it. The OpenSSL library is a black box. You are not supposed to look inside the black box. If you want to get decrypted plaintext from the black box, the black box may or may not need to read data from the

RE: Last portion SSL_read only after a SSL_write . Please Help.

2008-07-30 Thread David Schwartz
Hallo Okay, you have two choices. 1) You can pipeline, where you send the next request before you receive the entire reply to the previous request. In this case, you may receive the rest of the reply to the first request after you send the second. 2) You can not pipeline, where you don't send

RE: Last portion SSL_read ...

2008-07-30 Thread David Schwartz
not send the second request until you have received the entire first reply. yes you are right but the indication for nothing else to read is invalid. Where are you getting this indication from? If your answer is anything other than my HTTP implementation, then you are confused. Only your

RE: Last portion SSL_read only after a SSL_write . Please Help.

2008-07-29 Thread David Schwartz
Hallo I made a simple SSL Client on win32 The request and response works perfectly when the amount of data is small enough I made a request with SSL_write Servers answers with ..200 OK ... etc SSL_read gives 7159 bytes. SSL_get_error gives allways SSL_ERROR_NONE and therefor the

RE: [PATCH] PURIFY and valgrind

2008-07-18 Thread David Schwartz
Agreed, though where possible it's preferable for PURIFY-handling to simply not use the uninitialised data at all, rather than initialising it before use. (NB, I know this yields the same quality result, but appearances in the code are often as important as the outcome of the executable -

RE: [openssl.org #1706] FIPS-compliant OpenSSL for x86_64 platform

2008-06-26 Thread David Schwartz
We’re implementing our own web-server intended to run on Win32 platform and using OpenSSL for TLS/SSL support. We’re obliged to be FIPS-certified and we’re using OpenSSL 0.9.7 with FIPS module for these purposes. Recently, we were requested to support amd64 platform. I’ve tried to build

RE: [openssl.org #1706] FIPS-compliant OpenSSL for x86_64 platform

2008-06-26 Thread David Schwartz
Heh, well, if you know anything about the fips build process on windows, you know FIPS-1.1.2 (based on OpenSSL 0.9.7) will only compile for 32bit Windows since it requires the use of Mingw/MSYS to build the fips canister. Since Mingw/MSYS is only available as a 32bit compiler (well, there

RE: valgrind and openssl

2008-05-20 Thread David Schwartz
You mean you're not testing *all* of the real code. That's fine, you can't debug everythign at once. if you haven't tested your final production binary then you haven't tested anything at all. You: Two plus two is five. Me: Are you crazy? Two plus two is not five. You: If you don't

RE: valgrind and openssl

2008-05-20 Thread David Schwartz
on the other hand it may be a known plaintext attack. what are you guys smoking? -dean This argument has already been refuted in the posts you are replying to. Such an attack would require the algorithm to not meet its specific design security objectives. In other words, you are arguing

RE: valgrind and openssl

2008-05-19 Thread David Schwartz
any special case changes for testing means you're not testing the REAL CODE. You mean you're not testing *all* of the real code. That's fine, you can't debug everythign at once. for example if you build -DPURIFY then you also won't get notified of problems with other PRNG seeds which are

RE: valgrind and openssl

2008-05-19 Thread David Schwartz
What I _wouldn't_ be happy with is a PRNG which has been fed only known data, but enough of it at startup that it agrees to provide output to the user. There are a terrible lot of these around, and pretending that stack contents are random is a great way to accidentally build them.

RE: valgrind and openssl

2008-05-18 Thread David Schwartz
Thor Lancelot Simon wrote: So you're comfortable with the adversary knowing, let's say, 511 of the first 512 bits fed through SHA1? I'm comfortable knowing any number of bits fed into or through the SHA1 provided there are also sufficient bits he does not know. The issue of how many bits he

RE: valgrind and openssl

2008-05-17 Thread David Schwartz
Unfortunately, it may also very well include data that would be highly predictable to adversaries. That doesn't matter. I am aware that this is an area without a lot of good theoretical signposts, but I am just not very comfortable feeding arbitrary amounts of possibly-known data into a

RE: valgrind and openssl

2008-05-17 Thread David Schwartz
If feeding predictable data into a PRNG that was already well seeded with unpredictable data produced a weaker PRNG, then you have found a security bug in the PRNG and I suggest you publish. Yeah, I've heard that a few times. However, consider the pathological case, in which an

RE: valgrind and openssl

2008-05-15 Thread David Schwartz
Geoff Thorpe wrote: Then tell your linux distribution to use -DPURIFY. Hangon, I've got a better idea. How about the OpenSSL develoeprs fix their library so that the standard version that they ship is valgrind clean. Then the distributions won't need to do anything other than compile it.

RE: valgrind and openssl

2008-05-15 Thread David Schwartz
David Schwartz wrote: Umm, why? 1) This is an unusual use case. This is not an unusual case. I'm a developer and I valgrind my code all the time because fixing problems shown up by valgrind makes my code better. I didn't say it was an unusual use case for you. It's an unusual use

RE: valgrind and openssl

2008-05-15 Thread David Schwartz
Would a runtime flag for don't seed with uninitialized memory, rather than (or in addition to) -DPURIFY, satisfy everybody? John I don't think it's necessary, since compiling with '-DPURIFY' is so ridiculously easy, but I have no objection to it. An evironment variable would probably be the

RE: crypto library in openssl

2008-03-12 Thread David Schwartz
But how to explain that passwords like $dlkins02, $flkins02, and $Elkins02 can be decrypted correctly? Only $elkins02 is decrypted into empty string. Please read this over a few times and think long and hard about it: The decrypted data is *NOT* a C-style string, it's just an arbitrary chunk

RE: Static global - bug? (Re: Two valgrind warnings inOpenSSL-possible bug???)

2008-01-29 Thread David Schwartz
There is no global variable named errno, it only exist in the TLS. You could say that because there is only 1 TLS, that it's global, and it acts that way. But it's not really the same as a normal global variable. You can't access the variables in the same manner you access other global

RE: Static global - bug? (Re: Two valgrind warnings in OpenSSL -possible bug???)

2008-01-29 Thread David Schwartz
Further, on some systems you can't link with libpthread if you intend to use fork(). I have two builds of my software, one that does fork()ing and one that does pthread_create()ing. So I am trying to avoid having to have two installations of OpenSSL on every build platform. I find it hard

RE: Static global - bug? (Re: Two valgrind warningsinOpenSSL-possible bug???)

2008-01-29 Thread David Schwartz
void foo(void) { static int *my_errno=NULL; if(my_errno==NULL) my_errno=errno; // code that uses 'my_errno' as if it were 'errno' } No, this is not legal code under the POSIX standard at all. Since this code is single-threaded only, what POSIX standard are you talking about? The

RE: Static global - bug? (Re: Two valgrind warningsinOpenSSL-possible bug???)

2008-01-29 Thread David Schwartz
Well, I'm late to this discussion, but it would seem to me that quite a few things are wrong with that ... First, my_errno=errno; might be more appropriate, after all, you need to reference the address of errno, not the current value, right? But that would also assume errno is declared as

  1   2   3   >