Re: OpenSSL 1.0.0 beta5 release
Problem (small) with x86_64: asm/x86_64-gcc.c:102:1: warning: "sqr" redefined Probably a missing #undef sqr in crypto/bn/asm/x86_64-gcc.c:64 Best, -- Emanuele Cesena Il corpo non ha ideali smime.p7s Description: S/MIME cryptographic signature
Debug on x86_64 for openssl-1.0.0-beta2
Is there a reason to not have a debug-linux-x86_64 entry in Configure? I've tried adding such line (without libefence) and I only got 2 warnings. Please find in attachment a working patch. After applying the patch, on my x86_64 platform openssl compiles with: ./config [-shared] -d -Werror The first warning is due to BN_CTX_DEBUG: an unsigned int printed as "% 08x". I don't know which is the best way to solve this issue according to OSSL best practice, for this reason I have omitted -DBN_CTX_DEBUG in the compiler flags. The second one is a double definition of the sqr macro in bn. #undef sqr was missing at crypto/bn/asm/x86_64-gcc.c:66 Finally I've tested s_server-s_client with valgrind (and -DPURIFY) and I got no errors, only 8 missing free(). The following is s_server: ==23185== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 6 from 2) ==23185== malloc/free: in use at exit: 480 bytes in 8 blocks. ==23185== malloc/free: 4,926 allocs, 4,918 frees, 390,160 bytes allocated. ==23185== For counts of detected errors, rerun with: -v ==23185== searching for pointers to 8 not-freed blocks. ==23185== checked 286,800 bytes. Best, -- Emanuele Cesena Il corpo non ha ideali diff -ur openssl-orig/Configure openssl-devel/Configure --- openssl-orig/Configure 2009-04-06 16:31:34.0 +0200 +++ openssl-devel/Configure 2009-07-06 17:09:00.697041757 +0200 @@ -347,6 +347,7 @@ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-x86_64", "gcc:-m64 -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", SPARC Linux setups # Ray Miller has patiently diff -ur openssl-orig/crypto/bn/asm/x86_64-gcc.c openssl-devel/crypto/bn/asm/x86_64-gcc.c --- openssl-orig/crypto/bn/asm/x86_64-gcc.c 2009-01-11 17:17:26.0 +0100 +++ openssl-devel/crypto/bn/asm/x86_64-gcc.c 2009-07-06 17:09:00.634041755 +0200 @@ -63,6 +63,7 @@ #undef mul #undef mul_add +#undef sqr /* * "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
Re: SSL: problem with bio in 0.9.9?
On Mon, 2009-06-15 at 14:30 +0200, Dr. Stephen Henson wrote: > > I was trying curl/libcurl compiled against OpenSSL 0.9.9. > > I noticed a very strange behaviour that I was able to workaround with a > > couple of sleep(). > > > > Curl fails to connect with: > > curl: (52) SSL read: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 > > alert unexpected message, errno 11 > > > > The behaviour is proper of the 0.9.9, neither 0.9.8 or 1.0.0 are > > affected, however I'd like to understand which is the cause. > > > > I'm not sure what you mean by that. 0.9.9 will never be released but 1.0.0 > will. Are you saying that 1.0.0 snapshots work OK? > yes 1.0.0 works ok. However I can't understand which is the difference between 0.9.9 and 1.0.0 which makes things working... I diff-ed the code between 0.9.9 and 1.0.0, but I can't find any difference close to sleep() I put. This is just to have a better knowledge of one of the OpenSSL internals, probably obscure to me ;-) Best, -- Emanuele Cesena Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
SSL: problem with bio in 0.9.9?
Hi all, I was trying curl/libcurl compiled against OpenSSL 0.9.9. I noticed a very strange behaviour that I was able to workaround with a couple of sleep(). Curl fails to connect with: curl: (52) SSL read: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message, errno 11 The behaviour is proper of the 0.9.9, neither 0.9.8 or 1.0.0 are affected, however I'd like to understand which is the cause. As far as I understand debugging, curl registers it's own BIO (socket) for the SSL object: curl-dist/lib/ssluse.c:1518 if(!SSL_set_fd(connssl->handle, sockfd)) { ... My workaround is in ssl3_connect: just put a couple of sleep and everything works well. s3_clnt.c: if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); *** sleep(1); *** for (;;) ... case SSL3_ST_CW_CLNT_HELLO_B: s->shutdown=0; ret=ssl3_client_hello(s); if (ret <= 0) goto end; s->state=SSL3_ST_CR_SRVR_HELLO_A; s->init_num=0; *** sleep(1); *** /* turn on buffering ...*/ if (s->bbio != s->wbio) s->wbio=BIO_push(s->bbio,s->wbio); break; Actually I went into more details, and I saw that the failure is due to: ssl3_client_hello > ssl3_do_write > ssl3_write_bytes > do_ssl3_write > ssl3_write_pending > BIO_write > b->method->bwrite Unfortunately is quite difficult to debug, since debugging step by step the connection slows down and --similarly as putting the sleep()-- everything goes well. Any idea? Best, -- Emanuele Cesena Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Google summer of code?
On Wed, 2009-02-25 at 11:44 +0200, Billy Brumley wrote: > I implemented a prototype for this, some details are given in (p5, Tbl > 2), signing and verifications see roughly a 50% speedup: > BTW, http://eprint.iacr.org/2009/086 bye! -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali smime.p7s Description: S/MIME cryptographic signature
Re: Google summer of code?
On Wed, 2009-02-25 at 11:41 +0100, Emanuele Cesena wrote: > Other interesting topics (in my order of preference) could be: [snip] Yet another interesting topic: stream ciphers. The ESTREAM projects announced a portfolio of 4 new stream ciphers: http://www.ecrypt.eu.org/stream/endofphase3.html bye! -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL Default Engine
On Fri, 2009-02-20 at 17:24 +0100, Franz TRIERWEILER wrote: > The source code refers to the “RSAref” engine as an example of > home-made engine but this does not seem to be the default engine. By > default, which default software engine is used in the project? > the default software engine *is* openssl. You usually find source of this engine in method/method_ossl.c or method/method_eay.c E.g. crypto/rsa/rsa_eay.c crypto/ecdsa/ecs_ossl.c bye! -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Google summer of code?
On Wed, 2009-02-25 at 11:44 +0200, Billy Brumley wrote: > Perhaps I should be more detailed ;) I'm interested in providing > Koblitz curve specific functionality to the elliptic curve portion of > OpenSSL--they are currently treated as regular binary curves. All > point doublings can be replaced by a simpler operation called the > Frobenius map, leading to quite a speed improvement. > Cool! I have a bit of experience on this too: http://caccioppoli.mac.rub.de/website/papers/tzv2.pdf So I could be interested in this topic (if working in more than one person is allowed). Other interesting topics (in my order of preference) could be: 1. Pairing-based cryptography, at least Barreto-Naerigh curves (currently I added a BN curve and use OpenSSL for scalar multiplications, but I use a Miracl-based engine to compute pairing) 2. Direct Anonymous Attestation protocol (I have a several piece of code: generic DAA, DAA with TPM, DAA with BN curves, DAA extension to TLS) 3. Trace Zero Varieties (cf. the above paper). They are faster than ECC but, unfortunately, not standardized... so maybe this only would fit in an experimental branch and is not actually useful. bye! -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Google summer of code?
On Sun, 2009-02-22 at 19:51 +0200, Billy Brumley wrote: > Hi--hopefully this is the correct list. Is there any chance of openssl > participating as a mentor organization for Google summer of code? > I will also be very interested! bye! -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Serializing EC points (part II)
Hi all, following crypto/asn1/x_bignum.c, I wrote asn1-related functions (new/free/i2d/d2i) for EC_POINT, and defined an ASN1_PRIMITIVE_FUNCS to map EC_POINTs to octect strings. However I have a problem. Let's consider for instance the _new() function, which has prototype: int oct_ec_point_new(ASN1_VALUE **pval, const ASN1_ITEM *it) It relies on EC_POINT_new(). Unfortunately EC_POINT_new() requires an EC_GROUP as parameter. I solved with a workaround by invoking EC_GROUP_get_default_group(), a new dirty function which returns exactly the group I need. Now the question: is there a way to pass parameters, like an EC_GROUP, to asn1-related functions? Best, -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Serializing EC points
Hi all, is there any reason to have not serialization functions (i2d/d2i) for points of elliptic curves (EC_POINT)? I found in ECPARAMETERS-related functions that points (actually, the generator) are serialized through EC_POINT_point2oct into ASN1_OCTET_STRING (->base). Wouldn't be possible to define a serialization function directly for EC_POINTs (as done with BIGNUM/CBIGNUM)? This way, one could define structures with EC_POINTs and rely on IMPLEMENT_ASN1_ALLOC_FUNCTIONS to automatically produce id2/d2i functions... Best, -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Adding an EC to OpenSSL
On Mon, 2009-01-19 at 22:48 +0100, Dr. Stephen Henson wrote: > They are auto generated from the objects.txt file. > thanks, solved. bye! -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: TLS Alert protocol
Ok, let me simplify. Can I use ssl3_send_alert() at the application layer? Regards -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
TLS Alert protocol
Hi all, some time ago we wrote about a general framework to implement TLS Extensions and Supplemental Data messages. We are now dealing with errors/failures, and the related message to be send as part of the TLS Alert protocol. Let's begin with the simpler case: TLS Extensions. Since there are already examples, it seems clear that an extension can fail whenever it wants (still within the TLS Handshake) and it usually fails with: - SSLerr for local output - ssl3_send_alert() to notify to the peer. The error is usually an SSL_AD_HANDSHAKE_FAILURE (or maybe an internal error). That's why we plan to: - let an extension call SSLerr - let an extension to return an error code, which our framework will send through ssl3_send_alert(). Any comment on that? Next step, Supplemental Data. By RFC, SD should not "compromise" the Handshake protocol: Information provided in a supplemental data object MUST be intended to be used exclusively by applications and protocols above the TLS protocol layer. Any such data MUST NOT need to be processed by the TLS protocol. So we process SD after the handshake, e.g. in s3_srvc.c in the very last line of ssl3_accept() before returning (resp. on client side in ssl3_connect()). The point is: are we allowed to use the Alert protocol in order to notify to the peer that the verification of SD failed? In case, what error message should be appropriate? We planned to implement SD as extensions, this means: - SD can locally output errors with SSLerr - SD can return an error code, which will be forwarded to the peer by our framework. Shall we restrict the allowed return error codes? Just to give an example of usage, we are designing an extension which: - on client side negotiates a single SD entry, with a digital signature on some data. - on server side verifies the client's digital signature, and abort the close the channel in case of failure. Best regards -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Adding an EC to OpenSSL
Hi all, I'd like to add a new elliptic curve to the internal list of OpenSSL but I have some troubles defining objects. I added the parameters in crypto/ec/ec_curve.c as well as the entry in the list curve_list (I tested them with ectest.c, hardcoding the parameters). Looking at the source code, I deduced I have to define somehow a corresponding object (crypto/objects/obj_mac.h, obj_dat.h). Is there any documentation about objects? Shall I manually modify these files, or is there any semi-automatic way to populate their content? Thanks in advance -- Emanuele Cesena http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Pairing-based crypto
Hi, I probably have to implement pairing-based crypto exploiting openssl's bn arithmetic. Specifically, I will implement Barreto-Naehrig curves with embedding degree 12 at high level security, 256-bit. For more details, please refer to: http://citeseer.ist.psu.edu/barreto05pairingfriendly.html http://eprint.iacr.org/2007/390.pdf I wonder if anyone already thought to include PBC within openssl, at least at experimental level. If so (or even if not), I would be pleased to share opinions on the design. bye! -- Emanuele Cesena <[EMAIL PROTECTED]> http://ecesena.dyndns.org Il corpo non ha ideali __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]