OpenSSL wrote:
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded t
Tom Wu via RT wrote:
This patch adds full RFC 5054 support in OpenSSL 1.0.1 and 1.1.0,
and has been updated to apply cleanly to the 20101229 dev snapshot.
This version of the patch supercedes the earlier patches submitted
under this ticket. Please let me know what the next steps are for
the inte
Jean-Marc Desperrier wrote:
Tom Wu via RT wrote:
This patch adds full RFC 5054 support in OpenSSL 1.0.1 and 1.1.0,
and has been updated to apply cleanly to the 20101229 dev snapshot.
This version of the patch supercedes the earlier patches submitted
under this ticket. Please let me know what
On Tue, 17 Apr 2012, Lubomír Sedlář wrote:
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static Analyzer [1] on the source of OpenSSL.
Julia Lawall a écrit :
A few years ago,
Ben Laurie a écrit :
On Fri, Apr 20, 2012 at 4:53 PM, Jean-Marc Desperrierwrote:
It's a bit surprising if none of those tools could identify the badness of
the code involved in the just published memory corruption vulnerability.
Every now and then I look at trying to eliminate the possibility
Steve Marquess a écrit :
The OpenSSL FIPS Object Module 1.2 has been extended to include support
for the iOS and Mac OS X operating systems, as the newly released
revision 1.2.4. This new support was made possible by a collaboration
with Thursby Software Systems, Inc, (http://www.thursby.com/), a
Jean-Marc Desperrier a écrit :
Do they (or anyone else) also intend to sponsor the same extension for
the new v2.0 module ?
I must say that in the rather extensive list of OS for the new module OS
X and iOS are the two that are most obviously missing.
Well :-) I've *just* seen the foll
Insh_Allah wrote:
> I've had the same problem. What I did was feed the entropy pool with
> anything I could find that was at least a bit 'random'.
I suggest the content of the stack on any architecture where there are
asynchronous interrupts that will store content in your local stack.
Easiest p
Insh_Allah wrote:
> > I suggest the content of the stack on any architecture where there are
> > asynchronous interrupts that will store content in your local stack.
They are architectures where a context switch is made after every interrupt, and
the local stack is not used.
They are architectu
Richard Levitte - VMS Whacker wrote:
> mlist> it's true you're welcome to do versioning anyway you want..but
> mlist> noone i know has ever taken 'a' as a newer release on the same
> mlist> version.
>
> Now you know one: me. :-)
> And I can give you another one: RMS (emacs 19.34 was followed by
Hi,
I have found out in a project that the use of the short name UID in
openssl, for the Unique Identifier OID defined in X520, definitively
causes confusion and potentials problems.
There seem a very common use of this abreviation to designate instead
the user id, defined in RFC1274.
A little s
Richard Levitte - VMS Whacker wrote:
> From: Jean-Marc Desperrier <[EMAIL PROTECTED]>
>
> Note that since the short name UID exists in both "camps" and OpenSSL
> is somewhere in the middle, there's a definite conflict of interest
> here. However, most people
Oscar Jacobsson wrote:
> I don't think we could really go ahead and deprecate the use of "UID", as RFC
> 2253 defines it as the proper string encoding of the userid attribute type, and the
>"short names"
> appear to be used when string encoding distinguished names.
The UID of openssl is NOT the
Richard Levitte - VMS Whacker wrote:
> I'd like your help to name the OpenSSL libraries. The idea I have
> right now is the following (base names are 'osslc' for 'libcrypto',
> 'ossls' for 'libssl', and one adds 's' for single-threaded or 'm' for
> multithreaded, as well as 'd' when it's a debug
Richard Levitte - VMS Whacker wrote:
> From: Jean-Marc Desperrier <[EMAIL PROTECTED]>
>
> jean-marc.desperrier> I'd be in favor of longer names, with the
> jean-marc.desperrier> version number included when there are
> jean-marc.desperrier> incompabilities
Bear Giles wrote:
> As for domainComponent in particular, the RFC clearly limits it
> to 64 octets
Not _the_ RFC. Which RFC ?
Not 2459, there's not a word about domainComponent.
Not 1274, which first defined domainComponent, it did not fit a size
limit.
So that must be some LDAP related RFC, ma
./config -d
on a standard linux box (RedHat 7.1) gives :
Operating system: i686-whatever-linux2
This system (debug-linux-pentium) is not supported. See file INSTALL for
details
I think that "out of the box" debug support for this kind of platform is
needed.
_
The doc says :
"Create an OCSP request and write it to a file:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
"
In my test, I try to do exactly that with :
openssl ocsp -issuer ocsp_ca.pem -cert ocsp_valide.cer -cert
ocsp_revoque.cer -reqout req.der
But no req.de
Mike Pechkin via RT wrote:
>On Wed, Jun 05, 2002 at 03:10:58PM +0200, Lutz Jaenicke via RT wrote:
>
>
>>The problem is caused by inconsistent definitions for the OID values.
>>According to RFC2256, the OID 2.5.4.45 is assigned to
>>X500UniqueIdentifier. UniqueIdentifier was assigned to
>>pilotA
Lutz Jaenicke via RT wrote:
>I would like to see more discussions about this issue. I have looked
>around some more and still find referrals like
> http://www.alvestrand.no/objectid/2.5.4.45.html
>with the UniqueIdentifier term instead of X500UniqueIdentifier.
>
This is the original name of this
In 0.9.7-b1, an invalid value for the CAfile parameter in a call to
openssl ocsp generates a core dump when verifying OCSP requests.
When the setup_verify function fails because it can not open the CAfile
parameters, it returns NULL.
The function OCSP_basic_verify that is called just after tha
Michael Bell wrote:
>Rich Salz schrieb:
>
>
>>>OtherName ::= SEQUENCE {
>>>type-idOBJECT IDENTIFIER,
>>>value [0] EXPLICIT ANY DEFINED BY type-id }
>>>
>>>
>>It means that the type-id OID defines the datatype of the value. Think
>>of it as a union.
>>
>>
>So
Joe Orton wrote:
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
> On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
> > * we can detect in mod_ssl when the client is renegotiating by using the
> > callback installed using SSL_CTX_set_info_callback(), in conjunction
>
Hi,
So when Apache is compiled with openssl 0.9.8l, TLS renegotiation will
be fully disabled.
But the problem with that if that some comments of the discussion inside
https://issues.apache.org/bugzilla/show_bug.cgi?id=39243 are true, this
change will unexpectedly break very badly a *lot* of
smitha daggubati wrote:
Does openssl have support for SHA-2. ?
I know that SHA-2 is part of the crypto library but looking at the way the
context is setup in ssl_ctx_new we are setiing up
ret->sha1=EVP_get_digestbyname("ssl3-sha1"))
So is there a way to establish an openssl connection usin
Thor Lancelot Simon wrote:
I think it's a mistake to send a fatal alert. In the past week as I've
been experimenting with this, I've encountered a number of embedded
client devices (cellphones -- I suspect I know which stack they're using
but I'm not certain, so I won't identify the vendor here)
OpenSSL wrote:
"Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m
How comes the vulnerability doesn't touch 0.9.8e though the patched file
wasn't modified between 0.9.8e and 0.9.8f ?
But that code was modified between 0.9.8d and 0.9.8e, see this patch :
http://cvs.openssl.org/f
Bodo Moeller wrote:
it's code elsewhere that no longer tolerates the coarse logic we are
changing in the patch, which has been around forever.
In fact, I already suspected that, thanks for the confirmation.
__
OpenSSL Project
On 26/03/2010 18:31, Andy Polyakov wrote:
> My patch (unapplied for 6 months now) would at least fix the problem of
> the AESNI engine not being used automatically,
The reason for low priority is that the code is in development, lack of
hardware...
Hum ? Maybe the openssl team doesn't have th
"Reddie, Steven" wrote:
>
> Greg, I'm not sure about the state of PKCS#11 support in relation to the
> latest snapshot, however I can give you some answers in relation to the
> latest release, OpenSSL 0.9.4.
It seems everyone is duplicating this effort in fact.
I supected that already.
>
But the log was explicit enough to guess his problem is truly that the
assembler is not present.
So install gas Schaefer.
And check carefully all the pipes before turning on, you don't want your
computer to explode and blow away the office, do you ? ;-)
Hannes Reinecke wrote:
> Tom Schaefer wro
Michael Sierchio wrote:
> "Rene G. Eberhard (keyon)" wrote:
>
> > ...Unicode for example is suppored by
> > Universal and UTF8.
>
> I also meant to point out that UTF-8 supports ASCII, but not EBCDIC, for
> example (not that I imagine that anyone would want to use the latter...;-)
Well, we're ge
Peter Gutmann wrote:
> Dr Stephen Henson <[EMAIL PROTECTED]> writes:
>
> >Is there any circumstances where the environment isn't safe? I believe extra
> >privs are normally needed to read another users processes environment.
>
> Under DEC Unixen you can read anyone's environment without any extr
Ben Laurie wrote:
> > No - it is a limitation of the current usage of http over SSL, where the
> > SSL negotiation happens before the Host: header. It is a general problem
> > inherent in most simplistic SSL-ing of protocols, where the rush to SSL-ify
> > meant that the protocol got broken, rath
Dr Stephen Henson wrote:
> Jean-Marc Desperrier wrote:
> >
> > Ben Laurie wrote:
> >
> > > > No - it is a limitation of the current usage of http over SSL, where the
> > > > SSL negotiation happens before the Host: header. It is a general problem
&
I'm trying to define an ASN1 type that has an element which is a stack
of UTF-8 string usins 0.9.4 and I have some problems.
I figured I had to define the type STACK_OF(ASN1_UTF8STRING) with
DECLARE_STACK_OF(ASN1_UTF8STRING), but this bring problems.
I suggest you give up this message now if you
Denis Ducamp wrote:
> I'm developping a password cracker using libcrypto.a from openssl. The goal
> isn't to have a fast password cracker as John the Ripper, but to document
> the different algorithmes, their weaknesses and to show how easy it is to
> develop such a piece of software when good li
Dr Stephen Henson wrote:
> > #define DECLARE_STACK_OF(type) \
> > #define IMPLEMENT_STACK_OF(type) \
>
> There's a problem with this solution. If you need another ASN1_STRING
> equivalent STACK_OF such as ASN1_IA5STRING you get a conflict because
> the structure STACK_ASN1_STRING gets declared tw
Peter Onion wrote:
> s/OSCP/OCSP/ I think ???
Let's all dump english.
>From now, we speak vi !!
Oh, year, here is an english translation for the slow to learn :
Shouldn't we replace the substring OSCP in this line by the string OCSP ?
___
Ben Laurie wrote:
>
> Eben Moglen wrote:
> > In the worst case analysis, components exported
> > now might subsequently become non-exportable in the event that
> Perhaps I'm failing to understand here ... you say "No code not
> originally developed in the US would be subject to..." but sure we'r
Richard Levitte - VMS Whacker wrote:
> sorribas> Hi, I'm trying to compile the gpkcs11 module witch uses the
> sorribas> openssl. The gpkcs11 try to find a file called evp_pkcs11.h
> sorribas> and doesn't found it. Where can I find that file?
>
> As far as I know, evp_pkcs11.h is not part of Ope
Hi,
Either I've got something wrong or there's a big problem here.
I create new objects with OBJ_create, giving their OID as an argument
and getting back an NID.
Then I convert some data that is the DER encoding of an OID to an
ASN1_OBJECT.
I then call OBJ_obj2nid, expecting to get back the c
Oscar Jacobsson wrote:
> Richard Levitte - VMS Whacker wrote:
> > *> 105:d=2 hl=2 l= 19 cons: cont [ 0 ]
> > > 107:d=3 hl=2 l= 17 cons: SEQUENCE
> > > 109:d=4 hl=2 l= 15 cons: SEQUENCE
> > *> 111:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Authority Key Identifier
> > *> 11
Dr Stephen Henson wrote:
> There are several possible reasons for this. I've done some things which
> use OBJ_create() fairly recently and I can't remember it being altered
> since then.
I wrote a short test for this, and it works in it.
I'll check my program until I find what can make the diffe
I've found out three functions in OpenSSL aren't defined with const
arguments, despites the fact they do not modify them.
They are :
ASN1_PRINTABLE_type (arg 1)
and
X509_NAME_ENTRY_create_by_* (arg 4)
X509_NAME_add_entry_by_* (arg 4)
which end up calling ASN1_STRING_set that has the const.
X509_N
Jean-Marc Desperrier wrote:
> The fonctions has the const, it makes a copy of the data I insert, I
> must not forget to free the original pointer.
> (like X509_NAME_add_entry)
> The fonctions hasn't the const, it does not make a copy of the data I
> insert, and if applicable,
Ben Laurie wrote:
> The bug is in MS - they are encoding a top-bit-set number without
> inserting a leading zero, so OpenSSL (correctly) sees it as negative.
The output of openssl x509 is not very explicit.
It probably should fail, instead of diplaying it as a 510 bits number without saying
it's
simon wrote:
> >I have the PEM file that they generated. How do I covert the data in that pem
>file into a certificate that can import to windows 2000/NT
> >
> >Your immediate help will be appreciated
> I think you should convert the PEM file to DER-encoded form first,then you can i
Andrey Romanov wrote:
> I am looking for information about timestamping in general (Any standards
> existing?) and how to implement it using OpenSSL library. So far I am were
> not able to find anything, even about MS Authenticode implementation
> details.
Read the TSP
(http://www.ietf.org/inter
First Bug :
The function ASN1_INTEGER_to_BNi(ai,bn) will coredump if its argument ai
is
negative and bn is NULL.
"a_int.c"
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
The following change is needed :
< if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
> if(ai->type == V_AS
Michael Ströder wrote:
> Currently there is no such central document since everybody is free
> to define OIDs after getting a OID arc. Not even a central registry
> exists.
No official central regitry, yes, but at least there is this non-official
one :
http://www.alvestrand.no/objectid/
It's qu
Jean-Marc Desperrier wrote:
> Michael Ströder wrote:
>
> > Currently there is no such central document since everybody is free
> > to define OIDs after getting a OID arc. Not even a central registry
> > exists.
>
> No official central regitry, yes, but at least th
Hi,
pkcs#7 DER structures generated by openssl have two header in
BER (infinite length) for the two sequence at the very start of the
encoding.
Is there a good reason for that ?
I have a tool that 's annoyed by this BER encoding and I think it should
not be too difficult to patch p7_lib.c so tha
I have some code that I could use to verify certificate, and that's not
able to do it anymore when compiled with 0.9.6
I traced this to the following line (330) in the file by_dir.c
This line has been changed from 0.9.5 to 0.9.6.
I think the last argument in the call to sk_X509_OBJECT_value shoul
Dr S N Henson wrote:
> > I make the verification using a call to X509_verify_cert.
> > When the call returns, they are some errors left in the error stack from
> > a call to check_issued to check if the check is self-signed or not.
> > Is this a normal behaviour ?
> >
>
> That shouldn't happen un
Dr S N Henson wrote:
> Jean-Marc Desperrier wrote:
> >
> > I have some code that I could use to verify certificate, and that's not
> > able to do it anymore when compiled with 0.9.6
> >
> > I traced this to the following line (330) in the file by_dir.c
>
Goetz Babin-Ebell wrote:
> > Should a self-signed root certificate ever need to be revoked, shall it
> > list itself in its usual CRL(s), as the last thing it does before it is
> > thrown away, or is it sufficient (from its users' standpoint) that it
> > simply ceases to issue more CRLs?
>
> Sinc
"Tridib, Mumbai" wrote:
> 3. If I have a crypto API which can generate a hash of a data and then sign it using
>the private key of the certificate, then is it possible to output a PKCS#7
>signed-object?If yes, How it can be done.
Technically talking, yes, but only pkcs#7 _without_ any signed a
Jeffrey Altman wrote:
> >From the GNUTLS site:
>
> "You should view this as an alternative implementation of OpenSSL
> (actually GNUTLS is closer to Eric Young's SSLEAY rather than
> OpenSSL)."
>
> What does this mean?
A great news for everyone for writes GPL code that needs crypto.
When
Alexander 'Alfe' Fetke wrote:
> [...]
>
> > The modulus and exponent are also retrieve from the smart card,
> > and stored in the RSA structure at this time.
>
> does this mean that the secret information (the private key) is retrieved
> from the smart card to carry out the computation in the com
Emmanuel Gadaix wrote:
> When generating MIME mails, e.g. for signing an email, OpenSSL adds an extra
> white space before the semi-column sign that separates the headers.
> In doing so, it violates MIME syntax (see RFC 2045, 2046, 2047).
>
> Some mail clients will not be able to understand the
john via RT wrote:
Why is it that the static locks have not been removed completely for
0.9.8? If it is to keep some backward compatibility with older apps,
or ones that see no reason to change, would it not be preferable if
the whole of openssl was compatible in this way, including the en
Hi,
I just noticed that
ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
should be
ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
BTW the v3_sxnet.c code is missing a *lot* of const-ification.
___
David Taylor wrote:
I only just joined this list today to past this patch.
So in one word :
- for technical reasons, "fd" bio are preferable to "file" bio on Solaris
- but as "fd" bio don't implement gets, they are not usable as a direct
replacement for "file" bio
- your attached patch implem
Richard Salz wrote:
So now the question is, are there times when you can avoid the memcmp?
[...] compare some initial bytes. [...]
only call memcmp if they match.
[...]
I'd consider an implementation of memcmp that doesn't early stop as soon
as it sees a difference as completely broken, perfo
Brian Long wrote:
On Fri, 2006-01-27 at 15:23 +0100, Stephen Henson via RT wrote:
Note that some TLS extension code has recently been committed to the
HEAD (0.9.9-dev). So if this is to be included into OpenSSL it would
have to work with that.
Is it true that openssl-0.9.7 and 0.9.8 are
Dr. Stephen Henson wrote:
PKCS12_parse() in its current form will only handle well formed PKCS#12 files
which contain a private key, its corresponding certificate and zero or more
CA certificates.
The PKCS#12 standard doesn't seem to require that a PKCS#12 files
contains all of this, I've see
camino (sent by Nabble.com) wrote:
i have a signed letter,
how can i extract the certificate from it ?
[...]
but i wonder how to achieve it in program
The openssl documentation is somewhat lacking on this subject.
Still http://www.openssl.org/docs/crypto/PKCS7_verify.html# gives you a
star
Matt England wrote:
Actually we want a library that can work for both our commercially-
and GPL-based distributions. Neither GnuTLS nor OpenSSL does this as
well as we would like. Mozilla NSS seems to fit the bill. We
currently have OpenSSL integrated with our code and would prefer not
to h
Darryl Miles wrote:
c.s.r.c.murthy via RT wrote:
Dear Sir,
Memory leak is found in EVP sign & verify functions
Its just an example, this is not a leak in the library only the example.
But quite a few people will believe the example show them the *correct*
way to use the library, so it
Klaus Weidner wrote:
[...] - please let me know if you have issues with the
bugfix, [...]
The following patch uses the ANSI C setvbuf(3) function [...]
+ {
+ if (bufsize != NULL)
+ setvbuf(stdin, (char *)NULL, _IONBF, 0);
BIO_set
Hi,
I'm trying to build a version of openssl with a very strongly reduced
set of cryptographic primitives.
I've already hit a number of quirks (it might be it mostly impacts
Windows builds) that I'll try to detail when I have time, but here is
one that's easy to fix :
ts.h doesn't use the st
Hi,
I have some code that calls OCSP_basic_verify with a NULL st argument,
and I have just found it will crash if the ocsp cert is self-signed.
What happens is that OCSP_basic_verify doesn't check the argument is non
NULL, but calls X509_verify_cert(&ctx) and we end up in
X509_STORE_get_by_
Diego de Freitas Aranha wrote:
During my Msc, I developed an implementation of bilinear pairings over
elliptic curves using OpenSSL. In particular, an implementation of the Tate
pairing over curves defined on prime fields.
I am writing to ask you guys if the OpenSSL team has any interest on me
Hi,
I notice MDC-2 is not enabled by default on openssl 0.9.8.
This has no reason to be, the IBM patent on MDC-2 has expired in march
2002 because IBM did not renew it.
(the wikipedia MDC-2 page has the link proving it. Go to :
https://ramps.uspto.gov/eram/getMaintFeesInfo.do?patentNum=4908861
The doc says :
"Create an OCSP request and write it to a file:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
"
In my test, I try to do exactly that with :
openssl ocsp -issuer ocsp_ca.pem -cert ocsp_valide.cer -cert
ocsp_revoque.cer -reqout req.der
But no req.d
In 0.9.7-b1, an invalid value for the CAfile parameter in a call to
openssl ocsp generates a core dump when verifying OCSP requests.
When the setup_verify function fails because it can not open the CAfile
parameters, it returns NULL.
The function OCSP_basic_verify that is called just after th
In ERR_get_state (err_def.c:613), there's the following code :
/* If a race occured in this function and we came second, tmpp
* is the first one that we just replaced. */
if (tmpp)
ERR_STATE_free(tmpp);
As already suggested in 2006 in this message
http://w
78 matches
Mail list logo
