[openssl-dev] [openssl.org #4566] Re: Fatal error: Command failed for target `link_shlib.solaris'

2016-06-13 Thread Rich Salz via RT 
closing as requested by OP

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4566
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4566] Re: Fatal error: Command failed for target `link_shlib.solaris'

2016-06-13 Thread noloa...@gmail.com via RT 
Close. It looks like it was cleared with Commit
5ec84dd75f7965942a55ef5382aa34b8417336c5.


On Mon, Jun 13, 2016 at 4:12 PM, Jeffrey Walton  wrote:
> Just pulled latest source (Camellia changes):
>
> $ git rev-parse HEAD
> 96d06c213d5a2c1af42dd3b5d7bcc4a65df90738
>
> Config OK, Make fails at. Verified twice:
>
> SHOBJECTS="./libcrypto.a "; ( :;LIBDEPS="${LIBDEPS:--lresolv
> -lsocket -lnsl -ldl}";  SHAREDCMD="${SHAREDCMD:-gcc}";
> SHAREDFLAGS="${SHAREDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG
> -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
> -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
> -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\""
> -DENGINESDIR="\"/usr/local/lib/engines\"" -m64 -Wall -DL_ENDIAN -O3
> -pthread -DFILIO_H  -Wa,--noexecstack -fPIC -m64 -shared
> -static-libgcc}";  LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed
> -e 's/^ *-L//;t' -e d | uniq`;  LIBPATH=`echo $LIBPATH | sed -e 's/
> /:/g'`;  echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH  ${SHAREDCMD}
> ${SHAREDFLAGS}  -o ./$SHLIB$SHLIB_SOVER$SHLIB_SUFFIX  $ALLSYMSFLAGS
> $SHOBJECTS $NOALLSYMSFLAGS $LIBDEPS;
> LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH  ${SHAREDCMD} ${SHAREDFLAGS}
>  -o ./$SHLIB$SHLIB_SOVER$SHLIB_SUFFIX  $ALLSYMSFLAGS $SHOBJECTS
> $NOALLSYMSFLAGS $LIBDEPS  ) && if [ -n "$INHIBIT_SYMLINKS" ]; then :;
> else  prev=$SHLIB$SHLIB_SOVER$SHLIB_SUFFIX;  if [ -n "$SHLIB_COMPAT"
> ]; then  for x in $SHLIB_COMPAT; do  ( :; rm -f
> ./$SHLIB$x$SHLIB_SUFFIX;  ln -s $prev ./$SHLIB$x$SHLIB_SUFFIX );
> prev=$SHLIB$x$SHLIB_SUFFIX;  done;  fi;  if [ -n "$SHLIB_SOVER" ];
> then  ( :; rm -f ./$SHLIB$SHLIB_SUFFIX;  ln -s $prev
> ./$SHLIB$SHLIB_SUFFIX );  fi;  fi
> make: Fatal error: Command failed for target `link_shlib.solaris'
> Current working directory /export/home/jwalton/openssl
> *** Error code 1
> make: Fatal error: Command failed for target `libcrypto.so'
>
> **
>
> $ ./config
> Operating system: i86pc-whatever-solaris2
> Configuring for solaris64-x86_64-gcc
> Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
> no-asan [default]  OPENSSL_NO_ASAN (skip dir)
> no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
> no-crypto-mdebug-backtrace [default]
> OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
> no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
> dir)
> no-egd  [default]  OPENSSL_NO_EGD (skip dir)
> no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL (skip dir)
> no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER (skip dir)
> no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
> no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
> no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
> no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
> no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
> no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
> no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
> no-ubsan[default]  OPENSSL_NO_UBSAN (skip dir)
> no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
> no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
> no-zlib [default]
> no-zlib-dynamic [default]
> Configuring for solaris64-x86_64-gcc
> CC=gcc
> CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H  -Wa,--noexecstack
> SHARED_CFLAG  =-fPIC
> DEFINES   =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS
> OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2
> OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM
> SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM
> ECP_NISTZ256_ASM POLY1305_ASM
> LFLAG =
> PLIB_LFLAG=
> EX_LIBS   =-lresolv -lsocket -lnsl -ldl
> APPS_OBJ  =
> CPUID_OBJ =x86_64cpuid.o
> UPLINK_OBJ=
> BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o
> x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
> EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
> DES_ENC   =des_enc.o fcrypt_b.o
> AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o
> aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o
> aesni-mb-x86_64.o
> BF_ENC=bf_enc.o
> CAST_ENC  =c_enc.o
> RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
> RC5_ENC   =rc5_enc.o
> MD5_OBJ_ASM   =md5-x86_64.o
> SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
> sha1-mb-x86_64.o sha256-mb-x86_64.o
> RMD160_OBJ_ASM=
> CMLL_ENC  =cmll-x86_64.o cmll_misc.o
> MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
> PADLOCK_OBJ   =e_padlock-x86_64.o
> CHACHA_ENC=chacha-x86_64.o
> POLY1305_OBJ  =poly1305-x86_64.o
> BLAKE2_OBJ=
> PROCESSOR =
> RANLIB=ranlib
> ARFLAGS   =
> PERL  =/usr/local/bin/perl
>
> SIXTY_FOUR_BIT_LONG

[openssl-dev] [openssl.org #3454] remove OPENSSL_SYS_WIN constraint for EC_GFp_nistp224_method()

2016-06-13 Thread Rich Salz via RT 
fixed in master with commit b4b576d thanks!

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3454
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

2016-06-13 Thread paul.d...@oracle.com via RT 
No, I didn't create an exploit.

If the number of packets is limited to something that small, there won't be an 
issue.
It still seems like pqueue out to be excised from the source base and replace 
with something simpler.


Regards,

Pauli

-- 
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption 
Phone +61 7 3031 7217
Oracle Australia

-Original Message-
From: David Benjamin via RT [mailto:r...@openssl.org] 
Sent: Tuesday, 14 June 2016 2:16 AM
To: Paul Dale 
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4558] Performance issue with DTLS 
packet reassembly

On Mon, Jun 13, 2016 at 4:04 AM Matt Caswell via RT  wrote:

> On Thu Jun 02 23:24:44 2016, paul.d...@oracle.com wrote:
> > The DTLS packet reassembly code has a performance problem that could 
> > result in a DoS attack being possible.
> >
> >
> >
> > The DTLS packet reassembly uses the data structure defined in 
> > ssl/pqueue.c for the purpose (it is the only user of this data 
> > structure that I can find). This source file implements a priority 
> > queue using a singly linked list. This means O(n^2) worst case 
> > complexity, where n is the number of fragments. A better, and in 
> > fact optimal, solution would be to use a heap for the purpose giving 
> > O(n log n) worst case complexity. Doing this would prevent a 
> > potential DoS attack.
> >
> >
> >
> > The attack would consist of fragmenting the DTLS stream into as many 
> > small packets as possible and sending them in sequential order. Each 
> > fragment will require a complete traversal of the list to be added.
> > Continue sending these as long as the DoS is wanted. For reference, 
> > changing the list search method or ordering won't prevent such an 
> > attack, it just means a different packet ordering is required.
> >
> >
> >
> > Tim Hudson suggested I submit this even though I haven't been able 
> > to find time to craft a patch.
>

Were you able to reproduce this performance problem? Note that N is at most
10 here. Assuming the DTLS packet reassembly code manages its queue correctly 
(It's rather buggy, but I forget if this was one of its problems.
I eventually gave up trying to digest it and rewrote it from scratch on our 
end.), this check will ensure the queue size is tightly bounded:

https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/statem/statem_dtls.c;h=d75483af6d40ad4c6ed9137eba8a7382a3b0ef0a;hb=HEAD#l634

It could probably be brought down a hair further too. There's no need to buffer 
more than the maximum number of messages in a supported handshake flight.

(pqueue is still a silly data structure to be using here. A fixed-size ring 
buffer would be better. Or just a boring array since memmove on 10 pointers is 
cheap. But it's not hugely important.)

David

--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4558
Please log in as guest with password guest if prompted


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4558
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3772] Bug: Only ActivePerl could be used to build on Windows

2016-06-13 Thread Richard Levitte via RT 
Apologies for the delay before responding.

I believe we have fixed that by replacing 'chomp' with 's|\R$||' in the master
branch.

It this is still an issue, please open a new ticket.

Cheers,
Richard

On Mon Mar 30 07:51:29 2015, esado...@eniks.com wrote:
> It is well known issue with build on Windows: It requires ActivePerl
> to
> correctly create configuration.
> Every other Perl implementation fails to execute correctly. The reason
> it
> fails outlined in this report:
> https://github.com/openssl/openssl/issues/174
> Although it is stated that only cloned code exhibits this behavior I
> believe
> it also happens when Git or Strawberry Perl is being used for build of
> official releases.
>
> As suggested in the comments adding $/= "\r\n"; line to Perl script
> fixes this
> issue for every other Perl implementation.
> I've successfully built openssl with Perl distributed with Git as well
> as
> Strawberry Perl.


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3772
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3922] Bug: EVP_get_digestbynid() does not support ECDSA

2016-06-13 Thread Rich Salz via RT 
Ah, the endless confusion of cipher vs signature NID's :)

closing ticket.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3922
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2337] [PATCH] Openssl asm BN/AES/SHA1 acceleration for SH4 and MIPS32

2016-06-13 Thread Rich Salz via RT 
We don't have SH hardware, and the MIPS code is already more improved. Sorry we
took so long to get to this.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2337
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3699] openssl-1.0.2, fips sparc multiply defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

2016-06-13 Thread Stuart Kemp via RT 
This works.
Code compiles fine now, using openssl-1.0.2h.tar.gz and 
openssl-fips-ecp-2.0.10.tar.gz, and all FIPS self-tests complete with 0 errors.

-Original Message-
From: Andy Polyakov via RT [mailto:r...@openssl.org] 
Sent: Wednesday, February 03, 2016 5:46 AM
To: Stuart Kemp 
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #3699] openssl-1.0.2, fips sparc 
multiply defined _sparcv9_vis1_instrument_bus, _sparcv9_vis1_instrument_bus2

>> Sorry, we can't touch the FIPS code any more without sponsorship.
> 
> Though if this is still a problem a workaround is to rename the symbols on the
> OpenSSL side outside the FIPS code.

Another possibility is to add .weak directives to sparccpuid.S so that
linker can tolerate multiple symbols.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3699
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4565] Fatal error: Command failed for target `link_shlib.solaris'

2016-06-13 Thread noloa...@gmail.com via RT 
Just pulled latest source (Camellia changes):

$ git rev-parse HEAD
96d06c213d5a2c1af42dd3b5d7bcc4a65df90738

Config OK, Make fails at. Verified twice:

SHOBJECTS="./libcrypto.a "; ( :;LIBDEPS="${LIBDEPS:--lresolv
-lsocket -lnsl -ldl}";  SHAREDCMD="${SHAREDCMD:-gcc}";
SHAREDFLAGS="${SHAREDFLAGS:--DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
-DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\""
-DENGINESDIR="\"/usr/local/lib/engines\"" -m64 -Wall -DL_ENDIAN -O3
-pthread -DFILIO_H  -Wa,--noexecstack -fPIC -m64 -shared
-static-libgcc}";  LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed
-e 's/^ *-L//;t' -e d | uniq`;  LIBPATH=`echo $LIBPATH | sed -e 's/
/:/g'`;  echo LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH  ${SHAREDCMD}
${SHAREDFLAGS}  -o ./$SHLIB$SHLIB_SOVER$SHLIB_SUFFIX  $ALLSYMSFLAGS
$SHOBJECTS $NOALLSYMSFLAGS $LIBDEPS;
LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH  ${SHAREDCMD} ${SHAREDFLAGS}
 -o ./$SHLIB$SHLIB_SOVER$SHLIB_SUFFIX  $ALLSYMSFLAGS $SHOBJECTS
$NOALLSYMSFLAGS $LIBDEPS  ) && if [ -n "$INHIBIT_SYMLINKS" ]; then :;
else  prev=$SHLIB$SHLIB_SOVER$SHLIB_SUFFIX;  if [ -n "$SHLIB_COMPAT"
]; then  for x in $SHLIB_COMPAT; do  ( :; rm -f
./$SHLIB$x$SHLIB_SUFFIX;  ln -s $prev ./$SHLIB$x$SHLIB_SUFFIX );
prev=$SHLIB$x$SHLIB_SUFFIX;  done;  fi;  if [ -n "$SHLIB_SOVER" ];
then  ( :; rm -f ./$SHLIB$SHLIB_SUFFIX;  ln -s $prev
./$SHLIB$SHLIB_SUFFIX );  fi;  fi
make: Fatal error: Command failed for target `link_shlib.solaris'
Current working directory /export/home/jwalton/openssl
*** Error code 1
make: Fatal error: Command failed for target `libcrypto.so'

**

$ ./config
Operating system: i86pc-whatever-solaris2
Configuring for solaris64-x86_64-gcc
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x1016L)
no-asan [default]  OPENSSL_NO_ASAN (skip dir)
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [default]
OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd  [default]  OPENSSL_NO_EGD (skip dir)
no-fuzz-afl [default]  OPENSSL_NO_FUZZ_AFL (skip dir)
no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER (skip dir)
no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default]  OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
no-ubsan[default]  OPENSSL_NO_UBSAN (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default]
no-zlib-dynamic [default]
Configuring for solaris64-x86_64-gcc
CC=gcc
CFLAG =-m64 -Wall -DL_ENDIAN -O3 -pthread -DFILIO_H  -Wa,--noexecstack
SHARED_CFLAG  =-fPIC
DEFINES   =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2
OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM
SHA256_ASM SHA512_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM
ECP_NISTZ256_ASM POLY1305_ASM
LFLAG =
PLIB_LFLAG=
EX_LIBS   =-lresolv -lsocket -lnsl -ldl
APPS_OBJ  =
CPUID_OBJ =x86_64cpuid.o
UPLINK_OBJ=
BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o
x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
DES_ENC   =des_enc.o fcrypt_b.o
AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o
aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o
aesni-mb-x86_64.o
BF_ENC=bf_enc.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
RC5_ENC   =rc5_enc.o
MD5_OBJ_ASM   =md5-x86_64.o
SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
sha1-mb-x86_64.o sha256-mb-x86_64.o
RMD160_OBJ_ASM=
CMLL_ENC  =cmll-x86_64.o cmll_misc.o
MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
PADLOCK_OBJ   =e_padlock-x86_64.o
CHACHA_ENC=chacha-x86_64.o
POLY1305_OBJ  =poly1305-x86_64.o
BLAKE2_OBJ=
PROCESSOR =
RANLIB=ranlib
ARFLAGS   =
PERL  =/usr/local/bin/perl

SIXTY_FOUR_BIT_LONG mode

Configured for solaris64-x86_64-gcc.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4565
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

2016-06-13 Thread noloa...@gmail.com via RT 
On Mon, Jun 13, 2016 at 12:32 PM, Matt Caswell via RT  wrote:
> On Wed Jun 01 22:20:38 2016, matt wrote:
>> Hi Jeff
>>
>> Please could you try the attached patch?
>
>
> Jeff confirmed to me that the patch solved the problem. Pushed as commit
> 25b9d11c0.

Confirmed.

Its a good, clean patch. It detects the [odd] condition and and acts
appropriately. In my mind's eye, that's a successful self test. I
think the project should keep it as a PASS.

Jeff


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2969] bug/enchancement request

2016-06-13 Thread Rich Salz via RT 
sorry to take so long to look at this. believe fixed in 1.1. open a new ticket
if not.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2969
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2969] bug/enchancement request

2016-06-13 Thread Rich Salz via RT 
sorry to take so long to look at this. believe fixed in 1.1. open a new ticket
if not.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2969
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4564] BUG: Deadlock in OpenSSL with OpenSSL 1.0.1j and later (including 1.0.2h) with multiple long lived connections

2016-06-13 Thread Quanah Gibson-Mount via RT 
Since moving to the OpenSSL 1.0.1+ series, we've been experiencing sporadic 
deadlocks in OpenLDAP inside of OpenSSL.  I'm not sure exactly when the 
problem was introduced, but we never encountered it with the 1.0.0 series, 
and 1.0.1j was what we moved to when we switched to the 1.0.1 series.

To reproduce the problem:

a) Deploy OpenLDAP with 3-node Multi-master or greater using persistent 
connections.  StartTLS should be used as a part of the replication 
agreement configuration.  The issue only occurs if there are 2+ replication 
agreements per master node, thus the requirements for 3-node multimaster or 
greater.

b) Let time pass.  Eventually, slapd will grind to a complete halt. 
Alternatively, after some period of time, shut down slapd, and it will lock 
up in OpenSSL.  netstat does not show any sockets with queued data waiting.

Unfortuantely, I can't give greater detail than this because I'm not sure 
how to check if we've entered the error state or not.  However, given 
enough time, the problem is 100% producible (I.e., if I leave OpenLDAP 
running long enough).  Again, this never occurs in a 2-node MMR setup, 
where there is only a single long-lived replication agreement.

A backtrace of slapd that's locked up during shutdown shows that multiple 
threads are waiting to read bytes that it believes it never received.  This 
this backtrace, for example, thread 4 is waiting for other threads to 
finish so it can complete the shutdown of slapd.  Threads 2 & 3 are both 
waiting to read bytes on the socket:

Thread 4 (Thread 0x7f146ac9d700 (LWP 16805)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x7f3c70fe8171 in ldap_pvt_thread_cond_wait (cond=0x1fa0038,
mutex=0x1fa0010) at thr_posix.c:277
No locals.
#2  0x7f3c70fe63c2 in ldap_pvt_thread_pool_destroy (tpool=0x7618c0
, run_pending=1) at tpool.c:817
pool = 0x1f763c0
pptr = 0x1f763c0
pq = 0x1fa
task = 0x7f3c716a61c8
i = 0
#3  0x00438967 in slapd_daemon_task (ptr=0x1d7bce8) at daemon.c:2829
l = 3
last_idle_check = 1464372736
ebadf = 0
tid = 0
#4  0x7f3c70552184 in start_thread (arg=0x7f146ac9d700) at
pthread_create.c:312
__res = 
pd = 0x7f146ac9d700
now = 
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139725667686144,
-1093867468031317215, 0, 0, 139725667686848, 139725667686144,
1078920827726146337, 1056426161274956577},
  mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, 
data =
{prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 
pagesize_m1 = 
sp = 
freesize = 
__PRETTY_FUNCTION__ = "start_thread"
#5  0x7f3c7027f37d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.

Thread 3 (Thread 0x7f1468498700 (LWP 16810)):
#0  0x7f3c705593ad in read () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1  0x7f3c70dd2435 in sb_stream_read (sbiod=0x5d36630, buf=0x5a3c057,
len=433) at sockbuf.c:490D0D
__PRETTY_FUNCTION__ = "sb_stream_read"
#2  0x7f3c70dd2e56 in sb_debug_read (sbiod=0x5d36d20, buf=0x5a3c057,
len=433) at sockbuf.c:829
ret = 79
ebuf = 
"PjIh\024\177\000\000\017\000\000\000\000\000\000\000`\016\000\000\000\000\000\000'\000\000\000\000\000\000\000\250\062H\004\000\000\000\000'\000\000\000\000\000\000\000\240\361H\004\000\000\000\000P\026u\016\000\000\000\000\000\001\000\000\000\000\000\000\001\350#p<\177\000\000\000\000\000\000\000\000\000\0006364\037\000\000\000\000\000\000\006\000\000\000\000\000\000\000hxIh\t\000\000\000\300lIh\024\177\000\000\220jIh\024\177\000"
#3  0x7f3c7101ebd1 in tlso_bio_read (b=0x5a93110,
buf=0x5a3c057 
"\004\areqType1\b\004\006modify02\004\005reqDN1)\004'uid=gtillman,ou=people,dc=zimbra,dc=com0\201\317\004\006reqMod1\201\304\004:zimbraAuthTokens:-
1988626989|1464372357970|8.7.0_RC1_1601\004\063entryCSN:=
20160527182235.762156Z#00#003#00\004."..., len=433) at tls_o.c:721
p = 0x5a6caa0
ret = 79
#4  0x7f3c6f19988b in BIO_read () from
/opt/zimbra/common/lib/libcrypto.so.1.0.0
No symbol table info available.
#5  0x7f3c6f501ffc in ssl3_read_n () from
/opt/zimbra/common/lib/libssl.so.1.0.0
No symbol table info available.
#6  0x7f3c6f503ebf in ssl3_read_bytes () from
/opt/zimbra/common/lib/libssl.so.1.0.0
No symbol table info available.
#7  0x7f3c6f50033b in ssl3_read () from
/opt/zimbra/common/lib/libssl.so.1.0.0
No symbol table info available.
#8  0x7f3c7101f093 in tlso_sb_read (sbiod=0x5d382e0, buf=0xcb4f93f, 
len=8)
at tls_o.c:881
p = 0x5a6caa0
ret = 635655159814
err = 28
__PRETTY_FUNCTION__ = "tlso_sb_read"
#9  0x7f3c70dd2e56 in sb_debug_read (sbiod=0x5d37800, buf=0xcb4f93f, 
len=8)
at sockbuf.c:829
ret = 0
ebuf =

[openssl-dev] [openssl.org #597] SSL_set_session() problem (?)

2016-06-13 Thread Matt Caswell via RT 
Fixed in commit e70656cf1c.

Closing ticket.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=597
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4434] Gentoo 13, x86_64: 4 failed self tests

2016-06-13 Thread Matt Caswell via RT 
On Wed Jun 01 22:20:38 2016, matt wrote:
> Hi Jeff
>
> Please could you try the attached patch?


Jeff confirmed to me that the patch solved the problem. Pushed as commit
25b9d11c0.

Closing ticket.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

2016-06-13 Thread David Benjamin via RT 
On Mon, Jun 13, 2016 at 4:04 AM Matt Caswell via RT  wrote:

> On Thu Jun 02 23:24:44 2016, paul.d...@oracle.com wrote:
> > The DTLS packet reassembly code has a performance problem that could
> > result in a DoS attack being possible.
> >
> >
> >
> > The DTLS packet reassembly uses the data structure defined in
> > ssl/pqueue.c for the purpose (it is the only user of this data
> > structure that I can find). This source file implements a priority
> > queue using a singly linked list. This means O(n^2) worst case
> > complexity, where n is the number of fragments. A better, and in fact
> > optimal, solution would be to use a heap for the purpose giving O(n
> > log n) worst case complexity. Doing this would prevent a potential
> > DoS attack.
> >
> >
> >
> > The attack would consist of fragmenting the DTLS stream into as many
> > small packets as possible and sending them in sequential order. Each
> > fragment will require a complete traversal of the list to be added.
> > Continue sending these as long as the DoS is wanted. For reference,
> > changing the list search method or ordering won't prevent such an
> > attack, it just means a different packet ordering is required.
> >
> >
> >
> > Tim Hudson suggested I submit this even though I haven't been able to
> > find time to craft a patch.
>

Were you able to reproduce this performance problem? Note that N is at most
10 here. Assuming the DTLS packet reassembly code manages its queue
correctly (It's rather buggy, but I forget if this was one of its problems.
I eventually gave up trying to digest it and rewrote it from scratch on our
end.), this check will ensure the queue size is tightly bounded:

https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/statem/statem_dtls.c;h=d75483af6d40ad4c6ed9137eba8a7382a3b0ef0a;hb=HEAD#l634

It could probably be brought down a hair further too. There's no need to
buffer more than the maximum number of messages in a supported handshake
flight.

(pqueue is still a silly data structure to be using here. A fixed-size ring
buffer would be better. Or just a boring array since memmove on 10 pointers
is cheap. But it's not hugely important.)

David

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4558
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3680] NULL pointer dereference in tls1_check_chain (ssl/t1_lib.c)

2016-06-13 Thread Rich Salz via RT 
Sorry for the delay in looking at this. It appears that the function has
evolved quite a bit, and I cannot find a code path where cpk is not set. If i'm
wrong, please re-open the ticket with some more info. Thanks.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3680
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3723] Patch to add short name "Email" to "emailAddress" object

2016-06-13 Thread Rich Salz via RT 
OP says it can be closed, so we will. Open a new PR if desired.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3723
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4560] BUG: openssl-1.0.2h, evp_enc.c, fips, use of uninitialized variable

2016-06-13 Thread Rich Salz via RT 
commit beb4c45c the if() test could be removed since that code is inside a
larger "if (cipher" block, but this is minimal.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4560
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3809] [enhancement request] add critical to basicContraints in openssl.cnf

2016-06-13 Thread Rich Salz via RT 
yeah, about time we fixed this. :) commit a7be575 in master. thanks.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3809
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3100] [patch] remove some useless code in BN_uadd

2016-06-13 Thread Andy Polyakov via RT 
bn_add.c was modernized in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d6284057b66458f6c99bd65ba67377d63411090
and suggested modifications were "accumulated". Case is being dismissed.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3100
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation

2016-06-13 Thread Loic Etienne via RT 
My claim about portability issues was wrong (sorry): The C-standard ensures 
that positive values are handled in the two's complement system, indeed.

However, inl % block_size == inl & (block_size-1) is true if and only if 
block_size is a power of two, which happens to be true under the current 
implementation, but may change in the future.

If block_size should be 48, then 48 % block_size == 0, but 48 & (block_size-1) 
== 32.

For this reason and for stylistic reasons, it may be worth considering to use 
consistently inl % ctx->block_size instead of inl & ctx->block_mask and int & 
(bl-1). Then the member block_mask could probably be removed.

Otherwise, an OPENSSL_assert or an appropriate comment may document the 
essential precondition that block_size is a power of two.

Cheers, Loic



From: Matt Caswell via RT 
Sent: Friday, June 10, 2016 12:16:02 AM
To: Loic Etienne
Cc: openssl-dev@openssl.org
Subject: [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable 
bitwise operation

On Mon Jun 06 18:26:50 2016, loic.etie...@qnective.com wrote:
> crypto/evp/evp_enc.c, EVP_EncryptUpdate
> line 337: inl & (ctx->block_mask)
> line 367: inl & (bl - 1) /* with bl = ctx->cipher->block_size */

Why do you consider this a problem?

Matt

--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4561
Please log in as guest with password guest if prompted


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4561
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4329] OpenSSL 1.1.0 pre3: internal error in tls_post_process_client_key_exchange during reneg

2016-06-13 Thread Matt Caswell via RT 
On Wed Jun 08 16:02:39 2016, matt wrote:
> On Tue May 24 13:53:07 2016, steve wrote:
> > On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote:
> > > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0
> > > adjustments, I get
> > >
> >
> > Can you please check to see if this issue is still present in the latest
> > OpenSSL 1.1.0?
>
> Hi Rainer
>
> Can this ticket be closed now?


No response from OP, so assuming this is no longer an issue. Please open a new
ticket if it is.

Closing.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4329
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4558] Performance issue with DTLS packet reassembly

2016-06-13 Thread Matt Caswell via RT 
On Thu Jun 02 23:24:44 2016, paul.d...@oracle.com wrote:
> The DTLS packet reassembly code has a performance problem that could
> result in a DoS attack being possible.
>
>
>
> The DTLS packet reassembly uses the data structure defined in
> ssl/pqueue.c for the purpose (it is the only user of this data
> structure that I can find). This source file implements a priority
> queue using a singly linked list. This means O(n^2) worst case
> complexity, where n is the number of fragments. A better, and in fact
> optimal, solution would be to use a heap for the purpose giving O(n
> log n) worst case complexity. Doing this would prevent a potential
> DoS attack.
>
>
>
> The attack would consist of fragmenting the DTLS stream into as many
> small packets as possible and sending them in sequential order. Each
> fragment will require a complete traversal of the list to be added.
> Continue sending these as long as the DoS is wanted. For reference,
> changing the list search method or ordering won't prevent such an
> attack, it just means a different packet ordering is required.
>
>
>
> Tim Hudson suggested I submit this even though I haven't been able to
> find time to craft a patch.


This will require some significant rework of the pqueue code. This ticket is
currently against the 1.1.0 milestone, but realistically that kind of change
isn't going to happen in that timeframe, so pushing to post 1.1.0.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4558
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3236] support for DNSSEC in openssl

2016-06-13 Thread Elmar Stellnberger via RT 
Am 2016-06-12 um 23:49 schrieb Rich Salz via RT:
> And DANE support is in 1.1/master.
>
Ok, thanks; will have to upgrade ...


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3236
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev