OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is
an official OpenSSL advisory.
Advisory 1
==
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are
conducting a security review of OpenSSL, under the DARPA program
These patches are known to apply correctly but have not been
thoroughly tested.
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL. It might be acceptable for process-per-connection
situations like Apache, but when one process serves many connections
These patches are known to apply correctly but have not been
thoroughly tested.
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL. It might be acceptable for process-per-connection
situations like Apache, but when one process serves many
ssl\s3_srver.c (1591) error: pms_length is not a member of
evp_cipher_st
I believe the correct reference is
if (enc_pms.length sizeof pms)
instead of
if (enc.pms_length sizeof pms)
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project @
[[EMAIL PROTECTED] - Tue Jul 30 15:23:37 2002]:
ssl\s3_srver.c (1591) error: pms_length is not a member of
evp_cipher_st
I believe the correct reference is
if (enc_pms.length sizeof pms)
instead of
if (enc.pms_length sizeof pms)
Thanks, fixed.
Lutz
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34
+0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said:
rt Need to add it to the exports list.
For anyone who has the time, the fix is to move the declaration (but
not the macro die()) from cryptlib.h to crypto.h, then do a make
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
reference count is less than zero, which is a can't happen condition.
the new patches that fix various buffer overflows in
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
reference count is less than zero, which is a can't happen condition.
/r$
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said:
levitte In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
15:26:34 +0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said:
levitte
levitte rt Need to add it to
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Unh, no. The only time it calls abort is with -DREF_CHECK, and if a
reference count is less than zero, which is a can't happen condition.
/r$
Or when the new OpenSSLDie() is called.
On Tue, Jul 30, 2002 at 03:50:17PM +0300, Arne Ansper wrote:
These patches are known to apply correctly but have not been
thoroughly tested.
As I understand it, OpenSSL will call abort() when it detects attack
against any hole in SSL.
Not quite. The attacks against known holes are
the new patches that fix various buffer overflows in SSL code call abort()
anytime attacker wants.
Sorry, I should read all my email first.
You're right, of course.
__
OpenSSL Project
I asked this on -users but I think -dev might be more appropriate...
Are there any declarations of the stability of the APIs found in the OpenSSL
distribution? For example, are there any guarantees or even
we will try not to's which limit the amount of change that the APIs can
undergo from
On Tue, Jul 30, 2002, Lutz Jaenicke wrote:
OpenSSL version 0.9.6e released
Can someone please sign the distribution? Or at least include
the MD5 checksum in a PGP signed announcement?
There was an openssl-0.9.6d.tar.gz.asc but:
Requesting
On Tue, Jul 30, 2002, Claus Assmann wrote:
On Tue, Jul 30, 2002, Lutz Jaenicke wrote:
OpenSSL version 0.9.6e released
Can someone please sign the distribution? Or at least include
the MD5 checksum in a PGP signed announcement?
Sorry for the noise, I finally found
Some of the files in the 0.9.6e tarball have restrictive permissions
which prevent building and installing as different non-privileged users.
-rw--- openssl/openssl 23853 Jul 30 11:06 2002 openssl-0.9.6e/Makefile.ssl
lrwx-- openssl/openssl 0 Jul 30 11:03 2002
On Tue, Jul 30, 2002 at 04:10:45PM +0200, Richard Levitte - VMS Whacker via RT wrote:
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said:
levitte In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
15:26:34 +0200
Lutz Jaenicke via RT wrote:
On Tue, Jul 30, 2002 at 04:10:45PM +0200, Richard Levitte - VMS Whacker via RT wrote:
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said:
levitte In message [EMAIL PROTECTED] on Tue, 30 Jul
Due to the re-inclusion of all ciphers from evp.h, the des.h header file
with the compatibility define of crypt() is included.
If a system header file defines crypt() itself, for HP-UX this is
sys/unistd.h, it must fail if included only after evp.h (or one of
the other header files includinge
OK, I don't understand why it needs to be exported - isn't it internal
to the library? But assuming it does, I prefer the original suggestions
(i.e. move the declaration of OpenSSLDie()).
It needs to be exported because the function is defined in
libeay32.dll and used in ssleay32.dll on
OK, I don't understand why it needs to be exported - isn't it internal
to the library? But assuming it does, I prefer the original suggestions
(i.e. move the declaration of OpenSSLDie()).
It needs to be exported because the function is defined in
libeay32.dll and used in ssleay32.dll on
On Tue, Jul 30, 2002 at 03:26:34PM +0200, Jeffrey Altman via RT wrote:
Need to add it to the exports list.
I just had a look into this thing.
Ben designed the die() function such that it uses cryptlib.h, which is
not exported. Thus the macro die() and the underlying OpenSSLDie() function
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:26:34
+0200 (METDST), Jeffrey Altman via RT [EMAIL PROTECTED] said:
rt Need to add it to the exports list.
For anyone who has the time, the fix is to move the declaration (but
not the macro die()) from cryptlib.h to crypto.h, then do a make
I have added Ben to the CCs of this ticket, as it might affect all other
patches, too!
btw, i'm in process of rewriting the patches to not use die at all.
openssl-0.9.5a is almost ready.
arne
__
OpenSSL Project
rt Need to add it to the exports list.
For anyone who has the time, the fix is to move the declaration (but
not the macro die()) from cryptlib.h to crypto.h, then do a make
update.
And this will auto-generate the entry for util/libeay.num ? Cool.
Jeffrey Altman * Sr.Software Designer
btw, i'm in process of rewriting the patches to not use die at all.
openssl-0.9.5a is almost ready.
i started with openssl-0.9.6e instead.
attached is a patch for openssl-0.9.6e that removes the usage of die.
please review it carefully. all changes are localized but the action i
take in
jaltman Now the choices as I see it are:
jaltman
jaltman . export the function. which I have done in order to get the
jaltmancode to compile and link on Windows, or
jaltman
jaltman . remove the call entirely and instead simply have OpenSSL return
jaltmanan error to the
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:49:00 +0100, Ben
Laurie [EMAIL PROTECTED] said:
ben OK, I don't understand why it needs to be exported - isn't it internal
ben to the library? But assuming it does, I prefer the original suggestions
ben (i.e. move the declaration of
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 15:49:00 +0100, Ben
Laurie [EMAIL PROTECTED] said:
ben OK, I don't understand why it needs to be exported - isn't it internal
ben to the library? But assuming it does, I prefer the original suggestions
ben (i.e. move the declaration of
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
10:56:29 EDT, Jeffrey Altman [EMAIL PROTECTED] said:
jaltman
jaltman OK, I don't understand why it needs to be exported - isn't it internal
jaltman to the library? But assuming it does, I prefer the original suggestions
jaltman (i.e. move
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
10:56:29 EDT, Jeffrey Altman [EMAIL PROTECTED] said:
jaltman
jaltman OK, I don't understand why it needs to be exported - isn't it internal
jaltman to the library? But assuming it does, I prefer the original suggestions
jaltman (i.e. move
jaltman Now the choices as I see it are:
jaltman
jaltman . export the function. which I have done in order to get the
jaltmancode to compile and link on Windows, or
jaltman
jaltman . remove the call entirely and instead simply have OpenSSL return
jaltmanan error to the
Lutz Jaenicke via RT wrote:
On Tue, Jul 30, 2002 at 04:10:45PM +0200, Richard Levitte - VMS Whacker via RT wrote:
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
15:56:30 +0200 (CEST), Richard Levitte - VMS Whacker [EMAIL PROTECTED] said:
levitte In message [EMAIL PROTECTED] on Tue, 30 Jul
Lutz Jaenicke schrieb:
Hello,
The third beta release of OpenSSL 0.9.7 is now available from the
OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. Quite a lot
of code changed between the 0.9.6 release and the 0.9.7 release, so
a series of 3 or 4 beta releases is planned before the final
I've looked at the differences between the 0.9.5a and the official patch and i
found
that the following portion of asn1_lib.c patch is not in 0.9.5a one althoug the
code
is already in 0.9.5a source code.
Do you have an explanation ?
Please cc me for any reply, i'm not subscribe to
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
[EMAIL PROTECTED] and the remainder by Vincent Danen (email not
supplied).
Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
These
Hello...
FYI that I had to add OpenSSLDie to util\libeay.num and add
crypto/cryptlib.h to $crypto in util\mkdef.pl in order to get the DLL
versions of 0.9.6e to build on Win32. This probably affects all other
versions that were patched today as well.
Ryan Koski
Wells Fargo - Cryptography
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 19:36:18
+0200 (METDST), Lutz Jaenicke via RT [EMAIL PROTECTED] said:
rt Shall we disable the crypt() function for more platforms, maybe
rt even all platforms?
Maybe we should have a macro OPENSSL_NO_CRYPT, which is defined by
default...
That's
[[EMAIL PROTECTED] - Tue Jul 30 18:49:55 2002]:
Some of the files in the 0.9.6e tarball have restrictive permissions
which prevent building and installing as different non-privileged
users.
-rw--- openssl/openssl 23853 Jul 30 11:06 2002 openssl-
0.9.6e/Makefile.ssl
lrwx--
Will there be a patch for even older version such as 0.9.3?
Thanks.
Peter K.
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 3:15 AM
To: OpenSSL Announce; Bugtraq; OpenSSL Dev; [EMAIL PROTECTED]
Subject: OpenSSL patches for other versions
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 19:36:18
+0200 (METDST), Lutz Jaenicke via RT [EMAIL PROTECTED] said:
rt Shall we disable the crypt() function for more platforms, maybe
rt even all platforms?
Maybe we should have a macro OPENSSL_NO_CRYPT, which is defined by
default...
On Tue, Jul 30, 2002 at 09:35:40PM +0200, Götz Babin-Ebell wrote:
The third beta release of OpenSSL 0.9.7 is now available from the
OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. Quite a lot
of code changed between the 0.9.6 release and the 0.9.7 release, so
a series of 3 or 4 beta
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
11:31:17 EDT, Jeffrey Altman [EMAIL PROTECTED] said:
jaltman since they do not compile on two major platforms.
On VMS, creating OpenSSL shared libraries is not the norm yet, so
it'll build fine :-).
--
Richard Levitte \ Spannvägen 38, II \
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002
16:16:50 EDT, Jeffrey Altman [EMAIL PROTECTED] said:
jaltman fine. shared libraries won't work on two major platforms.
jaltman One of which where it is the norm.
I'm not arguing that.
jaltman the other bug I submitted this morning prevents the
OpenSSL version 0.9.6e released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of version
0.9.6e of our open source toolkit for SSL/TLS. This new OpenSSL version
is
The third beta release of OpenSSL 0.9.7 is now available from the
OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. Quite a lot
of code changed between the 0.9.6 release and the 0.9.7 release, so
a series of 3 or 4 beta releases is planned before the final release.
SECURITY INFORMATION:
In message [EMAIL PROTECTED] on Tue, 30 Jul
2002 11:31:17 EDT, Jeffrey Altman [EMAIL PROTECTED] said:
jaltman since they do not compile on two major platforms.
On VMS, creating OpenSSL shared libraries is not the norm yet, so
it'll build fine :-).
fine. shared libraries won't work on
In message [EMAIL PROTECTED] on Tue, 30 Jul
2002 11:31:17 EDT, Jeffrey Altman [EMAIL PROTECTED] said:
jaltman since they do not compile on two major platforms.
On VMS, creating OpenSSL shared libraries is not the norm yet, so
it'll build fine :-).
fine. shared libraries won't work on
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
[EMAIL PROTECTED] and the remainder by Vincent Danen (email not
supplied).
Patches are for
This patch provides the required support for the IBM Crypto Accelerator
engine. We submitted this back in the beginning of the year, and are
requesting that this be included with the other engines. The device can
be exploited on Windows, AIX, Linux (ppc, x86, system 390) through this
patch and
In message [EMAIL PROTECTED] on Tue, 30 Jul 2002 14:04:21
PDT, Matt Piotrowski [EMAIL PROTECTED] said:
matt.piotrowski I think there's a bug in the AES counter mode
matt.piotrowski implementation: if you pass a non-zero counter offset
matt.piotrowski to AES_ctr128_encrypt() (through the num
Richard Levitte - VMS Whacker wrote:
How could num (or n, inside AES_ctr128_encrypt() ever have a value
that isn't between 0 (included) and AES_BLOCK_SIZE (excluded),
It's even smaller than that. CTR mode is defined as a BIG-ENDIAN
128-bit number (AES only has one block size) 0 = n = 2^64-1
On Tuesday 30 July 2002 02:54 pm, Richard Levitte - VMS Whacker wrote:
How could num (or n, inside AES_ctr128_encrypt() ever have a value
that isn't between 0 (included) and AES_BLOCK_SIZE (excluded), unless
you do something stupid with num between calls? Make note of the
following
53 matches
Mail list logo