Re: FIPS Module 1.2 build with Visual Studio 2010 fails self-tests

2012-04-15 Thread Vimol Kshetrimayum 
Andy Polyakov appro at openssl.org writes:

 
  I tested this on the x86 version of the DLL and I imagine it will fix
  the x64 DLL as well (they both reported the same error).  It looks
  like this setting will need to be added for VS2010.
 
 As mentioned [in another reply], I was under impression that x64 code is
 always position-independent, i.e. I'd expect x64 to work even if
 relocated. Oh well... Closer look revealed that .text segment, code
 itself, *is* indeed position-independent, but not .rdata, which is also
 fingerprinted. In order for this to work it is implied that compiler
 moves relocatable data from .rdata segment. Unix compiler actually do
 that, but apparently not Windows A.
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev at openssl.org
 Automated List Manager   majordomo at openssl.org
 
 



I am facing same issue when I built x64 version of FIPS object module (1.2.3)and
openSSL 0.9.8.u on Windows 7 with Visual Studio 2010.

As suggested in this thread, I have edited the openssl-0.9.8u\ms\ntdll.mak  and
added /FIXED flag in LFLAGS as below.

LFLAGS=/FIXED /nologo /subsystem:console /opt:ref 

Now, out32dll/fips_test_suite.exe running successfully after compiling with
/FIXED linker option. 

However, my sample application which is linking dynamically with libeay32.dll is
returning same finger print mismatch error.Sample application also links with
/FIXED linker option. 

dumpbin shows no randomization code in DLL characteristics for both
libeay32.dll and sample application.

Here is the link lines for libeay32.dll:

perl util\fipslink.pl /FIXED /nologo /subsystem:console /opt:ref /dll /map 
/base:0xFB0 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
@C:\Users\VIMOL_~1\AppData\Local\Temp\nm9209.tmp 


Value of DLL characteristics from dumpbin:

 100 DLL characteristics
   NX compatible


Is the above value of link line and DLL characteristics correct? Or did I miss
anything? Or is OS forcefully loading the libeay32.DLL  at randomized address?


Thanks,
-Vimol


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2789] SHA-256 bug - Big endian arch

2012-04-15 Thread Pavel Stanek via RT 

HI,
 
You are right, the optimalisations are the issue.
When I compile it with O0 then it's OK.
 
I also found that problem occurs in macros Siga0,1 Maj, ...
Wth O0 there are correct valus but with O2 there are incorrect values.
 
Compiler must have some problem there.
( I also test to modify variables declaration to volatile and that helps too. )
 
So definetly we could close this issue with result broken compiler.
( which really makes me unhappy)
 
Many thanks for your time.
 
Best regars
Pavel
 
 
__
 Od: Andy Polyakov via RT 
 Komu: 
 Datum: 14.04.2012 10:41
 P?edm?t: Re: [openssl.org #2789] SHA-256 bug - Big endian arch

 We have been using older version of Openssl (0.9.8c) and this one has
 same problem.

Even though 0.9.8c is more sensitive to endianness (sha256_block
function accepts additional 'host' flag, which caller can get wrong), it
should have worked as long as -DB_ENDIAN is passed. Later versions work
even without [LB]_ENDIAN. But in either case endianness was always taken
into account and code was actually tested on both big- and little-endian
platforms.

 Used compiler is not perfect and often has prolem with O3 so i
 already tried Os (doesn't work) and O2 - thats work ok. So I suppose
 that optimalisations are not the issue.

You don't know that till you pass -O0. Please do test.

 I tested both SMALL FOOTPRINT and normal code and both has same
 problem.
 
 I also have own SHA256 implementation ( implemented as defined in
 standard ) from another project. So when I replace the core of SHA256
 computation (sha256 hash update ) with my implementation it works ok.
  Then all tests (make tests) passed without errors. So it's not
 exactly endian problem, but SHA256 implementation on SH architecture.

Does it mean that we agree that it looks more like compiler problem than
problem with OpenSSL source code?

 Our implementation is using rotation as defined in standart but
 Openssl uses opposite.

I find it hard to believe that rotation direction is responsible.

 SH3 architecture in Big endian is not so
 common so there could be some unexpected bahaviour in compiler.

SH processors are capable of operating in either endianness. So that
formally you can't say SH *architecture* is big-endian, you can only
say this particular SH-based system is big-endian. As far as I
understand endianness is determined by logical level fed to specific CPU
pin at power-up.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: Compile error with MinGW-w64

2012-04-15 Thread Jonathan Liu 

On 14/04/2012 12:50 AM, Andy Polyakov wrote:

What happens if you add wait; at the very end of
crypto/asm/sha1-x86_64.pl?


It just hangs.

Regards,
Jonathan
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: FIPS Module 1.2 build with Visual Studio 2010 fails self-tests

2012-04-15 Thread Vimol Kshetrimayum 
Andy Polyakov appro at openssl.org writes:

 
  I tested this on the x86 version of the DLL and I imagine it will fix
  the x64 DLL as well (they both reported the same error).  It looks
  like this setting will need to be added for VS2010.
 
 As mentioned [in another reply], I was under impression that x64 code is
 always position-independent, i.e. I'd expect x64 to work even if
 relocated. Oh well... Closer look revealed that .text segment, code
 itself, *is* indeed position-independent, but not .rdata, which is also
 fingerprinted. In order for this to work it is implied that compiler
 moves relocatable data from .rdata segment. Unix compiler actually do
 that, but apparently not Windows A.
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev at openssl.org
 Automated List Manager   majordomo at openssl.org
 
 


I am facing same issue when I built x64 version of FIPS object module (1.2.3)and
openSSL 0.9.8.u on Windows 7 with Visual Studio 2010.

As suggested in this thread, I have edited the openssl-0.9.8u\ms\ntdll.mak  and
added /FIXED flag in LFLAGS as below.

LFLAGS=/FIXED /nologo /subsystem:console /opt:ref 

Now, out32dll/fips_test_suite.exe running successfully after compiling with
/FIXED linker option. 

However, my sample application which is linking dynamically with libeay32.dll is
returning same finger print mismatch error.Sample application also links with
/FIXED linker option. 

dumpbin shows no randomization code in DLL characteristics for both
libeay32.dll and sample application.

Here is the link lines for libeay32.dll:

perl util\fipslink.pl /FIXED /nologo /subsystem:console /opt:ref /dll /map 
/base:0xFB0 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
@C:\Users\VIMOL_~1\AppData\Local\Temp\nm9209.tmp 


Value of DLL characteristics from dumpbin:

 100 DLL characteristics
   NX compatible


Is the above value of link line and DLL characteristics correct? Or did I miss
anything? Or is OS forcefully loading the libeay32.DLL  at randomized address?


Thanks,
-Vimol





__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2791] [PATCH] fix -DOPENSSL_NO_SOCK on sunos

2012-04-15 Thread Ben Noordhuis via RT 
Hi,

This patch compiles out BIO_socket_nbio() and the body of
BIO_new_ssl_connect() if OPENSSL_NO_SOCK is set.

* BIO_socket_nbio() looks like its author forgot to put it in the #ifndef block.

* BIO_new_ssl_connect() calls BIO_s_connect() which is compiled out by
OPENSSL_NO_SOCK. It makes the linker on Solaris error out.

I would appreciate it if you could land this patch.

Thanks,

Ben Noordhuis



0001-fix-DOPENSSL_NO_SOCK-on-sunos.patch
Description: Binary data

Re: FIPS Module 1.2 build with Visual Studio 2010 fails self-tests

2012-04-15 Thread Dr. Stephen Henson 
On Sun, Apr 15, 2012, Vimol Kshetrimayum wrote:

 Andy Polyakov appro at openssl.org writes:
 
  
   I tested this on the x86 version of the DLL and I imagine it will fix
   the x64 DLL as well (they both reported the same error).  It looks
   like this setting will need to be added for VS2010.
  
  As mentioned [in another reply], I was under impression that x64 code is
  always position-independent, i.e. I'd expect x64 to work even if
  relocated. Oh well... Closer look revealed that .text segment, code
  itself, *is* indeed position-independent, but not .rdata, which is also
  fingerprinted. In order for this to work it is implied that compiler
  moves relocatable data from .rdata segment. Unix compiler actually do
  that, but apparently not Windows A.
  __
  OpenSSL Project http://www.openssl.org
  Development Mailing List   openssl-dev at openssl.org
  Automated List Manager   majordomo at openssl.org
  
  
 
 
 I am facing same issue when I built x64 version of FIPS object module 
 (1.2.3)and
 openSSL 0.9.8.u on Windows 7 with Visual Studio 2010.
 
 As suggested in this thread, I have edited the openssl-0.9.8u\ms\ntdll.mak  
 and
 added /FIXED flag in LFLAGS as below.
 
 LFLAGS=/FIXED /nologo /subsystem:console /opt:ref 
 
 Now, out32dll/fips_test_suite.exe running successfully after compiling with
 /FIXED linker option. 
 
 However, my sample application which is linking dynamically with libeay32.dll 
 is
 returning same finger print mismatch error.Sample application also links with
 /FIXED linker option. 
 
 dumpbin shows no randomization code in DLL characteristics for both
 libeay32.dll and sample application.
 
 Here is the link lines for libeay32.dll:
 
 perl util\fipslink.pl /FIXED /nologo /subsystem:console /opt:ref /dll /map 
 /base:0xFB0 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
 @C:\Users\VIMOL_~1\AppData\Local\Temp\nm9209.tmp 
 
 
 Value of DLL characteristics from dumpbin:
 
  100 DLL characteristics
NX compatible
 
 
 Is the above value of link line and DLL characteristics correct? Or did I miss
 anything? Or is OS forcefully loading the libeay32.DLL  at randomized address?
 
 

Try adding: /fixed explicitly to the linker rule for libeay32.dll, it is the
section beginning:

$(O_CRYPTO): ...

Alternatively you can add it to the MLFLAGS line in the makefile but that will
affect ssleay32.dll too. If that doesn't work try /dynamicbase:no /fixed

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2778] [BUG:] OpenSSL 1.0.1 x86_64: d1_pkt.c(444): OpenSSL internal error, assertion failed: t = 0

2012-04-15 Thread Andy Polyakov via RT 
 http://cvs.openssl.org/chngview?cn=22334 is interim solution,
 proper solution will be provided at later point (if found appropriate).
 
 Thanks, this circumvents the DTLS issue.
 
 The TLS empty fragments issue remains,

http://cvs.openssl.org/chngview?cn=22390


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2635] 1/n-1 record splitting technique for CVE-2011-3389

2012-04-15 Thread Andy Polyakov via RT 
 Here is an experimental patch I wrote that implements the 1/n-1
 record splitting technique for OpenSSL. I am sending it here for
 consideration by OpenSSL upstream developers.
 
 By default the 0/n split is used but in case the
 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag is set, we split the first
 record with 1/n-1.

What would you [and others] say about this alternative? Non-committed,
relative to HEAD...

Index: ssl/s3_pkt.c
===
RCS file: /e/openssl/cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.94
diff -u -w -r1.94 s3_pkt.c
--- ssl/s3_pkt.c15 Apr 2012 14:14:22 -  1.94
+++ ssl/s3_pkt.c15 Apr 2012 14:41:08 -
@@ -685,13 +685,14 @@
/* countermeasure against known-IV weakness in CBC ciphersuites
 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
 
-   if (s-s3-need_empty_fragments  type == 
SSL3_RT_APPLICATION_DATA)
+   if (s-s3-need_empty_fragments  type == 
SSL3_RT_APPLICATION_DATA  len1)
{
/* recursive function call with 'create_empty_fragment' 
set;
 * this prepares and buffers the data for an empty 
fragment
 * (these 'prefix_len' bytes are sent out later
 * together with the actual payload) */
-   prefix_len = do_ssl3_write(s, type, buf, 0, 1);
+   prefix_len = do_ssl3_write(s, type, buf, 1, 1);
+   buf++, len--;
if (prefix_len = 0)
goto err;
 
@@ -827,6 +828,10 @@
 */
return wr-length;
}
+   else if (prefix_len)
+   {
+   buf--, len++;
+   }
 
/* now let's set up wb */
wb-left = prefix_len + wr-length;

Re: Compile error with MinGW-w64

2012-04-15 Thread Andy Polyakov 
 What happens if you add wait; at the very end of
 crypto/asm/sha1-x86_64.pl?
 
 It just hangs.

'which perl'? If not /bin/perl, i.e. non-MSYS perl, then I'd suggest to
complement MSYS installation with MSYS perl.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #2781]

2012-04-15 Thread Andy Polyakov via RT 
Leandro Santiago via RT wrote:
 I also tested with mingw64:gcc and mingw:gcc. The results were the
 same in the three machines. And I'm using a no-patched openssl
 downloaded from openssl.org.

Where :gcc come from? As Roumen mentioned, it's mingw [or mingw64], not
mingw:gcc, mingw32:gcc, nor ming64:gcc.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org