[openssl-users] Issue with openssl 1.0.2 20150713 SNAP
Script started on Mon Jul 13 09:31:31 2015 doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150713$ make test testing... (cd ..; make build_libcrypto) making all in crypto... ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o mem_clr.o test -z || ar r ../libcrypto.a fipscanister.o /usr/bin/ranlib ../libcrypto.a || echo Never mind. making all in crypto/objects... --snip B-A s2 Alice's key = B068AC36CDC90250641AF4606E0048DF3A0561553C08B83C99C789BB39B939A684107038372C535A0705643C3F2851F566479DEF3C793D73051940EC874CD99524B381D048E165AD8F7BEF0A319C02C2CA573BB677CEC4ADAAAC20D3572953446879ACC3D7AFBCDA30CE5D763513C1341E4140D6F0943532C200D930EA11670 Bob's key = 9EA673E21E39CE73EBEA90F05BA0D27E98AEC0656F7965BC53288161B0650EC39DB113A9B9934C09F992F510B30213D78FA9CDC060EDAC89DEAFD0567A9DC96AF16DA36EED7E2C3260452EDBB9FFB865604468214A2585356AAAF8DA6DB692A5462EE70130B33815E99CB2EDE1869228D6B412A052B723105B0967BF7D3B1634 A-B s3a Bob fails to process Alice's step 3a 134523940:error:3106706A:lib(49):JPAKE_STEP3A_process:hash of hash of key mismatch:jpake.c:468: Test SRP ../util/shlib_wrap.sh ./srptest ls: error initializing month strings N = EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F50E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3 g = 2 Salt = CA7A12BF214AD8B48AFFA57DCF53C7C0C61A54 Verifier = 7066AEA8AB18B0821E5D3CD00F7F98CB94C78DB253AA06575FBC03E7520F88A467E99EA465C3C8A097088EDE96B29C736352E99BCE732873AFFAB3598E7AE1D257B9AD904D962352CF6342FEB3327BC1E502AB3D74BF45DB2AA861881BFCDCC8F51C70B4630D540C13E87907C9E23444FFE343839A871B87407B47F9EEFF2403 b = 3F3EED693B0D07C9634D5F85D892973F35D06EF19FE3271AD01DC28955487B2F B = DF16088E6D7FC3EB530D871CC409C8540E574E67C37E2C14CDE8E9FB438F0B0CCAF4C828B20FA3120DD480E9055274293A222CCBEDDE81C4933644C26FB37CC40576A5D8FF79819692D387D5BA93C30EAE81DD17CDFC27EFB09B3EFA6756715553173CC10F95F87A4589A1B4EFD5352A11399F30D5CED778C21AE3D86BB98F14 a = 2A4108A36B01C8AC1AC717476D07F7252C6363CA496067FEA674EEA26C5BDA7C A = E7BB81797A777379FE47D5DFDBE4068F428D62C995A8B807C3169AEB50BE9C26D2CEA69B1629C7BBE8F32832D789E75FEEE4ED58168BF2705C81654D1CC49C2F7C89EA2C60485CA8423C1805C0C9777DE435A80C3EDD68BC88330AA56ACF31BE11197D49DFB535B0A8B49A8A00BBFF28B5E4CE1F1E415A1DBB4D31572F2207E2 Client's key = B78BA41033BAE5A590D21D8FBE32123D3A83E74B0133B93A197471A5F7326222114683CED5462D37C815B786929C477E4AF9B38B43B319E7010ACE79257CCC878391AF7FB3F31AB91135206C51DFAB660B15A9ADAFB4DE68C9B36A69B07088551F54110D7C850908778B8722CD1D2AB6EEA4D86EC964CB9417201F6363864CF0 Server's key = 18C1C2AB1FDC019A6A1232D757067112351DB1595E2CA72482A99B8C10EA7143CB5902C5EE54032FBBB74E24DF82D494D64D0A770EE5DFB1A7E5DCC254D95A3355627CC89EE5068BA27742BB7D7161F96F4168B7D11CF096FD58B98952BCB951A4370795BAA3DF0B50E42D3A6E5292ED6ABA90823D3E443E19ECFAC2A20BCE87 Keys mismatch N = EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F50E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3 g = 2 Salt = 2A2BF6FB6389674026167D5FF7B927BBD064C7B9 Verifier = 180623D9BD188CC0F1894A3904E1104A40ED12C04971E9F490963FEDAD1AB2C7321BA3BE917647EB3F1C1DD37B31C8E042C87A107CA365548F74D8F7CED9B69EABDCF431EEC3A31683C707D3D03FC50AF7B8ADEABE8EBB79B5804C4AC5E4CE25D170412C7C4C5A5C647374DC87B8477144409192850785847CC33CFC6C6829BE b = 6EFC82296DC581D66CE1215E92880C1488CC8D3D119C2B6E9D75404B44FA4485 B = 1A522B755B2109D112BA6C021A909A981A9EC97A0D9D8CCDAAC56DCDD12D6279240DC49660347A4D5C32B04D186D27E8B7986DDF5228E2063D48CD82AC3A6E871EDFE6D7F1A630D8255A793A2603A7FF499A0A82E2D786CE7CC11800EE330EF545278C3A5990282590682D054DBADC56CD21432C661D1B2E67DFD1E631343E00 a = 1C38E9768B7C774C5FD19B7DF566D245741525FDEBA8D97C2C6B3FE08EC9391C A = DBE7BD72650C98D39F9F17842E7EA989D8F795B870E4F72D6A36A5A17C8E7A1DE5D1F372405EF46A51641F91B678E563D042B12E22D1BE65299B79EF725DCD7FF2AFD51D560D1A82190781D8AACC411A64C6DF2934BD88B81E567AFC801F6DDA3CEE7D37D170A6A7878EBBC2F71716612364CCD53BAFB98B6D6BDDB99D163B7A Client's key = B2B40F4E998845AC21E57FBD0446DF0E7B44CDAA903C8027E143C891482B93D7DB51C7AD52587679F2A72BCB2848DF1BE5327C4337332292EC436C335795813E21F607A803FCF31703B6C7BF3FBD58F3310055D8D8D9FDF39C574A30A283AD3BD713DE86DDE1BCF0A97A160FC9693AE9C9700332BBD3030D5F01BDF390A12F28 Server's key = B2B40F4E998845AC21E57FBD0446DF0E7B44CDAA903C8027E143C891482B93D7DB51C7AD52587679F2A72BCB2848DF1BE5327C4337332292EC436C335795813E21F607A803FCF31703B6C7BF3FBD58F3310055D8D8D9FDF39C574A30A283AD3BD713DE86DDE1BCF0A97A160FC9693AE9C9700332BBD3030D5F01BDF390A12F28 CMS consistency test /root/bin/perl5 cms-test.pl ls: error initializing month strings ls: error initializing month strings ls: error
[openssl-users] openssl fips package for openssl-0.9.8zg
Hi All, Please let me know what is the compatible openssl-fips package for the 0.9.8zg version. When i try with with openssl-1_2_4, I am getting the below error bash 3.2:90gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DHMAC_EXT=\${HMAC_EXT:-sha1}\ -DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso fips_premain.c ../libcrypto.a -ldl ../libcrypto.a(err_def.o): In function `ERR_get_state': err_def.c:(.text+0x710): multiple definition of `ERR_get_state' ../libcrypto.a(fipscanister.o):(.text+0x10c30): first defined here /auto/cmtools/i686-pc-linux-gnu/linuxtoolchain-r5/u3m/usr/bin/ld: Warning: size of symbol `ERR_get_state' changed from 28 in ../libcrypto.a(fipscanister.o) to 839 in ../libcrypto.a(err_def.o) ../libcrypto.a(err_def.o): In function `ERR_remove_state': err_def.c:(.text+0xa60): multiple definition of `ERR_remove_state' ../libcrypto.a(fipscanister.o):(.text+0x10cc0): first defined here /auto/cmtools/i686-pc-linux-gnu/linuxtoolchain-r5/u3m/usr/bin/ld: Warning: size of symbol `ERR_remove_state' changed from 41 in ../libcrypto.a(fipscanister.o) to 189 in ../libcrypto.a(err_def.o) collect2: ld returned 1 exit status bash 3.2:91 Thanks, Gayathri ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CVE-2015-1793 only on cert-based client auth?
On Mon, Jul 13, 2015 at 01:03:09PM -0400, Colin Edwards wrote: I've been reading/hearing different opinions on the recent vulnerability for cert chain forging that was patched (CVE-2015-1793). Some people are saying the vulnerability only exists if a system is using certificate-based client authentication (mutual auth, where both server and client are authenticated). `Basically, that the chain forging can only be done on the client side. Others are saying certs can be forged on the server, on implementations that use only server-side authentication, and if the client is using OpenSSL it will verify/accept the forged chain. The could effectively result in MitM against OpenSSL clients. It's whenever a certificate is received (and validated). This means either: - A client is authenticating a server (server authentication) - A server is authenticating a client (client authentication) Of course both could be happening for the same connection. It's much more common that the client authenticates the server. Certainly for https client authentication is uncommon. Also, for https the client ussually isn't OpenSSL based, except for android. Kurt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj
On 13/07/2015 12:22, Victor Wagner wrote: On Mon, 13 Jul 2015 12:25:40 +0530 Nayna Jain naynj...@in.ibm.com wrote: Hi all, I am programmatically generating the self signed certificate and need to specify the Not Before and Not After date, Wanted to understand what all formats are acceptable by this API ? X509_set_notAfter and X509_set_notBefore API expect ASN1_TIME structure. You can use ASN1_TIME_set function to fill this structure. It expects integer time_t value. X509_cmp_time also expects integer time_t value. So integer number of seconds since the beginning of the epoch (1.1.1970 GMT) is everything you need. There is also ASN1_TINE_set_string function, which does deal with some datetime format, but I suggest never use it. Use C runtime library function strptime, which allows to specify format explicitely or mktime to prepare time_t value from the user input. And use OpenSSL ASN1_TIME_print function to convert ASN1_TIME to human-readble form. Does ASN1_TIME_set_string() support dates outside the time_t range of the local libc? This is important when creating root certs with expiry dates after 2038 (specifically, any time = epoch+2**31). It is also important when creating self-signed Android apk signing certificates (which /must/ be valid for at least 30 years). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CVE-2015-1793 only on cert-based client auth?
On Tue, Jul 14, 2015 at 01:23:52PM -0400, Colin Edwards wrote: Thank you, Kurt. The information I was getting (from some sources) was that the vulnerability was only present in configurations where the server was authenticating a client certificate. The fact is, the vulnerability applies to certificate validation regardless of if it's on the client or server side. Right, and validation doesn't even have to be about TLS either. It's about any check of a certificate chain. Kurt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] beginner needs advice on data signature/verification
(continuing top posting to keep thread consistent) Note that the point of using an X.509 signature at file creation time and/or client approval time was to reuse the internal file structure that is already designed to hold that particular signature format (specifically, the internal file structure that would eventually hold the final signature, which was already specified to be in that format). Thus the idea was to simplify and reuse code, given the existence of code, tools and data formats to sign those particular files with X.509 signatures. This was also (presumably) the reason Microsoft did it this way. But yes, of cause if the file generation is already secure, then the secure file generation machine should apply an initial signature and the client just add some kind of counter-signature authorizing this particular one of the securely generated files. On 24/06/2015 15:24, Michael Wojcik wrote: In Marco's original description, the file is created by a trusted system and then transmitted to the client. Then, later, the client transmits it to the server, which verifies the contents. If the file is signed by the creating system, it doesn't matter if the client is compromised. A compromised client can refuse to send the file, or it can send a forged or corrupted file, but the server can dectect all of those cases. It's not clear from Marco's description whether the system that creates the file can perform the signing process, but I don't see any reason (in the description) why not. It would help if this point were clarified. The Windows driver-signing process and similar look wildly overengineered for Marco's purposes, if my understanding of his requirements is correct. They have a very different threat model - and that's why this isn't a common requirement. Windows drivers are created by thousands of organizations and consumed by thousands of end users. Marco has files created on a trusted system (or handful of trusted systems) he controls, and verified by trusted systems he controls. His followup message below says data has to be signed with an X.509 certificates public key that already exists. I'm guessing this actually means data has to be signed with the private key corresponding to a public key that happens to be in an X.509 certificate that already exists. That doesn't mean X.509 PKI must be used; X.509 isn't some sort of virus that infects everything it touches (appearances to the contrary). There's an asymmetric key pair of some sort - RSA probably - and we need to use it for signing. Fine. Here's what I'd do: the originating trusted system creates the data and runs openssl rsautl -sign with appropriate parameters to create a signature. (Just script the openssl command-line utility; this is a trusted system, so why reimplement the code?) Add the signature to the proprietary file format. Send the whole thing to the client. Client subsequently sends the signed data and signature to the server, as part of a file in the proprietary format, along with whatever unsigned data is included. Server extracts the signed data and signature, and uses openssl rsautl -verify to verify it. Michael Wojcik Technology Specialist, Micro Focus (original text snipped) Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj
This is important when creating root certs with expiry dates after 2038 Not an issue for openssl. As long as you use ASN1_TIME values, it's okay. Might be an issue if converting to time_t on 32-bit platforms. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj
if ASN1_TINE_set_string() avoids that limitation, despite Victor's suggestion to never use it. It does avoid the limitation, using only |struct tm| to hold parsed fields, and not building a |time_t| from it. Not sure why Viktor doesn't like it. It seems to me it's the only portable thing to ues. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Has the support for SPARC architecture crypto extensions been Implemented?
I am doing some tests using OpenSSL command line utility 'openssl'. My tests show regarding to the performance of executable ‘openssl’ there is no difference between 1.0.1p and 1.0.2d. Here is the test results. ksol1% ./1.0.1p/shared64bit/openssl/bin/openssl speed -evp aes-128-cbc WARNING: can't open config file: /usr/local/ssl/openssl.cnf Doing aes-128-cbc for 3s on 16 size blocks: 19705194 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 5257594 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 1361128 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 34 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 43029 aes-128-cbc's in 3.00s OpenSSL 1.0.1p-fips 9 Jul 2015 built on: Thu Jul 9 23:22:11 2015 options:bn(64,32) rc4(ptr,char) des(ptr,risc1,16,int) aes(partial) blowfish(ptr) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN - DHAVE_DLFCN_H -DOPENSSL_BUILD -KPIC -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xd epend -Xa -DB_ENDIAN -DOPENSSL_BN_ASM_MONT -I/leo_ocsdev/qun/csi/allbuilt/main10 /built/ant-generated/fips-sun_svr4/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 105094.37k 112162.01k 116149.59k 117191.00k 117497.86k ksol1% ksol1% ./1.0.2d/shared64bit/openssl/bin/openssl speed -evp aes-128-cbc WARNING: can't open config file: /usr/local/ssl/openssl.cnf Doing aes-128-cbc for 3s on 16 size blocks: 18777502 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 5066291 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 1317102 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 331672 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 40739 aes-128-cbc's in 3.00s OpenSSL 1.0.2d-fips 9 Jul 2015 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(ptr,risc1,16,int) aes(partial) blowfish(ptr) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN - DHAVE_DLFCN_H -DOPENSSL_BUILD -KPIC -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xd epend -Xa -DB_ENDIAN -I/leo_ocsdev/qun/csi/allbuilt/main12/built/ant-generated/f ips-sun_svr4/include The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 100146.68k 108080.87k 112392.70k 113210.71k 111244.63k ksol1% I built 'openssl' on Solaris 11.1 using the following commands. Configure no-idea no-mdc2 no-rc5 no-asm solaris64-sparcv9-cc -KPIC make clean make make test make install Anyone knows how to let OpenSSL applications or utilities use SPARC crypto accelerator? Thanks in advance, Aaron -- View this message in context: http://openssl.6102.n7.nabble.com/Has-the-support-for-SPARC-architecture-crypto-extensions-been-Implemented-tp58866p59161.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj
On 14/07/2015 21:50, Salz, Rich wrote: This is important when creating root certs with expiry dates after 2038 Not an issue for openssl. As long as you use ASN1_TIME values, it's okay. Might be an issue if converting to time_t on 32-bit platforms. Victor suggested to use only ASN1_TIME_set() together with libc parsing functions. That would obviously not work outside the libc time_t range, hence my question if ASN1_TINE_set_string() avoids that limitation, despite Victor's suggestion to never use it. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Disable SSL3 for Windows 32 Distros?
Hello, I¹ve made several attempts to compile various versions of OpenSSL, the latest being 1.0.2d for Win32. Although many attempts to compile have been successful and the dlls (and .exe) usable, I have not been able to successfully disable SSLv3. I attempted on a Windows 7 box using VC 2010, I can compile without no-ssl2 no-ssl3, however, when I try to use no-ssl3, I end up getting linker errors. I notice that the ssleay32.def still has references to SSLv3 and SSLv23. When I attempt to remove these and try to compile again, it continues to fail. When I could not make this work, I switched to ubuntu and did a cross compile using mingw. In this case I can pass no-ssl2 and no-ssl3 (I even tried disable-ssl2 disable-ssl3 disable-ssl3-method) and it all compiles fine. However, when I scan the application that is using the port, I can still see SSLv3 is used (accepted for a few ciphers): Rejected SSLv3 256 bits ADH-AES256-SHA Rejected SSLv3 256 bits DHE-RSA-AES256-SHA Rejected SSLv3 256 bits DHE-DSS-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Rejected SSLv3 128 bits ADH-AES128-SHA Rejected SSLv3 128 bits DHE-RSA-AES128-SHA Rejected SSLv3 128 bits DHE-DSS-AES128-SHA Accepted SSLv3 128 bits AES128-SHA Rejected SSLv3 168 bits ADH-DES-CBC3-SHA Rejected SSLv3 56 bits ADH-DES-CBC-SHA Rejected SSLv3 40 bits EXP-ADH-DES-CBC-SHA Rejected SSLv3 128 bits ADH-RC4-MD5 Rejected SSLv3 40 bits EXP-ADH-RC4-MD5 Rejected SSLv3 168 bits EDH-RSA-DES-CBC3-SHA Rejected SSLv3 56 bits EDH-RSA-DES-CBC-SHA Rejected SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA Rejected SSLv3 168 bits EDH-DSS-DES-CBC3-SHA Rejected SSLv3 56 bits EDH-DSS-DES-CBC-SHA Rejected SSLv3 40 bits EXP-EDH-DSS-DES-CBC-SHA Accepted SSLv3 168 bits DES-CBC3-SHA Rejected SSLv3 56 bits DES-CBC-SHA Rejected SSLv3 40 bits EXP-DES-CBC-SHA Rejected SSLv3 128 bits IDEA-CBC-SHA Rejected SSLv3 40 bits EXP-RC2-CBC-MD5 Rejected SSLv3 128 bits RC4-SHA Rejected SSLv3 128 bits RC4-MD5 Rejected SSLv3 40 bits EXP-RC4-MD5 Rejected SSLv30 bits NULL-SHA Rejected SSLv30 bits NULL-MD5 Is there a bug for windows that prevents generating dlls that do not support sslv3? If anyone has been able to compile it and confirmed no ssl3, I would really appreciate any guidance (and a copy of your ssleay32,dll, libeay32.dll, and openssl.exe). Thanks in advance. Jay Jay A Trombley, PMP Office : +1 (802) 458-0814 Mobile : +1 (415) 238.4780 Fax : +1 (802) 329.2064 Skype : jay.trombley Web : http://www.linkedin.com/in/jaytrombley ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Has the support for SPARC architecture crypto extensions been Implemented?
Some additional information here. When testing the default openssl installed in /usr/bin/ on Solaris 11, I saw a much better result below. Hence I believe OpenSSL utility 'openssl' built by me does not use the hardware crypto accelerators at all. Anyone knows the reason? Thanks, Aaron ksol1% /usr/bin/openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 113798920 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 64 size blocks: 48425338 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 14613535 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 3768123 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 488001 aes-128-cbc's in 3.00s OpenSSL 1.0.0k 5 Feb 2013 built on: date not available options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,int) aes(partial) blowf ish(ptr) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 608957.43k 1033073.88k 1247021.65k 1286185.98k 1332568.06k -- View this message in context: http://openssl.6102.n7.nabble.com/Has-the-support-for-SPARC-architecture-crypto-extensions-been-Implemented-tp58866p59162.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl fips package for openssl-0.9.8zg
Hi Jacob, I have used openssl-fips-1_2_4 with openssl 0.9.8zf and not found any issue. For my environment, just I upgraded my openssl version from 0.9.8zf to zg. Thanks, Gayathri On Wed, Jul 15, 2015 at 12:36 AM, Jakob Bohm jb-open...@wisemo.com wrote: On 14/07/2015 12:35, Gayathri Manoj wrote: Hi All, Please let me know what is the compatible openssl-fips package for the 0.9.8zg version. As far as I know you need to use the file http://www.openssl.org/source/openssl-fips-1.2.4.tar.gz with the specific HMAC checksum specified in the applicable FIPS security policy as securely downloaded from the US GovernmentCMVP web page under the applicable certification listing. Once you have obtained and checked that document and file, compile the downloaded file *exactly* as specified in the securely downloaded security policy. Only then can you start using the resulting fipscanister with openSSL 0.9.8zg source code to create a fips-capable OpenSSL library. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to let OpenSSL applications/utilities use SunSPARC crypto accelerators?
Hello OpenSSL folks, I noticed that the OpenSSL command line utility 'openssl' built in Solaris 11.1 does not use SunSPARC crypto accelerators. From the change log of OpenSSL 1.0.2, I saw the following description. Changes between 1.0.1l and 1.0.2 [22 Jan 2015] ... *) Support for SPARC Architecture 2011 crypto extensions, first implemented in SPARC T4. This covers AES, DES, Camellia, SHA1, SHA256/512, MD5, GHASH and modular exponentiation. [Andy Polyakov, David Miller] ... My understanding is that starting from OpenSSL 1.0.2, OpenSSL applications/utilities would use SunSPARC crypto accelerator in Solaris 11.1 which has the accelerator. However my tests show there is no difference between the performance of 'openssl' 1.0.1p and that of its 1.0.2d counterpart. ksol1% ./1.0.1p/shared64bit/openssl/bin/openssl speed -evp aes-128-cbc WARNING: can't open config file: /usr/local/ssl/openssl.cnf Doing aes-128-cbc for 3s on 16 size blocks: 19705194 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 5257594 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 1361128 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 34 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 43029 aes-128-cbc's in 3.00s OpenSSL 1.0.1p-fips 9 Jul 2015 built on: Thu Jul 9 23:22:11 2015 options:bn(64,32) rc4(ptr,char) des(ptr,risc1,16,int) aes(partial) blowfish(ptr) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN - DHAVE_DLFCN_H -DOPENSSL_BUILD -KPIC -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xd epend -Xa -DB_ENDIAN -DOPENSSL_BN_ASM_MONT -I/leo_ocsdev/qun/csi/allbuilt/main10 /built/ant-generated/fips-sun_svr4/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 105094.37k 112162.01k 116149.59k 117191.00k 117497.86k ksol1% ./1.0.2d/shared64bit/openssl/bin/openssl speed -evp aes-128-cbc WARNING: can't open config file: /usr/local/ssl/openssl.cnf Doing aes-128-cbc for 3s on 16 size blocks: 18777502 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 5066291 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 1317102 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 331672 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 40739 aes-128-cbc's in 3.00s OpenSSL 1.0.2d-fips 9 Jul 2015 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(ptr,risc1,16,int) aes(partial) blowfish(ptr) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN - DHAVE_DLFCN_H -DOPENSSL_BUILD -KPIC -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xd epend -Xa -DB_ENDIAN -I/leo_ocsdev/qun/csi/allbuilt/main12/built/ant-generated/f ips-sun_svr4/include The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 100146.68k 108080.87k 112392.70k 113210.71k 111244.63k I built 'openssl' on Solaris 11.1 using the following commands. Configure no-idea no-mdc2 no-rc5 no-asm solaris64-sparcv9-cc -KPIC make clean make make test make install When testing the default openssl installed in /usr/bin/ on Solaris 11.1, I saw a much better result below. ksol1% /usr/bin/openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 113798920 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 64 size blocks: 48425338 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 14613535 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 3768123 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 488001 aes-128-cbc's in 3.00s OpenSSL 1.0.0k 5 Feb 2013 built on: date not available options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,int) aes(partial) blowf ish(ptr) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 608957.43k 1033073.88k 1247021.65k 1286185.98k 1332568.06k Hence I believe OpenSSL utility 'openssl' built by me does not use the hardware crypto accelerators at all. I wonder if anyone knows the reason. Thanks in advance, Aaron -- View this message in context: http://openssl.6102.n7.nabble.com/How-to-let-OpenSSL-applications-utilities-use-SunSPARC-crypto-accelerators-tp59163.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl fips package for openssl-0.9.8zg
On 14/07/2015 12:35, Gayathri Manoj wrote: Hi All, Please let me know what is the compatible openssl-fips package for the 0.9.8zg version. As far as I know you need to use the file http://www.openssl.org/source/openssl-fips-1.2.4.tar.gz with the specific HMAC checksum specified in the applicable FIPS security policy as securely downloaded from the US GovernmentCMVP web page under the applicable certification listing. Once you have obtained and checked that document and file, compile the downloaded file *exactly* as specified in the securely downloaded security policy. Only then can you start using the resulting fipscanister with openSSL 0.9.8zg source code to create a fips-capable OpenSSL library. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CVE-2015-1793 only on cert-based client auth?
Thank you, Kurt. The information I was getting (from some sources) was that the vulnerability was only present in configurations where the server was authenticating a client certificate. The fact is, the vulnerability applies to certificate validation regardless of if it's on the client or server side. I'm going to assume what those sources were probably augmenting their assessment with their own risk analysis and decided that the only place the risk exists (not vulnerability) is in clients presenting forged certificates in situations where client auth is implemented. That would make sense (like you said) if we're talking about https, because basically no browsers are implemented using OpenSSL, so presenting a forged server cert to a client is basically a scenario that will not happen. But it could happen for other apps that use OpenSSL in their comm stack, even if they are only using server authentication. Thanks again, Colin Edwards CISSP, GCIH, GCWN, GSEC, MCSE -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Kurt Roeckx Sent: Tuesday, July 14, 2015 1:06 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] CVE-2015-1793 only on cert-based client auth? On Mon, Jul 13, 2015 at 01:03:09PM -0400, Colin Edwards wrote: I've been reading/hearing different opinions on the recent vulnerability for cert chain forging that was patched (CVE-2015-1793). Some people are saying the vulnerability only exists if a system is using certificate-based client authentication (mutual auth, where both server and client are authenticated). `Basically, that the chain forging can only be done on the client side. Others are saying certs can be forged on the server, on implementations that use only server-side authentication, and if the client is using OpenSSL it will verify/accept the forged chain. The could effectively result in MitM against OpenSSL clients. It's whenever a certificate is received (and validated). This means either: - A client is authenticating a server (server authentication) - A server is authenticating a client (client authentication) Of course both could be happening for the same connection. It's much more common that the client authenticates the server. Certainly for https client authentication is uncommon. Also, for https the client ussually isn't OpenSSL based, except for android. Kurt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users