[openssl-dev] [openssl.org #3198] [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files
The last patches from this have now been applied so closing this ticket. Thanks! Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3198 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3580] [PATCH] Print correct help message (according to configure)
time has passed... nobody looked at this, sorry. fixed earlier by disabling those protocol versions :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3580 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b
On 6/3/16, 13:23 , "openssl-dev on behalf of Dan Kegel via RT" wrote: >1.02 then. (0.9.8 is fine. I'm ok with 1.0.0/1.0.1 remaining broken.) I compiled your death program, and confirm that it does abort on 1.0.2h. So presumably no fix is necessary there: $clang -I/opt/local/include -o t t.c -L/opt/local/lib -lssl -lcrypto $ ./t Abort trap: 6 >On Fri, Jun 3, 2016 at 10:08 AM, Rich Salz via RT wrote: >> Sorry, but 0.9.8 and 1.0.0 are end of life and getting no updates and >>1.0.1 is >> only getting security fixes at this time. >> >> -- >> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4559 >> Please log in as guest with password guest if prompted smime.p7s Description: S/MIME cryptographic signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b
1.02 then. (0.9.8 is fine. I'm ok with 1.0.0/1.0.1 remaining broken.) On Fri, Jun 3, 2016 at 10:08 AM, Rich Salz via RT wrote: > Sorry, but 0.9.8 and 1.0.0 are end of life and getting no updates and 1.0.1 is > only getting security fixes at this time. > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4559 > Please log in as guest with password guest if prompted > -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4559 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b
Sorry, but 0.9.8 and 1.0.0 are end of life and getting no updates and 1.0.1 is only getting security fixes at this time. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4559 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b
The commit
From: "Dr. Stephen Henson"
Date: Fri, 1 Apr 2011 15:46:03 +
Subject: [PATCH] Add additional OPENSSL_init() handling add dummy call to
(hopefully) ensure OPENSSL_init() is always linked into an application.
https://github.com/openssl/openssl/commit/c4acfb1fd049f52fb074b103be01cab5cf5c04f8
seems to have broken CRYPTO_set_mem_functions. After this commit,
CRYPTO_set_mem_functions() calls OPENSSL_init(), which calls
CRYPTO_malloc(), which sets `allow_customize` to 0, which is then
checked by CRYPTO_set_mem_functions(), which then returns without
doing anything.
See also earlier reports
http://openssl.6102.n7.nabble.com/CRYPTO-set-mem-functions-Doesn-t-Work-in-Version-1-0-1b-td46745.html
http://bugs.python.org/msg191610
The death test program
#include
#include
#include
void * my_alloc(size_t n) { abort(); }
void my_free(void *p) { abort(); }
void * my_realloc(void *p, size_t n) { abort(); }
int main(int argc, const char **argv)
{
const SSL_METHOD *method;
SSL_CTX *ctx;
CRYPTO_set_mem_functions(my_alloc, my_realloc, my_free);
SSL_library_init();
method = SSLv23_client_method();
ctx = SSL_CTX_new(method);
printf("Got ctx %p\n", ctx);
return 0;
}
aborts as expected on Ubuntu 10.04 with openssl0.9.8k, but blithely
prints a ctx with openssl 1.0.*.
The bug is probably not present in openssl-1.1.0-pre5, as the
offending code was removed by
https://github.com/openssl/openssl/commit/bbd86bf5424a611cb6b77a3a17fc522931c4dcb8
but a fix for 1.0.0 and 1.0.1 would be much appreciated.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4559
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4135] Fix for a multi-threading issue in policy cache creation
Commit 7d6df9e in master. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4135 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Inconsistency between implementation and docs in openssl cms
Manual page for “openssl cms” says: If the -decrypt option is used without a recipient certificate then an attempt is made to locate the recipient by trying each potential recipient in turn using the supplied private key. To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not and if no recipients match the message is "decrypted" using a random key which will typically output garbage. The -debug_decrypt option can be used to disable the MMA attack protection and return an error if no recipient can be found: this option should be used with caution. The first paragraph does not seem to be true - from what I observed, when no recipient is specified, the decryption always fails - in contradiction to the above. This is how I created an encrypted SMIME: $ openssl version OpenSSL 1.0.2h 3 May 2016 $ openssl cms -encrypt -aes256 -inform SMIME -in Cyph_Bot_test.eml -outform SMIME -out Cyph_Bot_test.smime.eml -subject SMIME_ECC ~/Documents/Certs/me_mouse_yubi_9d_.pem Decryption with explicitly specified -recip works: $ openssl cms -engine pkcs11 -keyform engine -decrypt -aes256 -inform SMIME -in Cyph_Bot_test.smime.eml -outform SMIME -out Cyph_Bot_test.decrypt.eml -recip ~/Documents/Certs/me_mouse_yubi_9d_.pem -inkey "pkcs11:object=KEY%20MAN%20key;object-type=private" engine "pkcs11" set. PKCS#11 token PIN: $ tail Cyph_Bot_test.decrypt.eml Message-id: Date: Sun, 02 Jun 2013 00:56:22 -0400 To: Cloud Mouse MIME-version: 1.0 (1.0) X-Mailer: iPad Mail (10B329) 4DFJ3ECyu3XQmJJtPTXp1HJXeCSFnmL8euXcOSc1NGmDm9fqgR0RU+s0Rl1oggUJ But the same decryption fails when -recip is omitted: $ openssl cms -engine pkcs11 -keyform engine -decrypt -aes256 -inform SMIME -in Cyph_Bot_test.smime.eml -outform SMIME -out Cyph_Bot_test.decrypt1.eml -inkey "pkcs11:object=KEY%20MAN%20key;object-type=private" engine "pkcs11" set. PKCS#11 token PIN: Error decrypting CMS structure 140735083847760:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: $ Adding -debug_decrypt flag reveals the problem: $ openssl cms -engine pkcs11 -keyform engine -decrypt -debug_decrypt -aes256 -inform SMIME -in Cyph_Bot_test.smime.eml -outform SMIME -out Cyph_Bot_test.decrypt1.eml -inkey "pkcs11:object=KEY%20MAN%20key;object-type=private" engine "pkcs11" set. PKCS#11 token PIN: Error decrypting CMS using private key 140735083847760:error:2E072084:CMS routines:CMS_decrypt_set1_pkey:no matching recipient:cms_smime.c:661: $ Either the decryptor fails to properly determine the match (and should be fixed), or the documentation is wrong (ad should be edited). -- Regards, Uri Blumenthal smime.p7s Description: S/MIME cryptographic signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4557] Nit: temporary files left over after [master:8d054a5] installation process
Thank you! Found the tests that generated this and made sure the temporary files get removed. Please get a fresh checkout of the master branch and check again. Closing this ticket. Cheers, Richard On Thu Jun 02 15:50:32 2016, stef...@sdaoden.eu wrote: > Yep: > > -rw--- 1 steffen steffen 1848 Jun 2 14:46 VhXl383LiQ > -rw--- 1 steffen steffen 1612 Jun 2 14:46 F1RkvxEZi0 > -rw--- 1 steffen steffen 1848 Jun 2 14:46 qg_wML0XIF > -rw--- 1 steffen steffen 1848 Jun 2 14:46 4MUN7KIs69 > -rw--- 1 steffen steffen 1840 Jun 2 14:46 fU_zMQI7Wb > -rw--- 1 steffen steffen 1848 Jun 2 14:46 gbNE7UjUAJ > -rw--- 1 steffen steffen 1848 Jun 2 14:46 P2Vff7Duiz > -rw--- 1 steffen steffen 1840 Jun 2 14:46 3E_oztoePh > > ;do head -n 1 $i; done: > > -BEGIN SSL SESSION PARAMETERS- > -BEGIN SSL SESSION PARAMETERS- > -BEGIN SSL SESSION PARAMETERS- > -BEGIN SSL SESSION PARAMETERS- > -BEGIN SSL SESSION PARAMETERS- > -BEGIN SSL SESSION PARAMETERS- > -BEGIN SSL SESSION PARAMETERS- > -BEGIN SSL SESSION PARAMETERS- > > --steffen > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4557 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] DTLS retransmission api
On 03/06/16 12:19, Matt Caswell wrote: On 03/06/16 10:52, Alfred E. Heggestad wrote: Hi Matt, thanks for the suggested API and code. Please find below a suggested patch that implements this new callback. the patch is based on 1.0.2-dev from GIT: url: git://git.openssl.org/openssl.git branch: origin/OpenSSL_1_0_2-stable I have renamed "timeout_duration" on purpose, since the units have changed from "seconds" to "milliseconds". Hi Alfred Thanks for the submission. In order to ease the review process please read this file for some guidance on how to submit patches: https://github.com/openssl/openssl/blob/master/CONTRIBUTING The preferred way is via github because it makes it much easier for us to comment on the code in detail and provide feedback. I've not looked at your code in detail yet (I'll wait until I see the submission come in via github (or RT if you choose to go that way - see CONTRIBUTING)). I'll make a few high-level points though: - Because this is a new feature you need to create it from the master branch in git not the 1.0.2 branch. 1.0.2 is a stable branch and only receives bug fixes. - We are currently focussing on the 1.1.0 release which is now in feature freeze, so it may be a while before we get to look at it. - All new features must have documentation with them. Take a look at the existing pod files in the doc directory for some examples of our style. thanks, I have created a new PR: https://github.com/openssl/openssl/pull/1160 /alfred -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4393] [PATCH] Call EC_GROUP_order_bits in priv2opt.
Merge RT4241 here as these are best handled together. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4393 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] DTLS retransmission api
On 03/06/16 10:52, Alfred E. Heggestad wrote: > Hi Matt, > > thanks for the suggested API and code. Please find below a suggested > patch that implements this new callback. > > > the patch is based on 1.0.2-dev from GIT: > > url: git://git.openssl.org/openssl.git > branch: origin/OpenSSL_1_0_2-stable > > > I have renamed "timeout_duration" on purpose, since the units have > changed from "seconds" to "milliseconds". Hi Alfred Thanks for the submission. In order to ease the review process please read this file for some guidance on how to submit patches: https://github.com/openssl/openssl/blob/master/CONTRIBUTING The preferred way is via github because it makes it much easier for us to comment on the code in detail and provide feedback. I've not looked at your code in detail yet (I'll wait until I see the submission come in via github (or RT if you choose to go that way - see CONTRIBUTING)). I'll make a few high-level points though: - Because this is a new feature you need to create it from the master branch in git not the 1.0.2 branch. 1.0.2 is a stable branch and only receives bug fixes. - We are currently focussing on the 1.1.0 release which is now in feature freeze, so it may be a while before we get to look at it. - All new features must have documentation with them. Take a look at the existing pod files in the doc directory for some examples of our style. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] DTLS retransmission api
On 02/06/16 16:03, Matt Caswell wrote:
On 02/06/16 14:33, Alfred E. Heggestad wrote:
On 01/06/16 13:58, Matt Caswell wrote:
On 01/06/16 11:15, Alfred E. Heggestad wrote:
hi,
we are using DTLS from OpenSSL to implement DTLS-SRTP in our
product (Wire.com) .. The code and implementation works really well
and is very robust. We are using OpenSSL version 1.0.2g
since our product is deployed globally on mobile data networks,
we have quite variable latency and packetloss. The patch below
shows my working code, it has an initial retransmit timeout
of 400 ms which is incrementing by 10% for every re-trans.
obviously this patch cannot make it into the official tree.
but I would like to discuss with you guys the option to
add some kind of API for:
- Setting the initial RTO for DTLS (in milliseconds).
- Setting the retransmit policy for DTLS, i.e. should it
double or increment by X for every re-trans.
I think an API for that would be a great idea. Perhaps a callback could
be used so that you can set exactly the policy you want?
Thank you, Matt
I can work on a patch for this, if you guys can help me to define
the API.
I think we only need one CTRL api to set the next re-transmit
interval. then in the application code that calls this:
- DTLSv1_handle_timeout
- DTLSv1_get_timeout
can also call DTLS_set_retrans_interval(400)
I'm not sure I follow you. I was thinking something like:
int DTLS_set_timer_cb(SSL *s, int (*cb)(SSL *s, int timer));
Then where in the current code we have:
dtls1_double_timeout(s);
We might instead do
if(s->d1->timer_cb != NULL)
s->d1->timeout_duration = timer_cb(s, s->d1->timeout_duration);
else
dtls1_double_timeout(s);
And in dtls1_start_timer() where we have:
/* If timer is not set, initialize duration with 1 second */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec
== 0) {
s->d1->timeout_duration = 1;
}
Instead have:
/* If timer is not set, initialize duration with 1 second */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec
== 0) {
if (s->d1->timer_cb != NULL)
s->d1->timeout_duration = s->d1_timeout_cb(s, 0);
else
s->d1->timeout_duration = 1;
}
Hi Matt,
thanks for the suggested API and code. Please find below a suggested
patch that implements this new callback.
the patch is based on 1.0.2-dev from GIT:
url: git://git.openssl.org/openssl.git
branch: origin/OpenSSL_1_0_2-stable
I have renamed "timeout_duration" on purpose, since the units have
changed from "seconds" to "milliseconds".
From e6c9fbe470ab1901010e90b727313ebc7875b40f Mon Sep 17 00:00:00 2001
From: "Alfred E. Heggestad"
Date: Fri, 3 Jun 2016 11:31:45 +0200
Subject: [PATCH] add support for DTLS callback for timeout value
---
ssl/d1_lib.c | 45 +
ssl/dtls1.h | 9 +++--
ssl/ssl.h| 4
3 files changed, 48 insertions(+), 10 deletions(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index ee78921..235635a 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -240,6 +240,8 @@ void dtls1_clear(SSL *s)
unsigned int link_mtu;
if (s->d1) {
+dtls_timer_cb *timer_cb = s->d1->timer_cb;
+
unprocessed_rcds = s->d1->unprocessed_rcds.q;
processed_rcds = s->d1->processed_rcds.q;
buffered_messages = s->d1->buffered_messages;
@@ -252,6 +254,9 @@ void dtls1_clear(SSL *s)
memset(s->d1, 0, sizeof(*(s->d1)));
+/* Restore the timer callback from previous state */
+s->d1->timer_cb = timer_cb;
+
if (s->server) {
s->d1->cookie_len = sizeof(s->d1->cookie);
}
@@ -359,6 +364,8 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
void dtls1_start_timer(SSL *s)
{
+struct timeval diff;
+
#ifndef OPENSSL_NO_SCTP
/* Disable timer for SCTP */
if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
@@ -367,16 +374,24 @@ void dtls1_start_timer(SSL *s)
}
#endif
-/* If timer is not set, initialize duration with 1 second */
+/* If timer is not set, initialize duration with 1 second or
+ * a user-specified value if the timer callback is installed. */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
-s->d1->timeout_duration = 1;
+
+if (s->d1->timer_cb != NULL)
+s->d1->timeout_duration_ms = s->d1->timer_cb(s, 1000);
+else
+s->d1->timeout_duration_ms = 1000;
}
/* Set timeout to current time */
get_current_time(&(s->d1->next_timeout));
/* Add duration to current time */
-s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+diff.tv_sec = s->d1->timeout_duration_ms / 1000;
+diff.tv_usec = (s->d1->timeout_duration_ms % 1000) * 1000;
+timeradd(&s->d1->next_timeout, &diff, &s->d1->next_timeout);
+
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT,
Re: [openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter?
Hi, > I'm aware it doesn't affect anything because the caller shouldn't process > more than 2^32 * 64 bytes per key/nonce setup anyway. > > I was just wondering because it differs from the s390 asm implementation > (and whether there is a particular reason to do so). Implementation is harmonized with subroutine name now, case is being dismissed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4512 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
