X509_get_ext_d2i : makes a copy that needs to be freed, or not?
I'm retrieving the Subject Alternate Name, by NID using X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL). Of course, for NID_subject_alt_name, it returns a GENERAL_NAMES pointer. Is this an alias, or does it need to get freed with sk_GENERAL_NAMES_free() when I'm done with it?__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question regarding OpenSSL Security Advisory
Hi,
I had some questions about the latest security advisory. I understand that
this applies to multi-threaded application while using ssl sessions.
If the application is written thread safe using CRYPTO_set_locking_callback
functions will the vulnerability still apply ?
If the ssl code calls the locking callback function before accessing the
internal session cache then the vulnerability should not
apply to above mentioned applications.
Please advice.
Any help on this is really appreciated.
Regards,
Nivedita
On Tue, Nov 16, 2010 at 7:15 AM, OpenSSL wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> OpenSSL Security Advisory [16 November 2010]
>
> TLS extension parsing race condition.
> =
>
> A flaw has been found in the OpenSSL TLS server extension code parsing
> which
> on affected servers can be exploited in a buffer overrun attack.
>
> The OpenSSL security team would like to thank Rob Hulswit for reporting
> this
> issue.
>
> The fix was developed by Dr Stephen Henson of the OpenSSL core team.
>
> This vulnerability is tracked as CVE-2010-3864
>
> Who is affected?
> =
>
> All versions of OpenSSL supporting TLS extensions contain this
> vulnerability
> including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.
>
> Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses
> OpenSSL's internal caching mechanism. Servers that are multi-process and/or
> disable internal session caching are NOT affected.
>
> In particular the Apache HTTP server (which never uses OpenSSL internal
> caching) and Stunnel (which includes its own workaround) are NOT affected.
>
> Recommendations for users of OpenSSL
> =
>
> Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
> update
> to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
>
> Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b
> release
> which contains a patch to correct this issue.
>
> If upgrading is not immediately possible, the relevant source code patch
> provided in this advisory should be applied.
>
> Patch for OpenSSL 0.9.8 releases
>
>
> Index: ssl/t1_lib.c
> ===
> RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
> retrieving revision 1.13.2.27
> diff -u -r1.13.2.27 t1_lib.c
> - --- ssl/t1_lib.c 12 Jun 2010 13:18:58 - 1.13.2.27
> +++ ssl/t1_lib.c15 Nov 2010 15:20:14 -
> @@ -432,14 +432,23 @@
>switch (servname_type)
>{
>case TLSEXT_NAMETYPE_host_name:
> - - if (s->session->tlsext_hostname ==
> NULL)
> + if (!s->hit)
>{
> - - if (len >
> TLSEXT_MAXLEN_host_name ||
> - -
> ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
> +
> if(s->session->tlsext_hostname)
> + {
> + *al =
> SSL_AD_DECODE_ERROR;
> + return 0;
> + }
> + if (len >
> TLSEXT_MAXLEN_host_name)
>{
>*al =
> TLS1_AD_UNRECOGNIZED_NAME;
>return 0;
>}
> + if
> ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
> + {
> + *al =
> TLS1_AD_INTERNAL_ERROR;
> + return 0;
> + }
>
> memcpy(s->session->tlsext_hostname, sdata, len);
>
> s->session->tlsext_hostname[len]='\0';
>if
> (strlen(s->session->tlsext_hostname) != len) {
> @@ -452,7 +461,8 @@
>
>}
>else
> - - s->servername_done =
> strlen(s->session->tlsext_hostname) == len
> + s->servername_done =
> s->session->tlsext_hostname
> + &&
> strlen(s->session->tlsext_hostname) == len
>&&
> strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
>
>br
RE: How to get the Serial Number
> From: owner-openssl-us...@openssl.org On Behalf Of bhaarat pachori
> Sent: Saturday, 13 November, 2010 08:23
> Actually I am trying to get the Serial number of the der encoded
certificate
>
> AOL_Member_CA.der. For the better understanding I am attaching my
code
Your code appears to process whatever file is specified as argv[1].
I'll assume that is AOL_Member_CA.der but it doesn't really matter.
> struct x509cert_info {
> unsigned char subject[256];
> int subject_len;
> unsigned char issuer[256];
> int issuer_len;
> unsigned char serialnum[128];
> int serialnum_len;
>};
It isn't really safe to assume that DNs (issuer and subject names)
are <= 256 bytes (encoded); see below. There are perfectly valid
naming schemes which produce longer names. Although if you only
handle certs under some particular CA hierarchy, such as AOL,
that might impose limits, I don't know.
I don't believe the standards actually limit serialnum either,
but in practice I believe there is no reason anyone should ever
use more than about 32 bytes, so 128 should be pretty safe.
>static int parse_certificate(struct x509cert_info *cert,
> unsigned char *data, int len)
>{
> X509 *x;
> unsigned char *p;
> const unsigned char *pp;
> int n;
>
> pp = data;
> x = d2i_X509(NULL, &pp, len);
> if (!x) {
> g_printerr ("OpenSSL error during X509 certificate
parsing");
> return -1;
> }
For an error return from libcrypto, you should look at OpenSSL's
error queue. http://www.openssl.org/support/faq.html#PROG6
If you need to do your I/O through glib, as you seem to be doing,
you may need something more like:
u_long err;
while( (err = ERR_get_error()) != 0 ){
ERR_error_string (err, buffer);
/* output and/or log string in buffer */
}
> p = cert->subject;
> n = i2d_X509_NAME(x->cert_info->subject, &p);
> if (n < 0)
> {
> g_printerr("OpenSSL error while encoding subject name");
> return -1;
> }
Ditto in principle, but I don't think i2d(mem) can actually fail
for valid data, which any d2i_X509 return should be.
> printf("\nThe Certificate Subject name is %s\n",p);
The result of DER-encoding is not a C string, and it is
both wrong and unsafe to printf with %s, or strcpy etc.
(Some DN components might not even be characters.)
> if (n > (int)sizeof (cert->subject))
> {
> g_printerr("subject name too long");
> return -1;
> }
In general this is too late, i2d_ has already clobbered memory.
For your case, cert->subject is in a struct followed by field(s)
that don't matter at this point, and so is cert->issuer next.
(i and sn are file-static variables)
> p = cert->serialnum;
> n = i2d_ASN1_INTEGER(x->cert_info->serialNumber, &p);
> if(i==0)
> {
> g_print("\nThe certificate serial number is copied in
serialnumber\n");
> if(g_strlcpy((gchar *)sn, (const gchar
*)x->cert_info->serialNumber, sizeof(sn)))
> {
> i++;
> printf("\nSerial number copied successfully
%s\n",sn);
> }
> }
The serialNumber field in X509->X509_CINF is an ASN1_OBJECT;
it doesn't contain actual data, only pointer, length, and flags.
Saving it at all without properly managing the memory it points
to is unsafe and useless, and assuming those glib(?) routines
do what their names look like, trying to copy it and later compare
it as a C string won't work right, because it's not a C string.
(And the actual pointed-to value isn't a C string either.)
If you want the actual value you need to extract it, but since
you've just (trivially) encoded it into cert->serialnum, and
you normally can't do anything useful with a serial as a number,
why not just use the encoding?
Finally it's not clear what your search is looking for. If you
are looking under a given issuer ONLY, then serial should be
unique (assuming no one can fake the issuer name, or you use
AKID/SKID which are collision-resistant hashes). But in general
across multiple issuers you cannot assume serials are unique.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0b testssl fails
On Tue, Nov 16, 2010 at 11:36:50PM +0100, Mounir IDRASSI wrote: > Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under > Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. > > I don't see anything OS specific in the changes introduced in t1_lib.c or > s3_srvr.c. Could it be a gcc bug? No, rather the tests on Windows are not as comprehensive as those on Unix. There is no tls1 test. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Openssl 1.0.0b make test fails
I have now tried building Openssl 1.0.0b with and without -shared and on SuSE 11.3 as well as two CentOS 5.5 systems. All fail at the same point. I verified the MD5 and SHA1 checksums? Any ideas? Carter Browne CBCS cbro...@cbcs-usa.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0b testssl fails
On Tue, Nov 16, 2010, Mounir IDRASSI wrote: > Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under > Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. > > I don't see anything OS specific in the changes introduced in t1_lib.c or > s3_srvr.c. Could it be a gcc bug? > No, the Windows build uses different tests from a batch file which doesn't include the failing test. If you manually run the same command line under Windows it fails on that too. Fix is this: http://cvs.openssl.org/chngview?cn=19998 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0b testssl fails
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error. I don't see anything OS specific in the changes introduced in t1_lib.c or s3_srvr.c. Could it be a gcc bug? -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/16/2010 9:56 PM, Dr. Stephen Henson wrote: On Tue, Nov 16, 2010, Victor Duchovni wrote: Anyone know why I am seeing the below errors: ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: 10 handshakes of 256 bytes done Approximate total server time: 0.00 s Approximate total client time: 0.01 s Dang, I'm seeing that too now. Why didn't I see that when I tested it earlier today? I'll look into it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0b testssl fails
On Tue, Nov 16, 2010, Victor Duchovni wrote:
> On Tue, Nov 16, 2010 at 03:48:13PM -0500, Victor Duchovni wrote:
>
> >
> > Anyone know why I am seeing the below errors:
> >
> > ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert
> > ../apps/server2.pem -no_dhe -num 10 -f -time
> > Available compression methods:
> > NONE
> > DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit
> > RSA
> > ERROR in SERVER
> > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse
> > tlsext:s3_srvr.c:1043:
>
> Running under gdb with symbols seems to the suggest the issue is with
> the ec
>
> else if (type == TLSEXT_TYPE_ec_point_formats &&
> s->version != DTLS1_VERSION)
> {
> unsigned char *sdata = data;
> int ecpointformatlist_length = *(sdata++);
>
> if (ecpointformatlist_length != size - 1)
> {
> *al = TLS1_AD_DECODE_ERROR;
> return 0;
> }
> if (!s->hit)
> {
> if(s->session->tlsext_ecpointformatlist)
> {
> ---> fail here --->
> *al = TLS1_AD_DECODE_ERROR;
> return 0;
> }
>
> Is this related to the CVE fix to the session state? Some other change?
>
Yes the CVE fix broke it. It was assuming that the session fields would only
be set by extensions so if they were already set the extension (illegally)
occurred more than once: but in the case of EC point format list it can be
set elsewhere anyway.
This should fix it:
http://cvs.openssl.org/chngview?cn=19998
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0b testssl fails
On Tue, Nov 16, 2010 at 03:48:13PM -0500, Victor Duchovni wrote:
>
> Anyone know why I am seeing the below errors:
>
> ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem
> -no_dhe -num 10 -f -time
> Available compression methods:
> NONE
> DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit
> RSA
> ERROR in SERVER
> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse
> tlsext:s3_srvr.c:1043:
Running under gdb with symbols seems to the suggest the issue is with
the ec
else if (type == TLSEXT_TYPE_ec_point_formats &&
s->version != DTLS1_VERSION)
{
unsigned char *sdata = data;
int ecpointformatlist_length = *(sdata++);
if (ecpointformatlist_length != size - 1)
{
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
if (!s->hit)
{
if(s->session->tlsext_ecpointformatlist)
{
---> fail here --->
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
Is this related to the CVE fix to the session state? Some other change?
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0b released
Make test fails here too RHEL 5.5 64bit, 12gb mem, 8 core xeon Lee included: rsa test tls1 with 1024bit RSA, no DHE, multiple handshakes Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 46958729697248:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: 10 handshakes of 256 bytes done Approximate total server time: 0.00 s Approximate total client time: 0.00 s make[1]: *** [test_ssl] Error 1 make[1]: Leaving directory `/tmp/openssl-1.0.0b/test' make: *** [tests] Error 2 On 11/16/2010 02:19 PM, Carter Browne wrote: > Make test fails with Openssl 1.0.0b. > > Configure option: make -shared > > Attached is the CPU information. The same code tested without issues on VC > 2008. Operating system is CentOS 5.5 with all current patches applied. > > Carter > > > Carter Browne > CBCS > cbro...@cbcs-usa.com > -- Leonard F. Elia III, CISSP 757.864.5009 Sr. System Administrator LITES - NASA Langley Research Center Science Systems & Applications, Inc., Hampton VA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0b testssl fails
On Tue, Nov 16, 2010, Victor Duchovni wrote: > > Anyone know why I am seeing the below errors: > > ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem > -no_dhe -num 10 -f -time > Available compression methods: > NONE > DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit > RSA > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > ERROR in SERVER > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse > tlsext:s3_srvr.c:1043: > 10 handshakes of 256 bytes done > Approximate total server time: 0.00 s > Approximate total client time: 0.01 s > Dang, I'm seeing that too now. Why didn't I see that when I tested it earlier today? I'll look into it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 1.0.0b testssl fails
Anyone know why I am seeing the below errors: ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time Available compression methods: NONE DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: ERROR in SERVER 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043: 10 handshakes of 256 bytes done Approximate total server time: 0.00 s Approximate total client time: 0.01 s -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
building openssl libs in a build farm
Greetings, I was hoping to solicit users' feedback on how OpenSSL is getting built for distributed environments. How are you guys building the code stack? Do you use the shipped ./config --prefix=xx --install-prefix=xx and resultant Makefile without modification? We ran into an issue building OpenSSL in the continuous integration environment. By default, the build process wants to use absolute paths. This became a problem when we migrate the artifacts to other machines. We resolved this by using environment variables in the build process and discarding the info in pkg-config. How do you overcome this issue? Thanks! -nicholas
Re: OpenSSL 1.0.0b released
Make test fails with Openssl 1.0.0b.
Configure option: make -shared
Attached is the CPU information. The same code tested without issues on VC
2008. Operating system is CentOS 5.5 with all current patches applied.
Carter
Carter Browne
CBCS
cbro...@cbcs-usa.com
test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
test BN_mul
test BN_div
test BN_div_word
test BN_div_recp
test BN_mod
test BN_mod_mul
test BN_mont
test BN_mod_exp
test BN_mod_exp_mont_consttime
test BN_exp
test BN_kronecker
..++
test BN_mod_sqrt
.
.
.
.
.
.
.
.
...
.
.
.
...
.
...
.
...
.
..
.
..
.
test BN_GF2m_add
test BN_GF2m_mod
test BN_GF2m_mod_mul
test BN_GF2m_mod_sqr
test BN_GF2m_mod_inv
test BN_GF2m_mod_div
test BN_GF2m_mod_exp
test BN_GF2m_mod_sqrt
test BN_GF2m_mod_solve_quad
verify
BN_add
verify
BN_sub..
verify
BN_lshift1
verify BN_lshift
(fixed)
verify
BN_lshift
verify
BN_rshift1
verify
BN_rshift
verify
BN_sqr
verify
BN_mul..
verify
BN_div
verify
BN_div_word
verify
BN_div_recp
verify
BN_mod
verify
BN_mod_mul
verify BN_mont.
verify BN_mod_exp.
verify BN_mod_exp_mont_consttime.
verify BN_exp.
verify BN_kronecker
verify BN_mod_sqrt
verify BN_GF2m_add
verify BN_GF2m_mod
verify BN_GF2m_mod_mul
verify BN_GF2m_mod_sqr
verify BN_GF2m_mod_inv
verify BN_GF2m_mod_div
verify BN_GF2m_mod_exp
verify BN_GF2m_mod_sqrt
verify BN_GF2m_mod_solve_quad
2220 tests passed
Generating a 512 bit RSA private key
..
.
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:e...@mincom.oz.au
verify OK
Error opening certificate file ../certs/*.pem
3086465676:error:02001002:system library:fopen:No such file or
directory:bss_file.c:392:fopen('../certs/*.pem','r')
3086465676:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:39
OpenSSL 0.9.8p released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8p released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8p of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release which addresses CVE-2010-3864. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We consider OpenSSL 0.9.8p to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8p is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.8p.tar.gz Size: 3772501 MD5 checksum: 7f24047f70364c9eabc94899e356ce39 SHA1 checksum: 4ba43f4110432d7518c4f5d7be79077705ae7f16 The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTOKrWqLSm3vylcdZAQI9TQgAoOc6MYIpS/f4nSH6YLD4aC91tAHoHLT1 ayU64tK3BmPjPGh3ffxfoaSl8HM/qYiZrsZfzxI+DGHOvNh516eI2Sv0vhzgQVwz ofCwwgoukJjrV2KWCF1Yjf6rVgRnDYTZJFjRpnR+GH+gnOUZnh23buCmtPDRMJ0h Tnl1G+tfYL2Wy4jGV9uuh9kA/3y41tD/B1T6sV0WGFvwy6y6yLmQC01QeVe1i09P 1OxjgJtq9S5cbaxMQr9EB5aMJ7YFOaIJjCNDAURT0zO1u/vGRVRMTfFXScfFCzLh QGYqfRPDuQ1ItM8I1lR3EsaPgrtdhI3Twkl8SUmPhpuhny11gjVSjQ== =u7Yw -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [16 November 2010]
TLS extension parsing race condition.
=
A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer overrun attack.
The OpenSSL security team would like to thank Rob Hulswit for reporting this
issue.
The fix was developed by Dr Stephen Henson of the OpenSSL core team.
This vulnerability is tracked as CVE-2010-3864
Who is affected?
=
All versions of OpenSSL supporting TLS extensions contain this vulnerability
including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.
Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses
OpenSSL's internal caching mechanism. Servers that are multi-process and/or
disable internal session caching are NOT affected.
In particular the Apache HTTP server (which never uses OpenSSL internal
caching) and Stunnel (which includes its own workaround) are NOT affected.
Recommendations for users of OpenSSL
=
Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release
which contains a patch to correct this issue.
If upgrading is not immediately possible, the relevant source code patch
provided in this advisory should be applied.
Patch for OpenSSL 0.9.8 releases
Index: ssl/t1_lib.c
===
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.27
diff -u -r1.13.2.27 t1_lib.c
- --- ssl/t1_lib.c 12 Jun 2010 13:18:58 - 1.13.2.27
+++ ssl/t1_lib.c15 Nov 2010 15:20:14 -
@@ -432,14 +432,23 @@
switch (servname_type)
{
case TLSEXT_NAMETYPE_host_name:
- - if (s->session->tlsext_hostname == NULL)
+ if (!s->hit)
{
- - if (len >
TLSEXT_MAXLEN_host_name ||
- -
((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+ if(s->session->tlsext_hostname)
+ {
+ *al =
SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (len >
TLSEXT_MAXLEN_host_name)
{
*al =
TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
+ if
((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+ {
+ *al =
TLS1_AD_INTERNAL_ERROR;
+ return 0;
+ }
memcpy(s->session->tlsext_hostname, sdata, len);
s->session->tlsext_hostname[len]='\0';
if
(strlen(s->session->tlsext_hostname) != len) {
@@ -452,7 +461,8 @@
}
else
- - s->servername_done =
strlen(s->session->tlsext_hostname) == len
+ s->servername_done =
s->session->tlsext_hostname
+ &&
strlen(s->session->tlsext_hostname) == len
&&
strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
break;
Patch for OpenSSL 1.0.0 releases
Index: ssl/t1_lib.c
===
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.64.2.14
diff -u -r1.64.2.14 t1_lib.c
- --- ssl/t1_lib.c 15 Jun 2010 17:25:15 - 1.64.2.14
+++ ssl/t1_lib.c15 Nov 2010 15:26:19 -
@@ -714,14 +714,23 @@
switch (servname_type)
{
OpenSSL 1.0.0b released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0b released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0b of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release which addresses CVE-2010-3864. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We consider OpenSSL 1.0.0b to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0b is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0b.tar.gz Size: 4019360 MD5 checksum: 104deb3b7e6820cae6de3f49ba0ff2b0 SHA1 checksum: cccb125b29f2fa209edb114258d22aeca4e871a2 The checksums were calculated using the following commands: openssl md5 openssl-1.0.*.tar.gz openssl sha1 openssl-1.0.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEUAwUBTOKiDqLSm3vylcdZAQJwxgf1FDJjm+Y44fA6HCNnD65b6cK1dY5OrCwo c5EvGwu//zEn6DzxFuwP2zpvX/6p7cMXxBn02ltjSpoky0HqL5A60cH21cdaVnF5 mbt/2gNWO0IJfQhCkr5kg764wAa0JAyyHxNzSLNNFhZSHd6JzVK9w5NLDD335WL7 Tng9J6aA9UeFbFDoI2EyCIaW4aUXNGvYTTrJQPP5g3Vyov7JRQoPIH3XS+7OTztS 5zzAOLu1jOxRQ0RWGIXS+zBt6NuDwm1riqX/y96rlMl2kieJk1SDxI29mZOWX1K1 xRd32oC1Si08AJIBWYU20FiY6JcPU3vaKmSXXl57g+/eJmk0uL4+ =CH5s -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Verify p7m countersignatures
Hi all, I'm trying to successfully analyze and verify a p7m file with countersignatures with OpenSSL 0.9.8o I didn't find the right place\point where the pkcs7_verify function analyzes the unauthenticated attributes for countersignatures so I started to write the countersignatures verify function on my own following some hints that I found in an old post. Now I'm arrived at the point where I'm able to find any countersignature at any level but I don't now how to verify them! I mean, if I'm right I have to digest the countersignature parent's content (signerinfo->enc_digest->data) with the same algorithm used for the countersignature, and then compare it with the right digest present in the countersignature (how?), but I don't know which are the right functions to use to get the countersignature certificate, verify it and so on. If I'm wrong and there is a function that does what I need, please show it to me!! All suggestions are welcome. Thanks, Pietro -- Pietro Petteni I videogiochi non influenzano i bambini. Voglio dire, se Pac-Man avesse influenzato la nostra generazione, staremmo tutti saltando in sale scure, masticando pillole magiche e ascoltando musica elettronica ripetitiva" [KristianWilson.Nintendo Inc.1989]
