[openssl.org #2456] EV API only supports CBC mode, please enhance to support *_ctr()
Until other cipher modes are supported by OpenSSL's EV , Ruby's cipher mode support is limited to the weakened CBC cipher modes (see http://redmine.ruby-lang.org/issues/show/4408). Having only CBC mode available leads to an attack that can recover up to 32bits of plaintext from an arbitrary block of cipher text (see http://www.kb.cert.org/vuls/id/958563). In order to mitigate this vulnerabilty its recommended can be setup to use CTR mode rather CBC mode. However, it seems that in evp.h you will find this: #if 0 const EVP_CIPHER *EVP_aes_128_ctr(void); #endif In fact, the only CTR-mode that seems to be implemented is in the non-abstracted aes.h (AES_ctr128_encrypt), the other instances (in evp.h) do all seem to be commented out for some reason. i'd have expected at the very least EVP_aes_128_ctr to be defined, since it would be implemented by invoking AES_ctr128_encrypt. Thanks, micah pgpGvXp0vYz9Z.pgp Description: PGP signature
[openssl.org #2353] PATCH: add missing OSCPSigning bits
In a recent attempt to add missing extended key usage pieces, I noticed that the OCSPSigning extended key usage was not fully implemented. It is perfectly possible that I am not fully cognizant of how the code works, and it is properly implemented. It is however, clearly not documented. The attached patch adds the bits that to my relatively uneducated eye are missing for OSCPSigning extended key usage, including the missing documentation update. Micah diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index fe46624..e2345fb 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -175,3 +175,4 @@ static const unsigned char lvalues[5824]={ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [666] OBJ_code_sign */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [674] OBJ_email_protect */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [682] OBJ_time_stamp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [682] OBJ_OSCPSigning */ @@ -1091,3 +1090,4 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"emailProtection","E-mail Protection",NID_email_protect,8, &(lvalues[674]),0}, {"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0}, +{"OSCPSigning", "OSCP Signing",NID_OSCPSigning,8,&(lvalues[683]),0}, diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index bd0ee52..191c895 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -714,3 +714,7 @@ #define NID_time_stamp 133 #define OBJ_time_stamp OBJ_id_kp,8L +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index 0450067..e138eb3 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -115,3 +115,4 @@ following PKIX, NS and MS values are meaningful: codeSigning Code signing. emailProtection E-mail Protection (S/MIME). timeStamping Trusted Timestamping + OCSPSigning OCSP Signing
[openssl.org #2352] PATCH: Add new extended key usage ipsecIKE
According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is intended to be used with both IKE and other applications, and one of the other applications requires use of an EKU value, then such certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA issues multiple otherwise-similar certificates for multiple applications including IKE, and it is intended that the IKE certificate NOT be used with another application, the IKE certificate MAY contain an EKU extension listing a keyPurposeID of id-kp-ipsecIKE to discourage its use with the other application. Recall, however, that EKU extensions in certificates meant for use in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. If a critical EKU extension appears in a certificate and EKU is not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. I believe that the attached patch adds the ipsecIKE extended key usage flag to openssl. Micah 0. http://tools.ietf.org/html/rfc4945#section-5.1.3.12 -- diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index fe46624..e2345fb 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -175,6 +175,8 @@ static const unsigned char lvalues[5824]={ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [666] OBJ_code_sign */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [674] OBJ_email_protect */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [682] OBJ_time_stamp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [682] OBJ_OSCPSigning */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [684] OBJ_ipsecIKE */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [690] OBJ_ms_code_ind */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [700] OBJ_ms_code_com */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [710] OBJ_ms_ctl_sign */ @@ -1091,6 +1090,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"emailProtection","E-mail Protection",NID_email_protect,8, &(lvalues[674]),0}, {"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0}, +{"OSCPSigning", "OSCP Signing",NID_OSCPSigning,8,&(lvalues[683]),0}, +{"ipsecIKE", "ipsec Internet Key Exchange (IKE)",NID_ipsecIKE,8,&(lvalues[684]),0}, {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, &(lvalues[690]),0}, {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, @@ -4636,5 +4627,6 @@ 180, /* OBJ_OCSP_sign1 3 6 1 5 5 7 3 9 */ 297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ +893, /* OBJ_ipsec_IKE1 3 6 1 5 5 7 3 17 */ 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ 300, /* OBJ_id_it_encKeyPairTypes1 3 6 1 5 5 7 4 3 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 27304e1..decf0cc 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -1530,6 +1515,11 @@ #define NID_dvcs 297 #define OBJ_dvcs OBJ_id_kp,10L +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange (IKE)" +#define NID_ipsec_IKE 893 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 #define OBJ_id_it_caProtEncCert OBJ_id_it,1L diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 8c50aac..4bc3dfb 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -890,3 +887,4 @@ houseIdentifier 889 supportedAlgorithms 890 deltaRevocationList 891 dmdName 892 +ipsecIKE 893 \ No newline at end of file diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index bd0ee52..191c895 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -714,6 +714,16 @@ #define NID_time_stamp 133 #define OBJ_time_stamp OBJ_id_kp,8L +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange (IKE)" +#define NID_ipsec_IKE 893 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + /* Additional extended key usage OIDs: Microso
[openssl.org #2351] PATCH: Remove obsolete ipsec extended key usages
Hi, The extended key usages id-kp-ipsecEndSystem, id-kp-ipsecTunnel and id-kp-ipsecUser are obsoleted as per RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage": ... Note that there were three IPsecrelated object identifiers in EKU that were assigned in 1999. The semantics of these values were never clearly defined. The use of these three EKU values in IKE/IPsec is obsolete and explicitly deprecated by this specification. CAs SHOULD NOT issue certificates for use in IKE with them. (For historical reference only, those values were id-kp-ipsecEndSystem, id-kp-ipsecTunnel, and id-kpipsecUser.) ... I believe that the attached patch removes these extendedkey usages to comply with the SHOULD NOT assertion in RFC 4945. Note: A new extended key usage has been created for the Internet Key Exchange (IKE) called id-kp-ipsecIKE has been added. A follow-up issue will be created for that. Micah diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index fe46624..e2345fb 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -334,9 +336,6 @@ static const unsigned char lvalues[5824]={ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2129] OBJ_sbgp_autonomousSysNum */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2137] OBJ_sbgp_routerIdentifier */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2145] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2153] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2161] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2169] OBJ_ipsecUser */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2177] OBJ_dvcs */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2185] OBJ_id_it_caProtEncCert */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2193] OBJ_id_it_signKeyPairTypes */ @@ -1357,10 +1358,6 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"sbgp-routerIdentifier","sbgp-routerIdentifier", NID_sbgp_routerIdentifier,8,&(lvalues[2137]),0}, {"textNotice","textNotice",NID_textNotice,8,&(lvalues[2145]),0}, -{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2153]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2161]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2169]),0}, {"DVCS","dvcs",NID_dvcs,8,&(lvalues[2177]),0}, {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, 8,&(lvalues[2185]),0}, @@ -2897,9 +2894,6 @@ static const unsigned int sn_objs[NUM_SN]={ 647, /* "international-organizations" */ 869, /* "internationaliSDNNumber" */ 142, /* "invalidityDate" */ -294, /* "ipsecEndSystem" */ -295, /* "ipsecTunnel" */ -296, /* "ipsecUser" */ 86, /* "issuerAltName" */ 770, /* "issuingDistributionPoint" */ 492, /* "janetMailbox" */ @@ -4629,7 +4623,4 @@ static const unsigned int obj_objs[NUM_OBJ]={ 130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ 131, /* OBJ_code_sign1 3 6 1 5 5 7 3 3 */ 132, /* OBJ_email_protect1 3 6 1 5 5 7 3 4 */ -294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ -295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ -296, /* OBJ_ipsecUser1 3 6 1 5 5 7 3 7 */ 133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 27304e1..decf0cc 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -1500,21 +1500,6 @@ #define NID_email_protect 132 #define OBJ_email_protect OBJ_id_kp,4L -#define SN_ipsecEndSystem "ipsecEndSystem" -#define LN_ipsecEndSystem "IPSec End System" -#define NID_ipsecEndSystem 294 -#define OBJ_ipsecEndSystem OBJ_id_kp,5L - -#define SN_ipsecTunnel "ipsecTunnel" -#define LN_ipsecTunnel "IPSec Tunnel" -#define NID_ipsecTunnel 295 -#define OBJ_ipsecTunnel OBJ_id_kp,6L - -#define SN_ipsecUser "ipsecUser" -#define LN_ipsecUser "IPSec User" -#define NID_ipsecUser 296 -#define OBJ_ipsecUser OBJ_id_kp,7L - #define SN_time_stamp "timeStamping" #define LN_time_stamp "Time Stamping" #define NID_time_stamp 133 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 8c50aac..4bc3dfb 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -291,9 +291,6 @@ sbgp_ipAddrBlock 290 sbgp_autonomousSysNum 291 sbgp_routerIdentifier 292 textNotice 293 -ipsecEndSystem 294 -ipsecTunnel 295 -ipsecUser 296 dvcs 297 id_it_caProtEncCert 298 id_it_signKeyPairTypes 299 \ No newline at end of file diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 52ac0a6..f477aa5 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -481,8 +481,5 @@ id-kp 2 : clientAuth : TLS Web Client Authentication id-kp 3 : codeSigning : Code Signing !Cname email-protect id-kp 4 : emailProtection : E-mail Protection -id-kp 5 : ipsecEndSystem : IPSec End System -id-kp 6 : ipsecTunnel : IPSec Tunnel -id-kp 7 : ipsecUser