[openssl-dev] 1.0.1r release not committed to git repo

2016-01-28 Thread John Foley 
I just cloned the OpenSSL git repo at 
git://git.openssl.org/openssl.git.  Looking at the OpenSSL_1_0_1-stable 
branch, the fix for CVE-2015-3197 still isn't in the repo.  The most 
recent commit is:


foleyj@hobknob:~/gitsync/ossl/openssl$ git log
commit 126ac21c80967ec00f802d356462c1b83fa0f54c
Author: Richard Levitte 
Date:   Tue Jan 19 20:35:41 2016 +0100

Fix BSD -rpath parameter

For BSD systems, Configure adds a shared_ldflags including a reference
to the Makefile variable LIBRPATH, but since it must be passed down to
Makefile.shared, care must be taken so the value of LIBRPATH doesn't
get expanded too early, or it ends up giving an empty string.

Reviewed-by: Viktor Dukhovni 
(cherry picked from commit c64879d3f3cc4c7f1c436a9fe3bd109847a23629)

Did someone forgot to push the commit after generating the 1.0.1r 
release today?



||




___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] 1.0.1r release not committed to git repo

2016-01-28 Thread Matt Caswell 


On 28/01/16 16:40, John Foley wrote:
> I just cloned the OpenSSL git repo at
> git://git.openssl.org/openssl.git.  Looking at the OpenSSL_1_0_1-stable
> branch, the fix for CVE-2015-3197 still isn't in the repo.  The most
> recent commit is:
> 
> foleyj@hobknob:~/gitsync/ossl/openssl$ git log
> commit 126ac21c80967ec00f802d356462c1b83fa0f54c
> Author: Richard Levitte 
> Date:   Tue Jan 19 20:35:41 2016 +0100
> 
> Fix BSD -rpath parameter
>
> For BSD systems, Configure adds a shared_ldflags including a reference
> to the Makefile variable LIBRPATH, but since it must be passed down to
> Makefile.shared, care must be taken so the value of LIBRPATH doesn't
> get expanded too early, or it ends up giving an empty string.
>
> Reviewed-by: Viktor Dukhovni 
> (cherry picked from commit c64879d3f3cc4c7f1c436a9fe3bd109847a23629)
> 
> Did someone forgot to push the commit after generating the 1.0.1r
> release today?

Oops. I failed to notice that the push had failed. Resolved now. Thanks.

Matt

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] OpenSSL Security Advisory

2016-01-28 Thread OpenSSL 
 with DH parameters shorter than 768 bits in
releases 1.0.2b and 1.0.1n.

This limit has been increased to 1024 bits in this release, to offer
stronger cryptographic assurance for all TLS connections using
ephemeral Diffie-Hellman key exchange.

OpenSSL 1.0.2 users should upgrade to 1.0.2f
OpenSSL 1.0.1 users should upgrade to 1.0.1r

The fix was developed by Kurt Roeckx of the OpenSSL development team.

Note


As per our previous announcements and our Release Strategy
(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL
version 1.0.1 will cease on 31st December 2016. No security updates for that
version will be provided after that date. Users of 1.0.1 are
advised to upgrade.

Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions
are no longer receiving security updates.

References
==

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20160128.txt

Note: the online version of the advisory may be updated with additional
details over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJWqiT1AAoJENnE0m0OYESR07gIAJ65FdP2oFR9pspmLh+iZ978
Q+1R8vShqUjkpE14gUOHaidgsU8l7HoR7v3mWFtv+XqBUp94ISOFeyt4B4jlDsHE
SSgO60zlnYha0KaOeRv/aH1quiWhx8bxNZ1HJbbwlxPclqmEplhXqoSEbVvOZKFZ
VPu8gmJg3fzdQpQT0eAZ/5ez6SMvIM1FO47FlqtstWgHSs0iq1scIr1LKNmH3uMZ
tmNmq5U/tTX/51eKYqFIrWXIeyHSiOTXRBUjnw4ybCiobklLH1qiEApJW6iPkOob
9WthtiyBVBxCpYpF8h4mQc3h77J/q4rLcL/b56sqMsHTV4ULhbN2VIUnzcuzIUI=
=Dfuh
-END PGP SIGNATURE-
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] 1.0.1r release not committed to git repo

2016-01-28 Thread John Foley 

Thank you.


On 01/28/2016 12:20 PM, Matt Caswell wrote:


On 28/01/16 16:40, John Foley wrote:

I just cloned the OpenSSL git repo at
git://git.openssl.org/openssl.git.  Looking at the OpenSSL_1_0_1-stable
branch, the fix for CVE-2015-3197 still isn't in the repo.  The most
recent commit is:

foleyj@hobknob:~/gitsync/ossl/openssl$ git log
commit 126ac21c80967ec00f802d356462c1b83fa0f54c
Author: Richard Levitte 
Date:   Tue Jan 19 20:35:41 2016 +0100

 Fix BSD -rpath parameter

 For BSD systems, Configure adds a shared_ldflags including a reference

 to the Makefile variable LIBRPATH, but since it must be passed down to
 Makefile.shared, care must be taken so the value of LIBRPATH doesn't
 get expanded too early, or it ends up giving an empty string.

 Reviewed-by: Viktor Dukhovni 

 (cherry picked from commit c64879d3f3cc4c7f1c436a9fe3bd109847a23629)

Did someone forgot to push the commit after generating the 1.0.1r
release today?

Oops. I failed to notice that the push had failed. Resolved now. Thanks.

Matt

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
.



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4278] DH_CHECK_PUBKEY_INVALID should be 0x4, not 0x3

2016-01-28 Thread David Benjamin via RT 
The recently-added DH_CHECK_PUBKEY_INVALID was set to 0x3, but
DH_CHECK_PUBKEY_* values are flags, so it should be 0x4 to avoid colliding
with DH_CHECK_PUBKEY_TOO_SMALL (0x01) and DH_CHECK_PUBKEY_TOO_LARGE (0x02).
See DH_check_pub_key's *ret |= logic.

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b128abc3437600c3143cb2145185ab87ba3156a2


(Also, that code is missing malloc failure checks on BN_set_word,
BN_sub_word, and BN_copy. Though I could believe the first two don't
actually end up calling malloc; I didn't check.)

David

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4252] [PATCH] Fix the inclusion of e_os2.h

2016-01-28 Thread Rich Salz via RT 
test was removed -- it hasn't been compiled in a very long time, and it is not
useful.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4277] DSAPublicKey should use dsa_cb in 1.1.0

2016-01-28 Thread Stephen Henson via RT 
Thanks for the report, fixed now.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] X509_V_FLAG_OCSP_CHECK

2016-01-28 Thread Anthony T CHOW 
On the openssl-user mailing list archive, I found this:

http://www.mail-archive.com/openssl-users@openssl.org/msg67721.html

On GitHub, I don't find this flag X509_V_FLAG_OCSP_CHECK

Seems like this proposed change is not merged into the Master branch.

Or, is it by default, OpenSSL will check for the certificate revocation using 
OCSP?

Thanks for the information,

Anthony.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] ECDH engine

2016-01-28 Thread Douglas E Engert 

  
  
I said in the note
  below: "(And not me. I am taking the 1.1 approach to getting ECDH.
  working in engine.) "
  
  Now that OpenSC's libp11 and engine_pkcs11 have code committed for
  use with OpenSSL-1.1-pre2 to use ECDH,
  I created patches for libp11 and engine_pkcs11 to use 1.0.2. This
  requires libp11 to be compiled with crypto/ecdh/ech_locl.h
  to gain access to the hidden ecdh_meth_st. This is only for
  OpenSSL-1.0.2, and does not require any changes to OpenSSL.
  This is more of a hack, and intended for anyone who can't wait for
  1.1, and I don't see this being added to the libp11,
  
  Pointers to the patches can be found:
  
   https://github.com/OpenSC/libp11/issues/49
  
  Comments welcome.
  
  (This does not address the issue  Alexander has with  using
software-generated
  ephemeral keys.)

On 1/27/2016 9:54 PM, Alexander Gostrer
  wrote:


  Hi Uri,

  
On Wed, Jan 27, 2016 at 9:30 AM,
  Blumenthal, Uri - 0553 - MITLL  wrote:
  


  

  

  Let me know if you have any questions
about these patches.

  

  

  
  
  
  My only questions
  at this time (I briefly looked at your patches
  only, haven’t looked at your engine at all) are:
  why you needed to add ECDH\generate key() to
  crypto/ech/ecdh_key.c,

  
   
  In the TLS-1.2 protocol (sl_srvr.c) the server
generates an ephemeral key pair for ECDH and sends the
public key in the server key exchange message (see
ssl3_send_server_key_exchange(SSL *s) function). It does
not use the private key until it gets the client public
key in the "ssl3_send_server_key_exchange(SSL *s)". Just
then it calls the "ECDH_compute_key()" with the client
public key and the server private key generated much
earlier. If I do not call this new function then the
openssl sends a software-generated ephemeral key to the
client. Adding this function was the simplest way to fix
the problem. On client everything happens in the same
function so it wasn't a problem.
 
  
  

   and what’s the
  purpose of enabling (*init)(EC_KEY
  *eckey) and
(*finish)(EC_KEY
  *eckey) in
  crypto/ecdh/ech_locl.h.

  
   
  I used "ecdh->meth->init(eckey)" in this new
"ECDH_generate_key(EC_KEY *eckey)" function to actually
generate the ephemeral pair. Probably should call it
"generate_key()" instead but again was trying to
minimize the impact. "finish()" was in the same package
- didn't use it.
 
  
  Regards,
  
  Alex.
  
  Sorry for delay: take some time to go over the code
to remember things :) 
  
  

  
  
  Thanks!
  
  
  
  
  

  

  

  On Wed, Jan 20,
2016 at 12:49 PM, Douglas E Engert 
  
wrote:

  When
I started to write the ECDSA code
for engine_pkcs11  in 2011 the code
to support the method hooks was not
in the code. So I used internal
OpenSSL header files to copy the
ECDSA_METHOD  and replace the
function needed.

Look for "BUILD_WITH_ECS_LOCL_H" in
libp11.  Not

[openssl-dev] [openssl.org #4277] DSAPublicKey should use dsa_cb in 1.1.0

2016-01-28 Thread David Benjamin via RT 
DSAPublicKey lost the dsa_cb in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1

This results in d2i_DSAPublicKey using crypto/asn1's default allocation
logic rather than calling into DSA_new. I believe it should
use ASN1_SEQUENCE_cb.

I've attached a tiny sample program. On my machine, when building against
master, the second reference count is 0 and then the second DSA_free
crashes.

Also, the comment in dsa_asn1.c and d2i_DSAPublicKey.pod both still refer
to write_params which no longer exists.

David



dsa_public_key.c
Description: Binary data
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

2016-01-28 Thread Short, Todd 
However, we’re talking about botnets. They do bad things, they don’t follow the 
rules. They can masquerade as the original sender and send additional data.

The received data held ought to be limited to the initial window of the 
connection, AND, since these are all original SYNs (pun intended) the server 
receiving the data ought to only be saving one packet worth of data (i.e. TFO 
queue), since the first data pack should be repeated (because it’s the initial 
data on the connection) on subsequent SYNs on the to-be established connection.

So, the problem isn’t other members of the botnet receiving cookies, because 
they can’t exceed the TFO queue, but multiple members of the botnet doing TFO 
on their own, and not responding to the SYN-ACK, potentially opening up 
thousands of embryonic sockets with thousands of bytes of data, which is what 
the original SYN-cookies were meant to prevent in the first place.

Regardless, this can happen with or without OpenSSL support, and any server 
that supports TFO is “Asking For Trouble”, IMHO.

While I personally don’t think that TFO should be supported anywhere for 
security reasons (it is “experimental”), there’s no reason to not support it in 
in OpenSSL.

On the other hand, if someone really wanted to support this, they could write 
their own BIO.

--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."

On Jan 27, 2016, at 2:32 PM, Viktor Dukhovni 
> wrote:

On Wed, Jan 27, 2016 at 07:20:04PM +, Salz, Rich wrote:

Please explain.  The traffic can only come from the party who initially obtains
the cookie in a full round-trip.  How does the botnet DoS some third party
with this?

Attacker wants to bring down an akamai host.  They connect to one of our
servers with the fast-open option and get the cookie.  They then spread
that cookie all over the internet and zillions of bots connect.

The connections need to be from the attacker's original IP address that
obtained the cookie.

Our server
spawns zillions of threads and starts to do some work, or the TCP queue
fills up.  I can't filter on IP address to stop the attack because the
client IP address is bogus.

The client IP address is not entirely "bogus", it is the IP address
of the client that obtained the cookie, otherwise the cookie is
not valid.  Block sending cookies to sources whose cookies are
abused.

Also note that the TFO queue length is limited, and most requests
will require a full round-trips when the request volume is high.

Anyway, this is not the right forum for TFO threat analysis that
has nothing to do with SSL.  We should add client-side support
for TFO.

--
Viktor.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] OpenSSL version 1.0.1r published

2016-01-28 Thread OpenSSL 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.0.1r released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.1r of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

http://www.openssl.org/news/openssl-1.0.1-notes.html

   OpenSSL 1.0.1r is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.1r.tar.gz
  Size: 4547786
  SHA1 checksum: d2cfa980ef4548da6079fa1e51fe1fb2e5a53e99
  SHA256 checksum: 
784bd8d355ed01ce98b812f873f8b2313da61df7c7b5677fcf2e57b0863a3346

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.0.1r.tar.gz
openssl sha256 openssl-1.0.1r.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJWqiPkAAoJENnE0m0OYESRcmgIAJidxSVl5K1TE23gWxVrj75z
tYY1YGGi+DjyYMJCxuXaKKZ/Yidhj8w3d+b0HnUs8r2YJNRjDQmh+BvGtA4FIgcq
WQlypzUL/hmyicdvhTz/Y0r3O0DNOpYFIrjkWGkJFiYYm2bZIwDqkx4UAImOM3r1
qh0SfUuILDsHhwsi/EMexmTNKOuqcXWc/UVy2a5q074Va7BRJnUvAApD/jBpZgdh
fIWOlVs1BnVE87wPddyXHK6UlyUd+5Zuc91ytvxYQayqx9D/t0AZ73isfzoE1jj9
dDS9H2+SJyN+WwJI1UUxZ8QthmPbnWwKpR733xtMUZ5r0M2e+V92eOgTNfcVvEI=
=AYwY
-END PGP SIGNATURE-
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] OpenSSL version 1.0.2f published

2016-01-28 Thread OpenSSL 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


   OpenSSL version 1.0.2f released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.0.2f of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

http://www.openssl.org/news/openssl-1.0.2-notes.html

   OpenSSL 1.0.2f is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file name is:

o openssl-1.0.2f.tar.gz
  Size: 5258384
  SHA1 checksum: 2047c592a6e5a42bd37970bdb4a931428110a927
  SHA256 checksum: 
932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c

   The checksums were calculated using the following commands:

openssl sha1 openssl-1.0.2f.tar.gz
openssl sha256 openssl-1.0.2f.tar.gz

   Yours,

   The OpenSSL Project Team.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJWqh5GAAoJENnE0m0OYESRsd8IALq/rtH2LTBSva5EahcoHWbp
wa/bcqnk84tWhBtFdsPY6bc842I7KUuajdlb/O/tKket/7XDBtO8Ud+xwajCDjUR
0Ui56bWUD6KzDCKOuarTQ2zSdrnbBvO20x4WZlpNQ67ZsEQ3DuSouTetFGRmNgfb
Te2BNteBZ//OGsqfvzuegbMbAuaePwwOO8XurNqwm4O1F1dphz7BuBx9IiCsHypa
ISmmx27WzGYUS30nQuseFTHj8wd++zaJVRX8xM/alqoDdOT6qkavqpVku8RhwKuZ
gnmeIXPRPzktYagQ1w+Py5ZGEIEZhvJpf/UQktuGw6xJ+D8PXC3D3i1Rth9UHIA=
=ITZs
-END PGP SIGNATURE-
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev