[openssl-dev] [openssl.org #3790] [PATCH] The wrong ifdef is used to gaurd usage of PSK code
In the commit "Rewrite ssl_asn1.c using new ASN.1 code." (cc5b6a0) the
wrong ifdef is used to gaurd usage of PSK code.
---
Kurt Cancemi
>From 32533cb9cf698745171ff7d74413156bfef7036f Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Thu, 9 Apr 2015 09:54:38 -0400
Subject: [PATCH] The wrong ifdef is used to gaurd usage of PSK code
---
ssl/ssl_asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index fb2a495..b6e7849 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -109,7 +109,7 @@ typedef struct {
long tlsext_tick_lifetime_hint;
ASN1_OCTET_STRING *tlsext_tick;
#endif
-#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_PSK
ASN1_OCTET_STRING *psk_identity_hint;
ASN1_OCTET_STRING *psk_identity;
#endif
--
2.3.5
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3789] CMS: Segmentation fault when using subject key identifier and EC
Hi, OpenSSL segfaults when trying to create an encrypted CMS data envelope using subject key identifier and EC. Have tested this in version 1.0.2a and latest 1.1.0 release as of today (2015-04-09) with the same result. Example: $ openssl version OpenSSL 1.0.2a 19 Mar 2015 $ openssl ecparam -name prime192v1 -genkey -out ec.key $ openssl req -x509 -new -key ec.key -out ec.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: $ echo "Text to encrypt" > text.txt $ openssl cms -encrypt -keyid -in text.txt -outform DER -recip ec.crt -out out.dat Segmentation fault: 11 If I remove the 'keyid' switch it will work as expected. Best regards, Jonas Peterson ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] PKCS7_verify() behavior - possible bug ?
Hi all,
I was looking at the behavior of PKCS7_verify(). It seems that, if the
flags are set to 0, then the function will assume that the "smime_sign"
purpose is to be used when verifying the certificate, however, if the
PKCS7_NOCHAIN is actually used, it seems that the purpose is not
checked. From the code (crypto/pkcs7/pk7_smime.c - line ~320 - function
PKCS7_verify() ):
if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k <
sk_X509_num(signers); k++) {
signer = sk_X509_value (signers, k);
if (!(flags & PKCS7_NOCHAIN)) {
if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
p7->d.sign->cert))
{
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
sk_X509_free(signers);
return 0;
}
X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer,
NULL)) {
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
sk_X509_free(signers);
return 0;
}
if (!(flags & PKCS7_NOCRL))
X509_STORE_CTX_set0_crls(&cert_ctx,
p7->d.sign->crl);
i = X509_verify_cert(&cert_ctx);
if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
X509_STORE_CTX_cleanup(&cert_ctx);
if (i <= 0) {
PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
ERR_add_error_data(2, "Verify error:",
X509_verify_cert_error_string(j));
sk_X509_free(signers);
return 0;
}
/* Check for revocation status here */
}
Is this the desired behavior or if this is an error ? In other words,
shouldn't the "smime_sign" purpose be checked in both cases ? I am
asking because I am trying to understand if this behavior is going to be
fixed / changed in the future or not (i.e., can we rely on the fact that
by using the PKCS7_NOCHAIN flag the "smime_sign" purpose will not be
checked) ?.
Thanks,
Max
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] EC based certificates not supported in CMS - why?
On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote:
> I am affraid EC certs do not work in CMS openSSL 1.0.2. I just wrote a
> simple test procedure:
>
> void cmsTest()
> {
> //this RSA works
> //auto certFileBio = BIO_new_file("c:\\a\\simplersa_noPem.cer", "rb");
> //auto prvKeyFileBio = BIO_new_file("c:\\a\\simplersa_pkey.openssl",
> "rb");
>
> //this EC not
> auto certFileBio = BIO_new_file("c:\\a\\advancedbr256r1_noPem.cer", "rb");
> auto prvKeyFileBio = BIO_new_file("c:\\a\\advancedbr256r1_pkey.pkcs8",
> "rb");
>
> auto evpPkey = d2i_PrivateKey_bio(prvKeyFileBio, 0);
> auto cert = d2i_X509_bio(certFileBio, 0);
> stack_st_X509* certStack = sk_X509_new_null();
> sk_X509_push(certStack, cert);
> X509_STORE* store = X509_STORE_new();
> X509_STORE_add_cert(store, cert);
>
> //sign
> auto inFileBio = BIO_new_file("c:\\tmp\\0_inContent.txt", "rb");
> CMS_ContentInfo *cms = CMS_sign(cert, evpPkey, 0, inFileBio, 0);
> auto cmsOutFileBio = BIO_new_file("c:\\tmp\\1_signedCms.txt", "wb");
> auto res = PEM_write_bio_CMS_stream(cmsOutFileBio, cms, 0, 0);
> BIO_free(inFileBio);
> BIO_free(cmsOutFileBio);
>
> //encrypt
> inFileBio = BIO_new_file("c:\\tmp\\1_signedCms.txt", "rb");
> cms = CMS_encrypt(certStack, inFileBio, EVP_aes_128_cbc(), 0);
> auto ecnryptedCmsOutFileBio =
> BIO_new_file("c:\\tmp\\2_encryptedSignedCmsOut.txt", "wb");
> res = PEM_write_bio_CMS_stream(ecnryptedCmsOutFileBio, cms, 0, 0);
> BIO_free(inFileBio);
> BIO_free(ecnryptedCmsOutFileBio);
>
> //decrypt
> inFileBio = BIO_new_file("c:\\tmp\\2_encryptedSignedCmsOut.txt", "rb");
> cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
> auto decryptedCmsOutFileBio =
> BIO_new_file("c:\\tmp\\3_decryptedSignedCmsOut.txt", "wb");
> res = CMS_decrypt(cms, evpPkey, cert, 0, decryptedCmsOutFileBio, 0); //
> ERROR HERE **
> BIO_free(decryptedCmsOutFileBio);
> BIO_free(inFileBio);
>
> //verify/read content CMS
> inFileBio = BIO_new_file("c:\\tmp\\3_decryptedSignedCmsOut.txt", "rb");
> cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
> auto decodedCmsOutFileBio = BIO_new_file("c:\\tmp\\4_inContext.txt",
> "wb");
> res = CMS_verify(cms, certStack, store, 0, decodedCmsOutFileBio, 0);
> auto signers = CMS_get0_signers(cms);
> BIO_free(inFileBio);
> BIO_free(decodedCmsOutFileBio);
>
> //deinit
> EVP_PKEY_free(evpPkey);
> sk_X509_free(certStack);
> X509_STORE_free(store);
> BIO_free(certFileBio);
> BIO_free(prvKeyFileBio);
> }
>
> and it works perfectly if RSA certificate is used but It fails during
> decrypt if I use the brainpool based certificates.
> The error occurs in cms_env.c, cms_env_asn1_ctrl function
>
> int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
> {
> EVP_PKEY *pkey;
> int i;
> if (ri->type == CMS_RECIPINFO_TRANS)
> pkey = ri->d.ktri->pkey;
> else if (ri->type == CMS_RECIPINFO_AGREE) {
> EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
> if (!pctx)
> return 0;
> pkey = EVP_PKEY_CTX_get0_pkey(pctx);
> if (!pkey)
> return 0;
> } else
> return 0;
> if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
> return 1;
> i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
> // this returns 0 *
> if (i == -2) {
> CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
>CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
> return 0;
> }
> if (i <= 0) {
> CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
> return 0;
> }
> return 1;
> }
>
> the i = pkey->ameth->pkey_ctrl call returns 0 and error
> CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE is set.
>
The standard OpenSSL CMS tests in 1.0.2 include an ECDH test but using P-256.
Does the cms utility do the same?
Hmm... that might be something related to the use of brainPool: I'll check.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] EC based certificates not supported in CMS - why?
Hi, please ignore my previous email I debugged it a bit deeper and it turned out that in case of EC certificates the ecdh_cms_set_shared_info() function could not find "id-aes128-wrap" algo and I solved this by uncommenting following lines: OpenSSL_add_all_algorithms(void); OpenSSL_add_all_ciphers(void); OpenSSL_add_all_digests(void); that for some inexplicable reason ware commented by some very nasty creatue. 2015-04-09 15:20 GMT+02:00 Dr. Stephen Henson : > On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote: > > > Hi, > > > > currently openssl in CMS supports only RSA based certificates but EC > based > > certificates are supported in openssl TLS... so I assume that there is > > already a code that can sing/verify and perform key agreement (ECKA-EG > > ECKA-DH) using eliptic curves. > > > > Can someone please tell me if this will be a lot of work to use that code > > in CMS in a way that CMS could work with EC based certificates? > > > > OpenSSL 1.0.0 and later should support ECDSA in CMS. The use of ECDH is > quite > rare: most implementations just use RSA key exchange. OpenSSL 1.0.2 does > support ECDH though. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ___ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] EC based certificates not supported in CMS - why?
I am affraid EC certs do not work in CMS openSSL 1.0.2. I just wrote a
simple test procedure:
void cmsTest()
{
//this RSA works
//auto certFileBio = BIO_new_file("c:\\a\\simplersa_noPem.cer", "rb");
//auto prvKeyFileBio = BIO_new_file("c:\\a\\simplersa_pkey.openssl",
"rb");
//this EC not
auto certFileBio = BIO_new_file("c:\\a\\advancedbr256r1_noPem.cer", "rb");
auto prvKeyFileBio = BIO_new_file("c:\\a\\advancedbr256r1_pkey.pkcs8",
"rb");
auto evpPkey = d2i_PrivateKey_bio(prvKeyFileBio, 0);
auto cert = d2i_X509_bio(certFileBio, 0);
stack_st_X509* certStack = sk_X509_new_null();
sk_X509_push(certStack, cert);
X509_STORE* store = X509_STORE_new();
X509_STORE_add_cert(store, cert);
//sign
auto inFileBio = BIO_new_file("c:\\tmp\\0_inContent.txt", "rb");
CMS_ContentInfo *cms = CMS_sign(cert, evpPkey, 0, inFileBio, 0);
auto cmsOutFileBio = BIO_new_file("c:\\tmp\\1_signedCms.txt", "wb");
auto res = PEM_write_bio_CMS_stream(cmsOutFileBio, cms, 0, 0);
BIO_free(inFileBio);
BIO_free(cmsOutFileBio);
//encrypt
inFileBio = BIO_new_file("c:\\tmp\\1_signedCms.txt", "rb");
cms = CMS_encrypt(certStack, inFileBio, EVP_aes_128_cbc(), 0);
auto ecnryptedCmsOutFileBio =
BIO_new_file("c:\\tmp\\2_encryptedSignedCmsOut.txt", "wb");
res = PEM_write_bio_CMS_stream(ecnryptedCmsOutFileBio, cms, 0, 0);
BIO_free(inFileBio);
BIO_free(ecnryptedCmsOutFileBio);
//decrypt
inFileBio = BIO_new_file("c:\\tmp\\2_encryptedSignedCmsOut.txt", "rb");
cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
auto decryptedCmsOutFileBio =
BIO_new_file("c:\\tmp\\3_decryptedSignedCmsOut.txt", "wb");
res = CMS_decrypt(cms, evpPkey, cert, 0, decryptedCmsOutFileBio, 0); //
ERROR HERE **
BIO_free(decryptedCmsOutFileBio);
BIO_free(inFileBio);
//verify/read content CMS
inFileBio = BIO_new_file("c:\\tmp\\3_decryptedSignedCmsOut.txt", "rb");
cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
auto decodedCmsOutFileBio = BIO_new_file("c:\\tmp\\4_inContext.txt",
"wb");
res = CMS_verify(cms, certStack, store, 0, decodedCmsOutFileBio, 0);
auto signers = CMS_get0_signers(cms);
BIO_free(inFileBio);
BIO_free(decodedCmsOutFileBio);
//deinit
EVP_PKEY_free(evpPkey);
sk_X509_free(certStack);
X509_STORE_free(store);
BIO_free(certFileBio);
BIO_free(prvKeyFileBio);
}
and it works perfectly if RSA certificate is used but It fails during
decrypt if I use the brainpool based certificates.
The error occurs in cms_env.c, cms_env_asn1_ctrl function
int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
{
EVP_PKEY *pkey;
int i;
if (ri->type == CMS_RECIPINFO_TRANS)
pkey = ri->d.ktri->pkey;
else if (ri->type == CMS_RECIPINFO_AGREE) {
EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
if (!pctx)
return 0;
pkey = EVP_PKEY_CTX_get0_pkey(pctx);
if (!pkey)
return 0;
} else
return 0;
if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
return 1;
i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
// this returns 0 *
if (i == -2) {
CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
return 0;
}
if (i <= 0) {
CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
return 0;
}
return 1;
}
the i = pkey->ameth->pkey_ctrl call returns 0 and error
CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE is set.
2015-04-09 15:20 GMT+02:00 Dr. Stephen Henson :
> On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote:
>
> > Hi,
> >
> > currently openssl in CMS supports only RSA based certificates but EC
> based
> > certificates are supported in openssl TLS... so I assume that there is
> > already a code that can sing/verify and perform key agreement (ECKA-EG
> > ECKA-DH) using eliptic curves.
> >
> > Can someone please tell me if this will be a lot of work to use that code
> > in CMS in a way that CMS could work with EC based certificates?
> >
>
> OpenSSL 1.0.0 and later should support ECDSA in CMS. The use of ECDH is
> quite
> rare: most implementations just use RSA key exchange. OpenSSL 1.0.2 does
> support ECDH though.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ___
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OID with length zero related bug
This is a corner case, but an interesting one.
An empty OBJECT IDENTIFIER has no meaning, since it can't identify
anything. Therefore, one shouldn't be able to allocate such a thing,
even less encode it.
The CSR is of course invalid, but the previous one was also invalid; OID
0.0 does not identify a signature algorithm (it's the OID { itu-t
recommendation }).
The decoding step of the "0600" hex sequence correctly produces a "BAD
OBJECT", since it's an invalid encoding of an OID.
So having an error when decoding such a CSR is a correct behaviour and
should be expected.
--
Erwann ABALEA
Le 09/04/2015 14:36, Juan Antonio Osorio a écrit :
Hi,
I've recently encountered that OpenSSL is sending some unexpected
errors when reading X.509 certificate requests, if the key is not
specified, or the CSR is not signed.
Now, this seems to happen because it now will specify a length=0 in
the ASN.1 structure since the OID is not set (since the key is not
specified). And I think this behaviour was introduced in this commit:
2e430277578d3dd586cd005682a54a59d6158146
So, when using asn1parse to read such a CSR, the section that would
contain the key has BAD OBJECT, and will throw an error such as
'invalid object encoding' from 'c2i_ASN1_OBJECT' when the certificate
is read or loaded. It used to be the case that it would return an OID
0.0 with length=1, but, like I said, this is not the case anymore.
I'm using OpenSSL 1.0.2a.
I reproduced this error while testing some code using pyOpenSSL. and
here's how I reproduced it: http://pastebin.com/Ky1e8Gz0
the asn1parse dump of the CSR that causes the error looks like this:
http://pastebin.com/2EvuaLsk
While, in OpenSSL 1.0.1f, (the version where I tested this problem
doesn't happen), it would look like this:
http://pastebin.com/0vzu2zzx
Now, I'm not sure how to actually report this bug, since I'm not sure
if it's a bug related to the way the CSRs are being interpreted, or a
bug related to how the ASN.1 structure is being written. Any insights?
BR
--
Juan Antonio Osorio R.
e-mail: jaosor...@gmail.com
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] EC based certificates not supported in CMS - why?
On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote: > Hi, > > currently openssl in CMS supports only RSA based certificates but EC based > certificates are supported in openssl TLS... so I assume that there is > already a code that can sing/verify and perform key agreement (ECKA-EG > ECKA-DH) using eliptic curves. > > Can someone please tell me if this will be a lot of work to use that code > in CMS in a way that CMS could work with EC based certificates? > OpenSSL 1.0.0 and later should support ECDSA in CMS. The use of ECDH is quite rare: most implementations just use RSA key exchange. OpenSSL 1.0.2 does support ECDH though. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] OID with length zero related bug
On Thu, Apr 09, 2015, Juan Antonio Osorio wrote: > Hi, > > I've recently encountered that OpenSSL is sending some unexpected errors > when reading X.509 certificate requests, if the key is not specified, or > the CSR is not signed. > Well if a key is not specified ot the CSR isn't signed then it isn't a valid CSR and OpenSSl should reject it. Previous versions included a bogus OID when generating such a CSR which meant it could be parsed (but it was still invalid). The encoder should really reject this and refuse to encode it but applications might not expect an error from the encoder. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] EC based certificates not supported in CMS - why?
Hi, currently openssl in CMS supports only RSA based certificates but EC based certificates are supported in openssl TLS... so I assume that there is already a code that can sing/verify and perform key agreement (ECKA-EG ECKA-DH) using eliptic curves. Can someone please tell me if this will be a lot of work to use that code in CMS in a way that CMS could work with EC based certificates? Backgroud: My company needs to support BSI requirements (more info can be found here chapter 8 https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-3.html ) and EC certificate is a must. We are now at the point where a decision will be made if we will implement everything by ourselves (which I would like to avoid) or we improve some existing open source crypto lib to support BSI requirements. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] OID with length zero related bug
Hi, I've recently encountered that OpenSSL is sending some unexpected errors when reading X.509 certificate requests, if the key is not specified, or the CSR is not signed. Now, this seems to happen because it now will specify a length=0 in the ASN.1 structure since the OID is not set (since the key is not specified). And I think this behaviour was introduced in this commit: 2e430277578d3dd586cd005682a54a59d6158146 So, when using asn1parse to read such a CSR, the section that would contain the key has BAD OBJECT, and will throw an error such as 'invalid object encoding' from 'c2i_ASN1_OBJECT' when the certificate is read or loaded. It used to be the case that it would return an OID 0.0 with length=1, but, like I said, this is not the case anymore. I'm using OpenSSL 1.0.2a. I reproduced this error while testing some code using pyOpenSSL. and here's how I reproduced it: http://pastebin.com/Ky1e8Gz0 the asn1parse dump of the CSR that causes the error looks like this: http://pastebin.com/2EvuaLsk While, in OpenSSL 1.0.1f, (the version where I tested this problem doesn't happen), it would look like this: http://pastebin.com/0vzu2zzx Now, I'm not sure how to actually report this bug, since I'm not sure if it's a bug related to the way the CSRs are being interpreted, or a bug related to how the ASN.1 structure is being written. Any insights? BR -- Juan Antonio Osorio R. e-mail: jaosor...@gmail.com ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
