Re: [openssl-dev] [openssl.org #4504] Openssl cms encrypt bug.

[Michel via RT]

Hi Andrew, 

I seem to recall that depending of the OpenSSL version, there was issue with
CFB1 mode.

Michel.
 
-Message d'origine-
De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de
?? ? via RT
Envoyé : lundi 7 novembre 2016 11:40
Cc : openssl-dev@openssl.org
Objet : Re: [openssl-dev] [openssl.org #4504] Openssl cms encrypt bug.

Hi, Stephen.

One more bug was found with enc option.


I want encrypt and decrypt any text with cipher "-des-ede3-cfb1". I used
"curl -h" to generete text.

curl -h | openssl enc -des-ede3-cfb1 -pass pass:test | openssl enc -d
-des-ede3-cfb1 -pass pass:test

Looks like openssl encrypts text with error or openssl can't decrypt text
correctly.

Thanks,
Andrew




-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4504
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4504] Openssl cms encrypt bug.

[Андрей Прокопьев via RT]

Hi, Stephen.

One more bug was found with enc option.


I want encrypt and decrypt any text with cipher "-des-ede3-cfb1". I used
"curl -h" to generete text.

curl -h | openssl enc -des-ede3-cfb1 -pass pass:test | openssl enc -d
-des-ede3-cfb1 -pass pass:test

Looks like openssl encrypts text with error or openssl can't decrypt text
correctly.

Thanks,
Andrew

2016-05-06 4:05 GMT+05:00 Stephen Henson via RT <r...@openssl.org>:

> Fixed now, thanks for the report.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4504
> Please log in as guest with password guest if prompted
>
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4504
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2880] Resolved: Modification of the capi engine to support loading key from CERT_SYSTEM_STORE_LOCAL_MACHINE

[Rich Salz via RT]

According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.

--  
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2880
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2902] Resolved: [PATCH] add strings for SSL state related to Next Protocol Negotiation

[Rich Salz via RT]

According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.

--  
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2902
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2818] Resolved: [PATCH] Cipher list TLSv1.2 as token; ciphers(1) update

[Rich Salz via RT]

According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.

--  
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2818
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Rich Salz via RT]

no need to keep this ticket, tracking the PR on github.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Kaduk, Ben via RT]

On 10/05/2016 09:15 AM, Kaduk, Ben via RT wrote:
> I refactored this stuff a while ago to add a flags field that would
> force the temporary read buffer to be allocated from the secure heap; I
> should really dig it up and clean it up for master.

That's https://github.com/openssl/openssl/pull/1700 , FWIW.

-Ben

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4704] Memory leak in rsa_new/rsa_free

[Simone Sgualdini via RT]

Hi,


I'm writing a c++ server application that calls thounsands of times per 
hour the rsa_new()
and rsa_free() openssl functions.

After debugging a lot I discovered that "sometimes" (I'm not able to 
tell a precise number) the rsa_free
does not release properly the memory allocated by the rsa_new.
In order to prove this I created the simple program below. If i run it, 
i see the related working set
going bigger and bigger, 4KB per second.

I'm using the 1.0.2.8 version of libeay32.dll and ssleay32.ddl under 
windows 7 64 bit.

It this a known bug? I'm forgetting something?

Thanks in advance

Simone Sgualdini
Italy


//---

#include 


#ifdef _cplusplus
extern "C"
   {
#endif
 #include 
 #include 
 #include 
   #include 
   #include 
#ifdef _cplusplus
   }
#endif
#pragma hdrstop

HMODULE libeay32DLL = NULL;
HMODULE ssleay32DLL = NULL;

typedef RSA  *(CALLBACK *myRSA_new) (void);
typedef void  (CALLBACK *myRSA_free) (RSA *r);
typedef int   (CALLBACK *mySSL_library_init) (void);

myRSA_new_RSA_new= NULL;
myRSA_free   _RSA_free   = NULL;
mySSL_library_init   _SSL_library_init;

//---

#pragma argsused

int main(int argc, char* argv[])
{
   RSA   *rsa;
   unsigned long count = 0;

   libeay32DLL = LoadLibrary("libeay32.dll");
   ssleay32DLL = LoadLibrary("ssleay32.dll");

   if(libeay32DLL && ssleay32DLL)
 {
   _RSA_new= (myRSA_new) 
GetProcAddress(libeay32DLL,"RSA_new");
   _RSA_free   = (myRSA_free) 
GetProcAddress(libeay32DLL,"RSA_free");
   _SSL_library_init   = (mySSL_library_init) 
GetProcAddress(ssleay32DLL,"SSL_library_init");
 }

   _SSL_library_init();

   while(1)
  {

   if(++count %100 == 0)  // whitout this, I get a stack overflow 
immediately
  Sleep(1);

*_RSA_free(_RSA_new());*
 }

   return 0;
}


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4704
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4703] Fix: Merge commit fe2d149 (RT2867: des_ede3_cfb1 ignored "size in bits" flag) to OpenSSL_1_0_2-stable

[Stefan Lahner via RT]

Hello,

the fix for "RT2867: des_ede3_cfb1 ignored "size in bits" flag 
"
 
(commit fe2d149119063ec3c89fd6db9af8a6970e3e6032) was only committed for 
master (1.1.0) but not for the still supported 1.0.2 (and 1.0.1) branch. 
Would it be possible to merge it to OpenSSL_1_0_2-stable (and maybe also 
OpenSSL_1_0_1-stable)?

Regards,
Stefan

-- 
Stefan Lahner, ISIS Papyrus Europe AG, DEV, T: +43-2236-27551-336


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4703
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] RES: [openssl.org #4702] OPENSSL: Linux SLESS11

[Jose Carlos de Oliveira via RT]

Thank you!

José Carlos de Oliveira (Oliveira)
Pesquisador / Desenvolvedor - Grupo ICTS
Brasilia - DF - Asa Norte
SCN Q05 - Brasilia Shopping - Torre Norte Sala 917
Fone:+5561-3246.7089
   Cel:+5561-99311.9226
  Site: www.grupoicts.com.br



-Mensagem original-
De: Matt Caswell via RT [mailto:r...@openssl.org] 
Enviada em: segunda-feira, 10 de outubro de 2016 11:25
Para: jose.olive...@grupoicts.com.br
Cc: openssl-dev@openssl.org
Assunto: Re: [openssl-dev] [openssl.org #4702] OPENSSL: Linux SLESS11



On 10/10/16 15:14, Jose Carlos de Oliveira via RT wrote:
> Hi,
> I have downloaded and builded last tree openssl versions for linux:
> 1)  openssl-1.0.1u.tar.gz
> 2)  openssl-1.0.2j.tar.gz
> 3)  openssl-1.1.0b.tar.gz

Any particular reason why you need all three?

> 
> I successful followed all steps found at file INSTALL
> 
> By the way, when I try to use it I have the bellow messages:
>undefined reference to ‘EVP_CIPHER_CTX_init’
>undefined reference to ‘EVP_CIPHER_CTX_cleanup’

What was the exact command you issued to see the above?

EVP_CIPHER_CTX_cleanup() no longer exists in OpenSSL 1.1.0.
EVP_CIPHER_CTX_init() is just a macro for EVP_CIPHER_CTX_reset() in 1.1.0.

Matt




> 
> The OS I´m using is a Linux SLESS11 desktop 32 bits: kernel 
> 3.0.13-0.27-default
> 
> Regards,
> 
> 
> José Carlos de Oliveira (Oliveira)
> Pesquisador / Desenvolvedor - Grupo ICTS Brasilia - DF - Asa Norte SCN 
> Q05 - Brasilia Shopping - Torre Norte Sala 917
> Fone:+5561-3246.7089
>Cel:+5561-99311.9226
>   Site:  <http://www.grupoicts.com.br/> www.grupoicts.com.br
> 
> 
> 
> 


--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4702
Please log in as guest with password guest if prompted


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4702
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4702] OPENSSL: Linux SLESS11

[Matt Caswell via RT]

On 10/10/16 15:14, Jose Carlos de Oliveira via RT wrote:
> Hi,
> I have downloaded and builded last tree openssl versions for linux:
> 1)  openssl-1.0.1u.tar.gz
> 2)  openssl-1.0.2j.tar.gz
> 3)  openssl-1.1.0b.tar.gz

Any particular reason why you need all three?

> 
> I successful followed all steps found at file INSTALL
> 
> By the way, when I try to use it I have the bellow messages:
>undefined reference to ‘EVP_CIPHER_CTX_init’
>undefined reference to ‘EVP_CIPHER_CTX_cleanup’

What was the exact command you issued to see the above?

EVP_CIPHER_CTX_cleanup() no longer exists in OpenSSL 1.1.0.
EVP_CIPHER_CTX_init() is just a macro for EVP_CIPHER_CTX_reset() in 1.1.0.

Matt




> 
> The OS I´m using is a Linux SLESS11 desktop 32 bits: kernel
> 3.0.13-0.27-default
> 
> Regards,
> 
> 
> José Carlos de Oliveira (Oliveira)
> Pesquisador / Desenvolvedor - Grupo ICTS
> Brasilia - DF - Asa Norte
> SCN Q05 - Brasilia Shopping - Torre Norte Sala 917
> Fone:+5561-3246.7089
>Cel:+5561-99311.9226
>   Site:  <http://www.grupoicts.com.br/> www.grupoicts.com.br
> 
> 
> 
> 


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4702
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4702] OPENSSL: Linux SLESS11

[Jose Carlos de Oliveira via RT]

Hi,
I have downloaded and builded last tree openssl versions for linux:
1)  openssl-1.0.1u.tar.gz
2)  openssl-1.0.2j.tar.gz
3)  openssl-1.1.0b.tar.gz

I successful followed all steps found at file INSTALL

By the way, when I try to use it I have the bellow messages:
   undefined reference to ‘EVP_CIPHER_CTX_init’
   undefined reference to ‘EVP_CIPHER_CTX_cleanup’

The OS I´m using is a Linux SLESS11 desktop 32 bits: kernel
3.0.13-0.27-default

Regards,


José Carlos de Oliveira (Oliveira)
Pesquisador / Desenvolvedor - Grupo ICTS
Brasilia - DF - Asa Norte
SCN Q05 - Brasilia Shopping - Torre Norte Sala 917
Fone:+5561-3246.7089
   Cel:+5561-99311.9226
  Site:   www.grupoicts.com.br




-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4702
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4701] Some OpenSSL 1.1.0 does not decode FIPS error codes

[noloa...@gmail.com via RT]

I'm working with a non-capable version of the library (I need to gt it
updated since release):

$ openssl version
OpenSSL 1.1.0-pre6-dev  xx XXX 

Looking at a question on another site, the OP provides:

With FIPS, compilation goes fine, but generates the following when run:

139686960322208:error:2D0A0086:FIPS
routines:FIPS_cipher:selftest failed:fips_enc.c:336:
139686960322208:error:2D0A0086:FIPS
routines:FIPS_cipher:selftest failed:fips_enc.c:336:

Trying to decode the error on this machine results in:

$ openssl errstr 0x2D0A0086
error:2D0A0086:FIPS routines:func(160):reason(134)

It seems some versions of the library don't have the necessary error
codes available to them.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4701
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4700] fprintf(stderr, ...) in d1_both.c

[Wyss, Felix via RT]

Good Morning,

Inspecting some code in the OpenSSL DTLS implementation, I noticed three places 
in the file “d1_both.c” where error conditions result in an sprintf to stderr:

Line 1071 in function dtls1_read_failed
Line 1143 in function dtls1_retransmit_buffered_messages
Line 1243 in function dtls1_retransmit_message

We’re using version 1.0.2j.

It should be obvious why it’s rather inappropriate for a library like OpenSSL 
to write to stderr instead of reporting errors to the application.  Even more 
so considering that OpenSSL already has a sophisticated error reporting 
mechanism.

Regards,
--Felix Wyss


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4700
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4699] Bug in OpenSSL 1.0.2j-fips 26 Sep 2016 or maybe affects all

[Valentin B via RT]

Hi Richard,

Just saw the patch. Thanks for the quick response.

Valentin

On 10/06/2016 09:37 AM, Richard Levitte via RT wrote:
> It affects all 1.0.2 variants. I've a fix on github:
> https://github.com/openssl/openssl/pull/1668
> 
> Cheers,
> Richard
> 
> On Thu Oct 06 07:15:52 2016, valen...@astro.rug.nl wrote:
>> Hi,
>>
>> While playing around with prime number generation I noticed that the
>> following generates a core dump. I think this is definitely a bug.
>>
>> How to reproduce:
>>
>> $ openssl prime ''
>> Segmentation fault (core dumped)
>>
>> I haven't included any strace output but this can be reproduced by you
>> as well.
>>
>>
>> Kind regards,
> 
> 
> --
> Richard Levitte
> levi...@openssl.org
> 

-- 

Valentin Bajrami
Kapteyn Astronomical Institute
University of Groningen
Postbus 800
NL-9700 AV Groningen
The Netherlands

Phone:+31-(0)50-3634068


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4699
Please log in as guest with password guest if prompted



signature.asc
Description: PGP signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4699] Bug in OpenSSL 1.0.2j-fips 26 Sep 2016 or maybe affects all

[Richard Levitte via RT]

It affects all 1.0.2 variants. I've a fix on github:
https://github.com/openssl/openssl/pull/1668

Cheers,
Richard

On Thu Oct 06 07:15:52 2016, valen...@astro.rug.nl wrote:
> Hi,
>
> While playing around with prime number generation I noticed that the
> following generates a core dump. I think this is definitely a bug.
>
> How to reproduce:
>
> $ openssl prime ''
> Segmentation fault (core dumped)
>
> I haven't included any strace output but this can be reproduced by you
> as well.
>
>
> Kind regards,


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4699
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4699] Bug in OpenSSL 1.0.2j-fips 26 Sep 2016 or maybe affects all

[Valentin B via RT]

Hi,

While playing around with prime number generation I noticed that the
following generates a core dump. I think this is definitely a bug.

How to reproduce:

$ openssl prime ''
Segmentation fault (core dumped)

I haven't included any strace output but this can be reproduced by you
as well.


Kind regards,
-- 
Valentin Bajrami
Kapteyn Astronomical Institute
University of Groningen
Postbus 800
NL-9700 AV Groningen
The Netherlands
Phone: +31-(0)50-3634068


PGP Fingerprint: 50D7 E233 C2E0 1C81 BB7F F8D8 E51B CF89 A52E 5271


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4699
Please log in as guest with password guest if prompted



signature.asc
Description: PGP signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Timothe Litt via RT]

One more reference: https://tools.ietf.org/html/rfc4648#section-3.3
describes the considerations for 'non-base64 characters'.

Short form: MIME requires that they be ignored. 7468 says SHOULD.
4648 says 'reject, unless the referencing spec says otherwise' (which
7468 does.)

I wrote previously that MIME's limit on line length is 72; according to
4648 3.1 it's actually 76.  Sorry.  The point is, it's NOT 64 (which is what
PEM specifies.).  (65 in OpenSSL must include the end-of-line.)

Note that all 3 constants are (deliberately) a multiple of 4, meaning that
the decoding of a byte can't span lines.  However, this is not true in
the wild;
end-of-line can appear anywhere. (Again, wrapping by MUAs, web browsers
and embedded devices are the most frequent offenders.)

Here's the full text of 3.3:

>Base encodings use a specific, reduced alphabet to encode binary
>data.  Non-alphabet characters could exist within base-encoded data,
>caused by data corruption or by design.  Non-alphabet characters may
>be exploited as a "covert channel", where non-protocol data can be
>sent for nefarious purposes.  Non-alphabet characters might also be
>sent in order to exploit implementation errors leading to, e.g.,
>buffer overflow attacks.
>
>Implementations MUST reject the encoded data if it contains
>characters outside the base alphabet when interpreting base-encoded
>data, unless the specification referring to this document explicitly
>states otherwise.  Such specifications may instead state, as MIME
>does, that characters outside the base encoding alphabet should
>simply be ignored when interpreting data ("be liberal in what you
>accept").  Note that this means that any adjacent carriage return/
>line feed (CRLF) characters constitute "non-alphabet characters" and
>are ignored.  Furthermore, such specifications MAY ignore the pad
>character, "=", treating it as non-alphabet data, if it is present
>before the end of the encoded data.  If more than the allowed number
>of pad characters is found at the end of the string (e.g., a base 64
>string terminated with "==="), the excess pad characters MAY also be
>ignored.
>

Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Kaduk, Ben via RT]

On 10/05/2016 07:56 AM, Richard Levitte via RT wrote:
> To be noted, there's more in section 2:
>
>Most extant parsers ignore blanks at the ends of lines; blanks at the
>beginnings of lines or in the middle of the base64-encoded data are
>far less compatible.  These observations are codified in Figure 1.
>The most lax parser implementations are not line-oriented at all and
>will accept any mixture of whitespace outside of the encapsulation
>boundaries (see Figure 2).  Such lax parsing may run the risk of
>accepting text that was not intended to be accepted in the first
>place (e.g., because the text was a snippet or sample).
>
> I haven't looked enough in our code recently to remember if we're doing
> "standard" (figure 1) or "strict" (figure 3) parsing... what I hear is a
> request for us to move to "lax" (figure 2) parsing.
>

If I remember correctly, it's somewhere in between.  The core
PEM-parsing code is vintage EAY, and contains some "interesting"
behavior, like going to the end of the line/buffer that was read,
backtracking past any characters with ASCII value less than or equal to
that of , and writing \n\0.  So, it seems like trailing
whitespace would be ignored, but leading whitespace would trip up the
"len == 65" check later on.

I refactored this stuff a while ago to add a flags field that would
force the temporary read buffer to be allocated from the secure heap; I
should really dig it up and clean it up for master.

-Ben

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Timothe Litt via RT]

On 05-Oct-16 08:56, Richard Levitte via RT wrote:
> To be noted, there's more in section 2:
>
>Most extant parsers ignore blanks at the ends of lines; blanks at the
>beginnings of lines or in the middle of the base64-encoded data are
>far less compatible.  These observations are codified in Figure 1.
>The most lax parser implementations are not line-oriented at all and
>will accept any mixture of whitespace outside of the encapsulation
>boundaries (see Figure 2).  Such lax parsing may run the risk of
>accepting text that was not intended to be accepted in the first
>place (e.g., because the text was a snippet or sample).
>
> I haven't looked enough in our code recently to remember if we're doing
> "standard" (figure 1) or "strict" (figure 3) parsing... what I hear is a
> request for us to move to "lax" (figure 2) parsing.
Yes.  Actually, the text is even more lax than the BNF; it says in
paragraph 1 that

   parsers SHOULD ignore whitespace and other non-
   base64 characters 

That is, anything but A-Za-z0-9+/ and = at the end (as pad) should be
ignored between the
header and the footer.  Many decoders do that silently, some warn if the
junk isn't whitespace.

Let's step back a bit from the letter of the RFCs and consider what
brought this up:

The real-word issues that drive this are cases like cut and paste of a
CSR, certificate, or key from
a webpage, terminal window or e-mail.  All may re-wrap such that
whitespace is introduced
or lost.

Further, especially with long keys, the text may not all be visible at
once, so one ends up
scrolling and/or copy/pasting in sections.  Again introducing and/or
losing white space.  And exactly how
textboxes on web pages represent EOL and interact with copy/paste
varies.  Lost newlines
can produce long lines, and many base64 encoders (e.g. Perl's
MIME::Base64) produce PEM
 that's longer than 64 characters (e.g. the 72 characters recommended
for MIME.)

CSRs/Certificates/Keys appear on webpages generated by embedded devices
(think NAS, routers), as well
as CAs and terminal windows.  So while one would like to think that
they're never touched by human hands,
the reality is that they are.

I'm not as concerned about "accepting text that was not intended to be
accepted in the first  place"
because validation of the data will occur.  CSRs and certificates are
signed, and will fail validation if
corrupt.  Keys won't work if corrupt.  All have to pass ASN.1 parsing,
which also will catch many forms
of corruption.

OpenSSL should accept the CSR that I posted as a test case.  Whether to
also ignore
non-base64 characters is debatable.  I vote for warning (e.g. a distinct
SUCCESS code that
the caller can elect to report or ignore).

What's fixed is that there must be a "-BEGIN" line, and there's
little excuse for not having
a "-END" line, though the newline after the "-END" may be
optional.  Embedded whitespace
must be ignored - which includes that line length is unrestricted.  This
is something that
both humans with a mouse and software can comprehend...

The approach I use is to discard all whitespace, check for only base64 +
optional pad &
ensure that the length, including 0-2 pad (=) at the end is an even
multiple of 4 characters
long.  Otherwise, (non-base64 or not a sane length) I warn but process
the input.  (A Perl
implementation is in the OpenXPKI issue that I cited.)

Naturally, I am NOT arguing that PEM can be produced in lax form; this
is only about
making the input parsing compatible with (RFC-compliant) cases common in
the real world.

I hope this provides context for your decisions...

Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

[Sergey G Brazhnikov via RT]

Yes, Steve, you're right!
Thank you.

I'm sorry for imprecise wording.

Sergey.

2016-10-05 16:24 GMT+05:00 Stephen Henson via RT <r...@openssl.org>:

> On Wed Oct 05 07:05:06 2016, sgbrazhni...@gmail.com wrote:
> > Hi, guys.
> >
> > Just figured out that files encrypted with OpenSSL 1.1.0-stable can not
> be
> > decrypted with previous releases and vice versa.
> > Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and
> > 0.9.8(cast5-cfb only)
> >
> > All built without errors, passed all tests.
> > Configuration VC-WIN32, os Windows 8.1 Pro x64, compiler vs2015.
> >
>
> In case you're referring to files encrypted using the "enc" utility this is
> because the default digest used for key derivation was changed from MD5 to
> SHA256 in OpenSSL 1.1.0.
>
> You can change this using the -md option. So supplying "-md md5" should
> retain
> compatibility.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4697
> Please log in as guest with password guest if prompted
>
>


-- 

С ув., Бражников С.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4697
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4696] Resolved: BUG: openssl1.0.2j Solaris-Sparc : ../util/shlib_wrap.sh ./bad_dtls_test - core dump

[Llewelyn Thomas via RT]

Confirmed - thanks for the reply!


From: Rich Salz via RT <r...@openssl.org>
Sent: 05 October 2016 08:09:49
To: Llewelyn Thomas
Subject: [openssl.org #4696] Resolved: BUG: openssl1.0.2j Solaris-Sparc : 
../util/shlib_wrap.sh ./bad_dtls_test - core dump

According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.

--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4696
Please log in as guest with password guest if prompted


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4696
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Richard Levitte via RT]

To be noted, there's more in section 2:

   Most extant parsers ignore blanks at the ends of lines; blanks at the
   beginnings of lines or in the middle of the base64-encoded data are
   far less compatible.  These observations are codified in Figure 1.
   The most lax parser implementations are not line-oriented at all and
   will accept any mixture of whitespace outside of the encapsulation
   boundaries (see Figure 2).  Such lax parsing may run the risk of
   accepting text that was not intended to be accepted in the first
   place (e.g., because the text was a snippet or sample).

I haven't looked enough in our code recently to remember if we're doing
"standard" (figure 1) or "strict" (figure 3) parsing... what I hear is a
request for us to move to "lax" (figure 2) parsing.

Cheers,
Richard


On Wed Oct 05 12:02:54 2016, l...@acm.org wrote:
> On 05-Oct-16 07:52, Salz, Rich via RT wrote:
>
> > Well, it is a SHOULD not a MUST. But point taken it could be (much)
> > better :)
> >
> >
> It's an important SHOULD. Whitespace introduction happens in the
> wild.
>
> This is the quote from the OpenXPKI folks:
> > I just saw this today at a customer install that a user uploaded a
> > PCSK10 request with extra newlines, anything based on Crypt::PKCS10
> > is
> > happy with it but openssl crashes when it tries to sign.
>
> See https://github.com/openxpki/openxpki/issues/437


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Timothe Litt via RT]

On 05-Oct-16 07:52, Salz, Rich via RT wrote:

> Well, it is a SHOULD not a MUST.  But point taken it could be (much) better :)
>
>
It's an important SHOULD.  Whitespace introduction happens in the wild.

This is the quote from the OpenXPKI folks:
> I just saw this today at a customer install that a user uploaded a
> PCSK10 request with extra newlines, anything based on Crypt::PKCS10 is
> happy with it but openssl crashes when it tries to sign.

See https://github.com/openxpki/openxpki/issues/437


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Salz, Rich via RT]

Well, it is a SHOULD not a MUST.  But point taken it could be (much) better :)


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser

[Timothe Litt via RT]

PEM consists of base64 inside a header and trailer line.

OpenSSL crashes with embedded newlines.  This was mentioned to me by the
OpenXPKI project.

See RFC 7468 section 2:

 Data before the encapsulation boundaries are
   permitted, and parsers MUST NOT malfunction when processing such
   data.  Furthermore, parsers SHOULD ignore whitespace and other non-
   base64 characters and MUST handle different newline conventions.

Reproducible with the attached PEM certificate request and OpenSSL 1.02h
(linux).

openssl req -text -in t/csr1.pem
unable to load X509 request
3086379164:error:0906D066:PEM routines:PEM_read_bio:bad end
line:pem_lib.c:809:

This request is valid - although it (intentionally) also exceeds the
standard line length.

Note that OpenSSL will accept it if re-formatted:
| perl -Mwarnings -Mstrict -MMIME::Base64 -e'local $/; my $x = ;
$x =~ s/.*^(-BEGIN CERTIFICATE REQUEST-\r?\n)(.*)^(-END
CERTIFICATE REQUEST-).*/$1 . encode_base64(decode_base64( $2 )) .
$3/ems; print $x' http://rt.openssl.org/Ticket/Display.html?id=4698
Please log in as guest with password guest if prompted

Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AU, ST=Some-State, L=my city, O=Internet Widgits Pty Ltd, 
OU=Big org, OU=Smaller org, CN=My Name/emailAddress=n...@no-email.com, 
DC=domainComponent
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a0:00:f3:58:dd:26:40:15:1b:67:8d:b6:3d:ab:
cb:c4:8a:86:52:cd:d1:99:b0:e8:4a:b3:1d:f0:20:
11:11:f1:66:75:a1:67:0c:f9:d8:f5:91:80:da:99:
bf:49:d2:d8:4d:57:cc:9b:5b:64:7a:c0:82:e7:09:
23:8f:6e:4c:c4:30:46:ec:68:28:e6:fe:60:28:a1:
d4:b0:3d:02:e3:e4:3e:15:fa:13:42:67:e8:e4:1d:
51:99:e7:99:30:74:cd:77:7f:b6:e2:84:85:f4:6c:
e9:a3:cb:1a:63:e4:61:d9:51:e2:e4:1c:c7:5d:e4:
f1:91:5c:56:b9:84:17:95:3b
Exponent: 65537 (0x10001)
Attributes:
challengePassword:unable to print attribute
unstructuredName :unable to print attribute
Requested Extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage: 
E-mail Protection, TLS Web Server Authentication, TLS Web 
Client Authentication, Code Signing, E-mail Protection, Time Stamping, OCSP 
Signing
X509v3 Subject Alternative Name: 
email:no...@none.com, URI:https://fred.example.net, 
email:some...@nowhere.example.com, DNS:www.example.net, DNS:www.example.com, 
DNS:example.net, DNS:example.com, IP Address:10.2.3.4, IP 
Address:2001:DB8:741:0:0:0:0:0
X509v3 Subject Key Identifier: 
00:12:45:9A
X509v3 Certificate Policies: critical
Policy: postOfficeBox
  CPS: http://there.example.net
  CPS: http://here.example.net
  User Notice:
Organization: Suspicious minds
Numbers: 8, 11
Explicit Text: Trust but verify
  User Notice:
Organization: Suspicious minds
Numbers: 8, 11
Explicit Text: Trust but verify
Policy: 1.5.88.103

Signature Algorithm: sha1WithRSAEncryption
 9f:49:67:16:4d:d5:14:df:3f:32:ba:e9:02:4a:be:27:16:db:
 45:e3:7d:52:d9:14:4b:75:11:0f:22:6d:56:c8:c1:ad:96:f1:
 e7:8b:d4:9a:28:79:c4:a8:c3:3f:81:f5:88:b3:d1:7d:e8:f4:
 ea:c2:61:ae:04:5e:34:21:a9:1a:79:dd:42:36:bf:a7:85:23:
 82:9f:9c:91:eb:aa:5c:18:d6:d3:7a:55:09:97:3d:5f:3a:31:
 a1:69:06:58:ed:62:fd:a9:31:73:4d:47:ea:fb:dc:96:b0:14:
 85:1e:2a:6e:76:46:f8:b2:f0:fd:86:2f:61:4d:9a:d8:8b:ed:
 83:ea
-BEGIN CERTIFICATE REQUEST-
MIIEbjCCA9cCAQAwgdQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRl
   MRAwDgYDVQQHDAdteSBjaXR5MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
eSBMdGQxEDAOBgNVBAsMB0JpZyBvcmcxFDASBgNVBAsMC1NtYWxsZXIgb3JnMRAw
 DgYDVQQDDAdNeSBOYW1lMSAwHgYJKoZIhvcNAQkBFhFub25lQG5vLWVtYWlsLmNv


bTEfMB0GCgmSJomT8ixkARkWD2RvbWFpbkNvbXBvbmVudDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAoADzWN0mQBUbZ422PavLxIqGUs3RmbDoSrMd8CAREfFm
daFnDPnY9ZGA2pm/SdLYTVfMm1tkesCC5wkjj25MxDBG7Ggo5v5gKKHUsD0C4+Q+


FfoTQmfo5B1RmeeZMHTNd3+24oSF9Gzpo8saY+Rh2VHi5BzHXeTxkVxWuYQXlTsC
AwEAAaCCAlcwFQYJKoZIhvcNAQkHMQgMBlNlY3JldDAXBgkqhkiG9w0BCQIxCgwI
TXlDb0ZvQ28wggIjBgkqhkiG9w0BCQ4xggIUMIICEDAPBgNVHRMBAf8EBTADAQH/
MA4GA1Ud  DwEB/wQEAwIF4DBPBgNVHSUESDBGBggrBgEFBQcDBAYIKwYBBQUHAwEG
CCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIBggrBgEFBQcD
CTCBpgYDVR0RBIGeMIGbgQ5ub3dheUBub25lLmNvbYYYaHR0cHM6Ly9mcmVkLmV4

[openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

[Stephen Henson via RT]

On Wed Oct 05 07:05:06 2016, sgbrazhni...@gmail.com wrote:
> Hi, guys.
>
> Just figured out that files encrypted with OpenSSL 1.1.0-stable can not be
> decrypted with previous releases and vice versa.
> Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and
> 0.9.8(cast5-cfb only)
>
> All built without errors, passed all tests.
> Configuration VC-WIN32, os Windows 8.1 Pro x64, compiler vs2015.
>

In case you're referring to files encrypted using the "enc" utility this is
because the default digest used for key derivation was changed from MD5 to
SHA256 in OpenSSL 1.1.0.

You can change this using the -md option. So supplying "-md md5" should retain
compatibility.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4697
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

[Salz, Rich via RT]

I think you are reading too much into Viktor's words.  From my perspective he 
was proposing a work-around, nothing more.

Yeah, what we did is sub-optimal.  Not the first time, won't be the last :)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4697
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

[David Woodhouse via RT]

On Wed, 2016-10-05 at 07:05 +, Sergey G Brazhnikov via RT wrote:
> 
> Just figured out that files encrypted with OpenSSL 1.1.0-stable can not be
> decrypted with previous releases and vice versa.
> Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and
> 0.9.8(cast5-cfb only)

What files? Do you mean private key files? If so, in what form?
Encrypted PEM, PKCS#8, PKCS#12? All could have different character set
behaviour. I'm assuming the passphrase has non-ASCII characters in it?

What is the local character set (chcp) when the file is created, and
when it is used? You're doing this on the same machine?

Can you show an example?

-- 
dwmw2
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4697
Please log in as guest with password guest if prompted



smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4697] Bug in 1.1.0 (lost compatibility with previous releases)

[Sergey G Brazhnikov via RT]

Hi, guys.

Just figured out that files encrypted with OpenSSL 1.1.0-stable can not be
decrypted with previous releases and vice versa.
Tested aes256, cast5-cfb, camellia128 on 1.1.0-stable, 1.0.2-stable and
0.9.8(cast5-cfb only)

All built without errors, passed all tests.
Configuration VC-WIN32, os Windows 8.1 Pro x64, compiler vs2015.

Regards, Sergey.

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4697
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4696] BUG: openssl1.0.2j Solaris-Sparc : ../util/shlib_wrap.sh ./bad_dtls_test - core dump

[Llewelyn Thomas via RT]

$ uname -a
SunOS orl-rpd-sunbld1 5.10 Generic_141444-09 sun4v sparc 
SUNW,SPARC-Enterprise-T5120

$ echo $PATH
/opt/sunstudio12.1/bin:/usr/ccs/bin:/usr/bin:/usr/openwin/bin



test_bad_dtls

../util/shlib_wrap.sh ./bad_dtls_test
*** Signal 10 - core dumped
make: Fatal error: Command failed for target `test_bad_dtls'
Current working directory /apps/llew/openssl-1.0.2j/test
*** Error code 1
The following command caused the error:
(cd test && echo "testing..." && \
TOP= && unset TOP ${LIB+LIB} ${LIBS+LIBS}${INCLUDE+INCLUDE} 
${INCLUDES+INCLUDES} ${DIR+DIR} ${DIRS+DIRS} ${SRC+SRC}
   ${LIBSRC+LIBSRC} ${LIBOBJ+LIBOBJ} ${ALL+ALL}${EXHEADER+EXHEADER} 
${HEADER+HEADER}   ${GENERAL+GENERAL} ${CFLAGS+CFLAGS}
  ${ASFLAGS+ASFLAGS} ${AFLAGS+AFLAGS} ${LDCMD+LDCMD} 
${LDFLAGS+LDFLAGS} ${SCRIPTS+SCRIPTS}${SHAREDCMD+SHAREDCMD} ${SHARE
DFLAGS+SHAREDFLAGS}   ${SHARED_LIB+SHARED_LIB} ${LIBEXTRAS+LIBEXTRAS} && 
make -e LC_ALL=C PLATFORM='solaris64-sparcv9-cc' PROCESSOR='' CC
='cc' CFLAG='-KPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -m64 -xO5 -xstrconst -xdepen
d -Xa -DB_ENDIAN -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DGHASH_ASM'
  AS='cc' ASFLAG='-KPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -m64 -xO5 -xst
rconst -xdepend -Xa -DB_ENDIAN -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DGHASH_A
SM -c'   AR='ar  r' NM='nm' RANLIB='/usr/ccs/bin/ranlib'
 RC='windres'CROSS_COMPIL
E=''PERL='/usr/bin/perl' ENGDIRS='ccgost'   SDIRS='objects  md4 
md5 sha hmac ripemd whrlpool  des aes rc2 rc4 idea bf cast ca
mellia seed modes  bn ec rsa dsa ecdsa dh ecdh dso engine  buffer bio stack 
lhash rand err  evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12
comp ocsp ui krb5  cms pqueue ts srp cmac' 
LIBRPATH='/apps/openssl-1.0.2j-bin/lib'   INSTALL_PREFIX=''   
INSTALLTOP='/apps/o
penssl-1.0.2j-bin' OPENSSLDIR='/apps/openssl-1.0.2j-bin/ssl' 
LIBDIR='lib'MAKEDEPEND='$${TOP}/util/domd $$
{TOP} -MD makedepend'  DEPFLAG='-DOPENSSL_NO_DEPRECATED 
-DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE 
-DOPENSSL_NO_LIB
UNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 
-DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 
-
DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS'   
MAKEDEPPROG='makedepend'SHARED_LDFLAGS=
'-m64 -G -dy -z text'KRB5_INCLUDES='' LIBKRB5='' 
ZLIB_INCLUDE='-I/apps/zlib-1.2.3-bin//include' LIBZLIB='/apps/zlib-1.2.3-bin
//solaris10-sparc64/lib'EXE_EXT='' SHARED_LIBS='libcrypto.so.1.0.0 
libssl.so.1.0.0' SHLIB_EXT='.so.1.0.0' SHLIB_TARGET='solaris-share
d' PEX_LIBS='' EX_LIBS='-lsocket -lnsl -ldl 
-L/apps/zlib-1.2.3-bin//solaris10-sparc64/lib -lz' CPUID_OBJ='sparcv9cap.o 
sparccpuid.o'
BN_ASM='bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o 
sparcv9-gf2m.o'EC_ASM='' DES_ENC='des_enc-sparc.o fcrypt_b
.o dest4-sparcv9.o'  AES_ENC='aes_core.o aes_cbc.o aes-sparcv9.o 
aest4-sparcv9.o' CMLL_ENC='camellia.o cmll_misc.o cmll_cbc.o cmllt4-
sparcv9.o'  BF_ENC='bf_enc.o' CAST_ENC='c_enc.o'RC4_ENC='rc4_enc.o 
rc4_skey.o' RC5_ENC='rc5_enc.o'  SHA1_ASM_OBJ='sha1-sparcv9.o
sha256-sparcv9.o sha512-sparcv9.o' 
MD5_ASM_OBJ='md5-sparcv9.o' RMD160_ASM_OBJ=''   
WP
_ASM_OBJ='wp_block.o' MODES_ASM_OBJ='ghash-sparcv9.o'   
  ENGINES_ASM_OBJ=''  PERLASM_SCHEME=
'void'   FIPSLIBDIR=''   
FIPSDIR='/usr/local/ssl/fips-2.0'   
FIPSCANLIB="${FIPSCANLIB:-}"
   THIS=${THIS:-tests} MAKEFILE=Makefile MAKEOVERRIDES= TOP=.. TESTS='alltests' 
OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tes
ts );
make: Fatal error: Command failed for target `tests'

$ pstack test/core

core 'test/core' of 17356: ./bad_dtls_test
7e5c1944 time (100104adc, 25400, 1, 0, fc0b, 5) + 14
00012cbc main (0, 0, 0, 18, 0, 100104a8c) + dc
00011c1c _start (0, 0, 0, 0, 0, 0) + 17c

Configure command used:

$ ./Configure solaris64-sparcv9-cc --prefix=$OPENSSL_HOME threads zlib 
--with-zlib-lib=$ZLIB_HOME/solaris10-sparc64/lib 
--with-zlib-include=$ZLIB_HOME/include shared no-mdc2 no-rc5



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4696
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4683] [BUG] Failure running openssl speed ecdh in master branch

[Nicola Tuveri via RT]

>
> There are several options which have varying impacts on what speed would
> actually be measuring, I'll outline them below:
> 1) I just remove X25519 support from OpenSSL speed. This is the easiest
> fix but means nobody can use speed to measure performance with the X25519
> curve anymore. This would be undesirable as the curve is becoming
> increasingly popular and well supported as an alternative to NIST curves.
> 2) I add a special case to the ECDH measurement function that uses the
> EVP_PKEY_* interfaces just for the X25519 curve. This adds complexity to
> speed and means X25519 is technically not really comparable with the other
> curves due to a different API entry point at a higher level.
> 3) I move all the ECDH curves in speed over to use the EVP_PKEY_*
> interfaces. This will make the curve measurement comparable but not with
> historical data from earlier openssl versions (this may not be important
> anyway).
> 4) I go the whole hog and move all the pkey operations that I can in speed
> over to use the EVP_PKEY_* interfaces. Again this would break historical
> comparisons.


I just noticed this thread: I was already working on option number 3 for a
side project where I had the need to compare benchmarks of ECDH with
different curves, including X25519, so [here is a pull request][0] to start
from if we want to revise which interface to use to access EC crypto in
apps/speed.

Hope this might save some time!



Kind regards,

Nicola Tuveri


[0] https://github.com/openssl/openssl/pull/1658

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4683
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4695] calloc issue in crypto\LPdir_win.c

[Geoffrey Coram via RT]

Hi -
I had a link failure due to an unresolved external "calloc" when 
trying to build a WindowsCE application using OpenSSL 1.0.2j.

calloc appears in crypto\LPdir_win.c on line 98.

I think one is supposed to use LocalAlloc for WindowsCE instead of 
malloc or calloc.

I didn't get a link error for malloc that appears on line 72 of that 
file (on line 77, that memory is zeroed out), so it seems like a fix 
for me would be to use a malloc and memset instead of calloc.


calloc also appears in ssl\kssl.c, though my application does not use 
functions from that file.  I was puzzled to see calls to "calloc" and 
also "kssl_calloc"

-Geoffrey


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4695
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4693] Re: [openssl.org #4692] AutoReply: Change EVP_aes_xxx_wrap to use FIPS crypto module in FIPS mode

[Kent Peacock via RT]

Recommemded change to the previous diff in aes_wrap_cleanup, since 
cipher data and the context are cleaned up by the caller (avoids a 
double free):

  if (wctx) {
  EVP_CIPHER_CTX_cleanup(>aes_ctx);
-OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
-OPENSSL_free(c->cipher_data);
  }
-memset(c, 0, sizeof(EVP_CIPHER_CTX));


On 10/01/2016 04:02 AM, The default queue via RT wrote:
>
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
>   "Change EVP_aes_xxx_wrap to use FIPS crypto module in FIPS mode",
> a summary of which appears below.
>
> There is no need to reply to this message right now.  Your ticket has been
> assigned an ID of [openssl.org #4692].
>
> Please include the string:
>
>  [openssl.org #4692]
>
> in the subject line of all future correspondence about this issue. To do so,
> you may reply to this message.
>
> Thank you,
> r...@openssl.org
>
> -
> The FIPS certified 2.0.x crypto module does not incorporate the key wrap
> modes within the module boundary, and calls the local
> AES_{encrypt,decrypt} functions (which is, strictly speaking, a no-no).
> So, it's not using FIPS validated crypto. This patch provides a
> modification to use the appropriate underlying FIPS EVP_aes_..._ecb APIs
> which use the FIPS module to do the actual block-at-a-time
> encryption/decryption.
>
> Kent
>
>
> -
> http://rt.openssl.org/Ticket/Display.html?id=4692=guest=guest
>


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4693
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4694] bug report openssl-1.1.0b (ssl_rsa.c)

[ldc...@163.com via RT]

hello, should the following problem were BUGS ?

SSL_use_PrivateKey_file
SSL_use_certificate_file
SSL_use_RSAPrivateKey_file

for example:  SSL_use_PrivateKey_file
-
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
{
int j, ret = 0;
BIO *in;
EVP_PKEY *pkey = NULL;

in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
goto end;
}

if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
pkey = PEM_read_bio_PrivateKey(in, NULL,
   ssl->ctx->default_passwd_callback,
   ssl->
   ctx->default_passwd_callback_userdata);
} else if (type == SSL_FILETYPE_ASN1) {
j = ERR_R_ASN1_LIB;
pkey = d2i_PrivateKey_bio(in, NULL);
} else {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (pkey == NULL) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
goto end;
}
ret = SSL_use_PrivateKey(ssl, pkey);
EVP_PKEY_free(pkey);
 end:
BIO_free(in);
return (ret);
}
-

were the red lines wrong? perhaps use this : 

pkey = PEM_read_bio_PrivateKey(in, NULL,
   ssl->default_passwd_callback,
   ssl->default_passwd_callback_userdata);



ldc...@163.com

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4694
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4693] Change EVP_aes_xxx_wrap to use FIPS crypto module in FIPS mode

[Kent Peacock via RT]

The FIPS certified 2.0.x crypto module does not incorporate the key wrap 
modes within the module boundary, and calls the local 
AES_{encrypt,decrypt} functions (which is, strictly speaking, a no-no). 
So, it's not using FIPS validated crypto. This patch provides a 
modification to use the appropriate underlying FIPS EVP_aes_..._ecb APIs 
which FIPS module to do the actual block-at-a-time encryption/decryption.

Kent

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4693
Please log in as guest with password guest if prompted

--- crypto/evp/e_aes.c.orig 2016-09-30 16:35:00.973857408 -0700
+++ crypto/evp/e_aes.c  2016-09-30 16:34:20.579119933 -0700
@@ -1920,10 +1920,7 @@
 EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
 #endif
 typedef struct {
-union {
-double align;
-AES_KEY ks;
-} ks;
+EVP_CIPHER_CTX aes_ctx;
 /* Indicates if IV has been set */
 unsigned char *iv;
 } EVP_AES_WRAP_CTX;
@@ -1935,10 +1932,22 @@
 if (!iv && !key)
 return 1;
 if (key) {
-if (ctx->encrypt)
-AES_set_encrypt_key(key, ctx->key_len * 8, >ks.ks);
-else
-AES_set_decrypt_key(key, ctx->key_len * 8, >ks.ks);
+const EVP_CIPHER *cipher;
+switch (ctx->key_len * 8) {
+case 128:
+cipher = EVP_aes_128_ecb();
+break;
+case 192:
+cipher = EVP_aes_192_ecb();
+break;
+case 256:
+cipher = EVP_aes_256_ecb();
+break;
+default:
+return 0;
+}
+EVP_CipherInit(>aes_ctx, cipher, key, NULL, ctx->encrypt);
+EVP_CIPHER_CTX_set_padding(>aes_ctx, 0);
 if (!iv)
 wctx->iv = NULL;
 }
@@ -1949,6 +1958,20 @@
 return 1;
 }
 
+static block128_f
+aes_wrap_encrypt(const unsigned char *in, unsigned char *out, const void *key)
+{
+int outlen;
+return EVP_EncryptUpdate(key, out, , in, 16);
+}
+
+static block128_f
+aes_wrap_decrypt(const unsigned char *in, unsigned char *out, const void *key)
+{
+int outlen;
+return EVP_DecryptUpdate(key, out, , in, 16);
+}
+
 static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inlen)
 {
@@ -1969,14 +1992,27 @@
 return inlen - 8;
 }
 if (ctx->encrypt)
-rv = CRYPTO_128_wrap(>ks.ks, wctx->iv, out, in, inlen,
- (block128_f) AES_encrypt);
+rv = CRYPTO_128_wrap(>aes_ctx, wctx->iv, out, in, inlen,
+ (block128_f) aes_wrap_encrypt);
 else
-rv = CRYPTO_128_unwrap(>ks.ks, wctx->iv, out, in, inlen,
-   (block128_f) AES_decrypt);
+rv = CRYPTO_128_unwrap(>aes_ctx, wctx->iv, out, in, inlen,
+   (block128_f) aes_wrap_decrypt);
 return rv ? (int)rv : -1;
 }
 
+static int aes_wrap_cleanup(EVP_CIPHER_CTX *c)
+{
+EVP_AES_WRAP_CTX *wctx = c->cipher_data;
+
+if (wctx) {
+EVP_CIPHER_CTX_cleanup(>aes_ctx);
+OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+OPENSSL_free(c->cipher_data);
+}
+memset(c, 0, sizeof(EVP_CIPHER_CTX));
+return 1;
+}
+
 #define WRAP_FLAGS  (EVP_CIPH_WRAP_MODE \
 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
@@ -1985,7 +2021,7 @@
 NID_id_aes128_wrap,
 8, 16, 8, WRAP_FLAGS,
 aes_wrap_init_key, aes_wrap_cipher,
-NULL,
+aes_wrap_cleanup,
 sizeof(EVP_AES_WRAP_CTX),
 NULL, NULL, NULL, NULL
 };
@@ -1999,7 +2035,7 @@
 NID_id_aes192_wrap,
 8, 24, 8, WRAP_FLAGS,
 aes_wrap_init_key, aes_wrap_cipher,
-NULL,
+aes_wrap_cleanup,
 sizeof(EVP_AES_WRAP_CTX),
 NULL, NULL, NULL, NULL
 };
@@ -2013,7 +2049,7 @@
 NID_id_aes256_wrap,
 8, 32, 8, WRAP_FLAGS,
 aes_wrap_init_key, aes_wrap_cipher,
-NULL,
+aes_wrap_cleanup,
 sizeof(EVP_AES_WRAP_CTX),
 NULL, NULL, NULL, NULL
 };
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4692] Change EVP_aes_xxx_wrap to use FIPS crypto module in FIPS mode

[Kent Peacock via RT]

The FIPS certified 2.0.x crypto module does not incorporate the key wrap 
modes within the module boundary, and calls the local 
AES_{encrypt,decrypt} functions (which is, strictly speaking, a no-no). 
So, it's not using FIPS validated crypto. This patch provides a 
modification to use the appropriate underlying FIPS EVP_aes_..._ecb APIs 
which use the FIPS module to do the actual block-at-a-time 
encryption/decryption.

Kent

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4692
Please log in as guest with password guest if prompted

--- crypto/evp/e_aes.c.orig 2016-09-30 16:35:00.973857408 -0700
+++ crypto/evp/e_aes.c  2016-09-30 16:34:20.579119933 -0700
@@ -1920,10 +1920,7 @@
 EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS)
 #endif
 typedef struct {
-union {
-double align;
-AES_KEY ks;
-} ks;
+EVP_CIPHER_CTX aes_ctx;
 /* Indicates if IV has been set */
 unsigned char *iv;
 } EVP_AES_WRAP_CTX;
@@ -1935,10 +1932,22 @@
 if (!iv && !key)
 return 1;
 if (key) {
-if (ctx->encrypt)
-AES_set_encrypt_key(key, ctx->key_len * 8, >ks.ks);
-else
-AES_set_decrypt_key(key, ctx->key_len * 8, >ks.ks);
+const EVP_CIPHER *cipher;
+switch (ctx->key_len * 8) {
+case 128:
+cipher = EVP_aes_128_ecb();
+break;
+case 192:
+cipher = EVP_aes_192_ecb();
+break;
+case 256:
+cipher = EVP_aes_256_ecb();
+break;
+default:
+return 0;
+}
+EVP_CipherInit(>aes_ctx, cipher, key, NULL, ctx->encrypt);
+EVP_CIPHER_CTX_set_padding(>aes_ctx, 0);
 if (!iv)
 wctx->iv = NULL;
 }
@@ -1949,6 +1958,20 @@
 return 1;
 }
 
+static block128_f
+aes_wrap_encrypt(const unsigned char *in, unsigned char *out, const void *key)
+{
+int outlen;
+return EVP_EncryptUpdate(key, out, , in, 16);
+}
+
+static block128_f
+aes_wrap_decrypt(const unsigned char *in, unsigned char *out, const void *key)
+{
+int outlen;
+return EVP_DecryptUpdate(key, out, , in, 16);
+}
+
 static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inlen)
 {
@@ -1969,14 +1992,27 @@
 return inlen - 8;
 }
 if (ctx->encrypt)
-rv = CRYPTO_128_wrap(>ks.ks, wctx->iv, out, in, inlen,
- (block128_f) AES_encrypt);
+rv = CRYPTO_128_wrap(>aes_ctx, wctx->iv, out, in, inlen,
+ (block128_f) aes_wrap_encrypt);
 else
-rv = CRYPTO_128_unwrap(>ks.ks, wctx->iv, out, in, inlen,
-   (block128_f) AES_decrypt);
+rv = CRYPTO_128_unwrap(>aes_ctx, wctx->iv, out, in, inlen,
+   (block128_f) aes_wrap_decrypt);
 return rv ? (int)rv : -1;
 }
 
+static int aes_wrap_cleanup(EVP_CIPHER_CTX *c)
+{
+EVP_AES_WRAP_CTX *wctx = c->cipher_data;
+
+if (wctx) {
+EVP_CIPHER_CTX_cleanup(>aes_ctx);
+OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+OPENSSL_free(c->cipher_data);
+}
+memset(c, 0, sizeof(EVP_CIPHER_CTX));
+return 1;
+}
+
 #define WRAP_FLAGS  (EVP_CIPH_WRAP_MODE \
 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
@@ -1985,7 +2021,7 @@
 NID_id_aes128_wrap,
 8, 16, 8, WRAP_FLAGS,
 aes_wrap_init_key, aes_wrap_cipher,
-NULL,
+aes_wrap_cleanup,
 sizeof(EVP_AES_WRAP_CTX),
 NULL, NULL, NULL, NULL
 };
@@ -1999,7 +2035,7 @@
 NID_id_aes192_wrap,
 8, 24, 8, WRAP_FLAGS,
 aes_wrap_init_key, aes_wrap_cipher,
-NULL,
+aes_wrap_cleanup,
 sizeof(EVP_AES_WRAP_CTX),
 NULL, NULL, NULL, NULL
 };
@@ -2013,7 +2049,7 @@
 NID_id_aes256_wrap,
 8, 32, 8, WRAP_FLAGS,
 aes_wrap_init_key, aes_wrap_cipher,
-NULL,
+aes_wrap_cleanup,
 sizeof(EVP_AES_WRAP_CTX),
 NULL, NULL, NULL, NULL
 };
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4691] Not sure where to report this...

[nwarner via RT]

Trying to upgrade to 1.1.0b (from 1.0.2h)

OS:FreeBSD 8.4 p4

Is this a show-stopper?

[by the way, let me know if there's a better venue for report install
issues]


Test Summary Report
---
../test/recipes/40-test_rehash.t (Wstat: 256 Tests: 5 Failed: 1)
  Failed test:  4
  Non-zero exit status: 1
Files=86, Tests=463, 173 wallclock secs ( 2.88 usr  0.66 sys + 154.93
cusr 20.34 csys = 178.80 CPU)
Result: FAIL
Failed 1/86 test programs. 1/463 subtests failed.
*** Error code 255

Stop in /usr/src/openssl-1.1.0b.
*** Error code 1

Stop in /usr/src/openssl-1.1.0b.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4691
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4690] Bug in OpenSSL 1.0.2j ssl_accept

[Michael Koch via RT]

Hallo Steve,

since the output comes from an in production system, we doesn't have 
debugging symbols there. I'll try to setup a second machine with the 
same configuration and use debugging symbols there.

Before upgrading to 1.0.2j we use 1.02h-r2 (each marked as "stable" in 
Gentoo portage tree).

The problem only comes sometimes (not reconstruteable).

Michael


Am 28.09.2016 um 23:15 schrieb Stephen Henson via RT:
> On Wed Sep 28 19:44:49 2016, mich...@michsoft.de wrote:
>> In addition to my message I send you my gdb backtrace:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x71413700 (LWP 13663)]
>> 0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
>> (gdb) backtrace
>> #0 0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
>> #1 0x76ef0ca0 in ssl3_get_client_hello () from
>> /usr/lib64/libssl.so.1.0.0
>> #2 0x76ef506f in ssl3_accept () from /usr/lib64/libssl.so.1.0.0
>> #3 0x76f04acf in ssl23_accept () from /usr/lib64/libssl.so.1.0.0
>> #4 0x779cafca in Thread_MCS_Networking_Listen (arg=0x6a2270) at
>> ./mcs_networking_threads.cpp:222
>> #5 0x7714c444 in start_thread () from /lib64/libpthread.so.0
>> #6 0x758fc4cd in clone () from /lib64/libc.so.6
>> (gdb)
>>
>>
>> It seems as if the crash happens in "sk_value()".
>>
> Which version of OpenSSL were you using before which didn't crash?
>
> Can you provide a backtrace with debugging symbols enabled?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>


-- 
Mit freundlichem Gruß

Michael Koch


MichSoft Consulting
Pappelweg 7
D - 29664 Walsrode

eMail michael.k...@michsoft.de
Internet http://www.michsoft.de

Phone  +49 (0) 5161 / 94 94 83 - 0
Fax+49 (0) 5161 / 94 94 83 - 5


Umsatzsteuer Identifikationsnummer
nach § 27 Umsatzsteuergesetz: DE 41 123 05752


Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann 
vertraulich oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht 
der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und 
vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist 
es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren 
Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle 
Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von 
uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede 
Haftung aus.

The information contained in this email is intended only for its addressee and 
may contain confidential and/or privileged information. If the reader of this 
email is not the intended recipient, you are hereby notified that reading, 
saving, distribution or use of the content of this email in any way is 
prohibited. If you have received this email in error, please notify the sender 
and delete the email. We use updated antivirus protection software. We do not 
accept any responsibility for damages caused anyhow by viruses transmitted via 
email.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4690
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4690] Bug in OpenSSL 1.0.2j ssl_accept

[Stephen Henson via RT]

On Wed Sep 28 19:44:49 2016, mich...@michsoft.de wrote:
> In addition to my message I send you my gdb backtrace:
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x71413700 (LWP 13663)]
> 0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> (gdb) backtrace
> #0 0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> #1 0x76ef0ca0 in ssl3_get_client_hello () from
> /usr/lib64/libssl.so.1.0.0
> #2 0x76ef506f in ssl3_accept () from /usr/lib64/libssl.so.1.0.0
> #3 0x76f04acf in ssl23_accept () from /usr/lib64/libssl.so.1.0.0
> #4 0x779cafca in Thread_MCS_Networking_Listen (arg=0x6a2270) at
> ./mcs_networking_threads.cpp:222
> #5 0x7714c444 in start_thread () from /lib64/libpthread.so.0
> #6 0x758fc4cd in clone () from /lib64/libc.so.6
> (gdb)
>
>
> It seems as if the crash happens in "sk_value()".
>

Which version of OpenSSL were you using before which didn't crash?

Can you provide a backtrace with debugging symbols enabled?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4690
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4689] Fwd: Bug in OpenSSL 1.0.2j ssl_accept

[Michael Koch via RT]

In addition to my message I send you my gdb backtrace:



Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x71413700 (LWP 13663)]
0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
(gdb) backtrace
#0  0x76ba4e87 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
#1  0x76ef0ca0 in ssl3_get_client_hello () from 
/usr/lib64/libssl.so.1.0.0
#2  0x76ef506f in ssl3_accept () from /usr/lib64/libssl.so.1.0.0
#3  0x76f04acf in ssl23_accept () from /usr/lib64/libssl.so.1.0.0
#4  0x779cafca in Thread_MCS_Networking_Listen (arg=0x6a2270) at 
./mcs_networking_threads.cpp:222
#5  0x7714c444 in start_thread () from /lib64/libpthread.so.0
#6  0x758fc4cd in clone () from /lib64/libc.so.6
(gdb)


It seems as if the crash happens in "sk_value()".



 Weitergeleitete Nachricht 
Betreff:Bug in OpenSSL 1.0.2j ssl_accept
Datum:  Wed, 28 Sep 2016 21:07:48 +0200
Von:Michael Koch 
Organisation:   MichSoft Consulting
An: r...@openssl.org



Hello,

on our Webserver Management Software, based von Gentoo Linux, den XML
REST Service which uses the OpenSSL Client library periodically crashed
with Signal 11 on ssl_accept since we have updated to Openssl 1.0.2j two
days ago.

Best regards from Germany.

-- 
Mit freundlichem Gruß

Michael Koch


MichSoft Consulting
Pappelweg 7
D - 29664 Walsrode

eMail michael.k...@michsoft.de
Internet http://www.michsoft.de

Phone  +49 (0) 5161 / 94 94 83 - 0
Fax+49 (0) 5161 / 94 94 83 - 5


Umsatzsteuer Identifikationsnummer
nach § 27 Umsatzsteuergesetz: DE 41 123 05752


Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann 
vertraulich oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht 
der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und 
vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist 
es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren 
Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle 
Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von 
uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede 
Haftung aus.

The information contained in this email is intended only for its addressee and 
may contain confidential and/or privileged information. If the reader of this 
email is not the intended recipient, you are hereby notified that reading, 
saving, distribution or use of the content of this email in any way is 
prohibited. If you have received this email in error, please notify the sender 
and delete the email. We use updated antivirus protection software. We do not 
accept any responsibility for damages caused anyhow by viruses transmitted via 
email.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4689
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4676] Error converting to p12 crt

[Salz, Rich via RT]

You did not cut/paste the command line properly because you wrote "-in -inkey" 
which is wrong.  Or maybe that is your error?



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4676
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4687] Bug in apps/req.c introduced in openssl 1.0.2i

[scott.open...@scottrix.co.uk via RT]

Hi,

When trying to generate a self signed certificate from a previously 
generate csr with the command line:

openssl req -x509 -key privkey.pem -in csr.pem -out selfsigned.pem

it now prompts for country code etc. which is stored in the CSR.  This 
change in behavior was introduced by:

commit fd7ca7465b67336b8950a505b6d2adee867a78f7
Author: Richard Levitte 
Date:   Mon Aug 22 15:22:17 2016 +0200

Make 'openssl req -x509' more equivalent to 'openssl req -new'

The following would fail, or rather, freeze:

openssl genrsa -out rsa2048.pem 2048
openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem

In that case, the second command wants to read a certificate request
from stdin, because -x509 wasn't fully flagged as being for creating
something new.  This changes makes it fully flagged.

RT#4655

Reviewed-by: Andy Polyakov 

My propsed patch is:

diff -Nru openssl-1.0.2i/apps/req.c openssl-1.0.2i-1/apps/req.c
--- openssl-1.0.2i/apps/req.c  2016-09-22 19:59:10.0 +0100
+++ openssl-1.0.2i-1/apps/req.c2016-09-27 17:37:07.917660064 +0100
@@ -787,7 +787,7 @@
 BIO_printf(bio_err, "-\n");
 }
 
-if (!newreq) {
+if (!newreq || (x509 && infile)) {
 /*
  * Since we are using a pre-existing certificate request, the 
  * kludge
  * 'format' info should not be changed.


Scott Harrison


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4687
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4688] bug since openssl1.0.1i

[Nitschke, Mario via RT]

Hello,

there is a bug in openssl since openssl1.0.1i

I am compiling under Solaris 10 with CC from SolarisStudio 12.3.

The problem is not the compiler, it is the implementation of the new test 
dtlstest.
I always did "make dclean" and up to openssl1.0.1h there was no problem, since 
openssl1.0.1i linking fails if doing "make dclean" before building.

This is what I have found out:

"make dclean"  deletes the new test file "test/ssltestlib.c"
"./config" creates "ssltest.c => dummytest.c" in test
And linking dtlstest fails with Linking Error because of there is a "main" 
function in dummitest.c also.

Errormessage:
ld: fatal: symbol 'main' is multiply-defined:
(file dtlstest.o type=FUNC; file ssltestlib.o type=FUNC);
ld: fatal: symbol '__fsr_init_value' is multiply-defined:
(file dtlstest.o type=NOTY; file ssltestlib.o type=NOTY);
ld: fatal: file processing errors. No output written to dtlstest
*** Error code 2

Kind regards



Mit freundlichen Grüßen
Mario Nitschke

IT-Systemadministrator

---
D-TRUST GmbH
Kommandantenstr. 15
10969 Berlin
GERMANY
Phone:  + 49 (0) 30  - 2593 91-730
Fax:+ 49 (0) 30  - 2593 91-778

m.nitsc...@d-trust.net
www.D-TRUST.net

Sitz der Gesellschaft: Berlin
Handelsregister:   AG Berlin-Charlottenburg HRB 74346.
Ust.-IdNr.:DE202620438
Geschäftsführer:   Heinz-Otto Meyn, Dr. Kim Nguyen

This message is intended only for the use of the individual or entity to which 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If the reader of this message 
is not the intended recipient, or the employee or agent responsible for 
delivering the message to the intended recipient, we hereby give notice that 
any dissemination, distribution or copying of this communication is strictly 
prohibited. If you have received this message in error, please delete the 
message and notify us immediately.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4688
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4685] [PATCH v2] Add missing prototype for FIPS callback

[Dr. Matthias St. Pierre via RT]

The call to FIPS_crypto_set_id_callback() was added in revision 
a43cfd7bb1fc681d563e,
but there is no prototype for it in .
---

Moved the function prototype upwards, because declarations can only be placed
at the top of a function in C.


 crypto/o_init.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/crypto/o_init.c b/crypto/o_init.c
index 185841e..18bb858 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -58,6 +58,11 @@
 #ifdef OPENSSL_FIPS
 # include 
 # include 
+
+# ifndef OPENSSL_NO_DEPRECATED
+/* the prototype is missing in  */
+void FIPS_crypto_set_id_callback(unsigned long (*func)(void));
+# endif
 #endif
 
 /*
-- 
2.7.3


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4685
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

[Richard Levitte via RT]

On Mon Sep 26 14:34:17 2016, rs...@akamai.com wrote:
> We have a fix waiting for internal review; see GitHub issue 1546.

That's not related to this issue.

Cheers,
Richard

--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

[Richard Levitte via RT]

That has already been fixed in the 1.0.2 branch, and is part of 1.0.2j, which
was released today.

Cheers,
Richard

On Mon Sep 26 14:32:31 2016, jan-markus.pumpa...@bittium.com wrote:
>
>
> Hi,
>
> When building the OpenSSL 1.0.2i with -DHAVE_CRYPTODEV flag the build
> will fail in crypto/engine/eng_cryptodev.c. I am using 64-bit Ubuntu
> 14.04 in my build machine with gcc toolchain.
>
> For me it looks like there has been a typo in the OPENSSL_malloc
> return value check. Attached patch solves the issue. Below is the
> original error message:
>
> | gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include
> -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
> -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -i/build/tmp/sysroots/x86_64-
> linux/usr/include -O2 -pipe -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV
> -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
> -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
> -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
> -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
> -ibuild/tmp/sysroots/x86_64-linux/usr/include -c -o eng_cryptodev.o
> eng_cryptodev.c
> | eng_cryptodev.c: In function 'cryptodev_digest_copy':
> | eng_cryptodev.c:942:23: error: 'struct dev_crypto_state' has no
> member named 'ac_data'
> | if (dstate->ac_data == NULL) {
> | ^
> | make[2]: *** [eng_cryptodev.o] Error 1
>
>
> Kind regards,
> Jan-Markus Pumpanen
>
> 
> Please note: This e-mail may contain confidential information
> intended solely for the addressee. If you have received this
> e-mail in error, please do not disclose it to anyone, notify
> the sender promptly, and delete the message from your system.
> Thank you.


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

[Salz, Rich via RT]

We have a fix waiting for internal review; see GitHub issue 1546.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4686] [BUG] Failure to compile if HAVE_CRYPTODEV is defined in OpenSSL 1.0.2i

[Pumpanen Jan-Markus via RT]

Hi,

When building the OpenSSL 1.0.2i with -DHAVE_CRYPTODEV flag the build will fail 
in crypto/engine/eng_cryptodev.c. I am using 64-bit Ubuntu 14.04 in my build 
machine with gcc toolchain. 

For me it looks like there has been a typo in the OPENSSL_malloc return value 
check. Attached patch solves the issue. Below is the original error message:

| gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -fPIC 
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H 
-DL_ENDIAN  -DTERMIO -i/build/tmp/sysroots/x86_64-linux/usr/include -O2 
-pipe -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM 
-DECP_NISTZ256_ASM -ibuild/tmp/sysroots/x86_64-linux/usr/include  -c -o 
eng_cryptodev.o eng_cryptodev.c
| eng_cryptodev.c: In function 'cryptodev_digest_copy':
| eng_cryptodev.c:942:23: error: 'struct dev_crypto_state' has no member named 
'ac_data'
|  if (dstate->ac_data == NULL) {
|^
| make[2]: *** [eng_cryptodev.o] Error 1


Kind regards,
Jan-Markus Pumpanen


Please note: This e-mail may contain confidential information
intended solely for the addressee. If you have received this
e-mail in error, please do not disclose it to anyone, notify
the sender promptly, and delete the message from your system.
Thank you.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4686
Please log in as guest with password guest if prompted

--- clean-openssl-1.0.2i/crypto/engine/eng_cryptodev.c	2016-09-22 13:23:06.0 +0300
+++ openssl-1.0.2i/crypto/engine/eng_cryptodev.c	2016-09-26 16:07:24.724568163 +0300
@@ -939,7 +939,7 @@
 if (fstate->mac_len != 0) {
 if (fstate->mac_data != NULL) {
 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-if (dstate->ac_data == NULL) {
+if (dstate->mac_data == NULL) {
 printf("cryptodev_digest_init: malloc failed\n");
 return 0;
 }
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4685] [PATCH] Add missing prototype for FIPS callback

[Dr. Matthias St. Pierre via RT]

The call to FIPS_crypto_set_id_callback() was added in revision 
a43cfd7bb1fc681d563e,
but there is no prototype for it in .
---

This leads to warnings on some platforms (e.g. x86_64-ncp-linux-gnu-gcc):
o_init.c:77:5: warning: implicit declaration of function 
'FIPS_crypto_set_id_callback' [-Wimplicit-function-declaration]

and to an error on iOS (clang -arch arm64):
o_init.c:77:5: error: implicit declaration of function 
'FIPS_crypto_set_id_callback' is invalid in C99 
[-Werror,-Wimplicit-function-declaration]


 crypto/o_init.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/o_init.c b/crypto/o_init.c
index 185841e..a399318 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -74,6 +74,8 @@ void OPENSSL_init(void)
 #ifdef OPENSSL_FIPS
 FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
 # ifndef OPENSSL_NO_DEPRECATED
+/* the prototype is missing in  */
+void FIPS_crypto_set_id_callback(unsigned long (*func)(void));
 FIPS_crypto_set_id_callback(CRYPTO_thread_id);
 # endif
 FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-- 
2.7.3


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4685
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4684] Potential problem with OPENSSL_cleanse

[Salz, Rich via RT]

We do have assembler versions for most CPI's.

Closing ticket.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4684
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4684] Potential problem with OPENSSL_cleanse

[Kurt Roeckx via RT]

Hi,

Please read:
http://www.metzdowd.com/pipermail/cryptography/2016-September/030151.html

We use the same construct for our OPENSSL_cleanse, but I think we
also have assmebler versions.


Kurt


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4684
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4256] CA.pl usage() does not mention -signcert

[Kurt Roeckx via RT]

On Tue, Jan 19, 2016 at 07:25:04PM +, Kaduk, Ben via RT wrote:
> Part of the patch submitted to RT #844 includes a patch to the usage
> message of CA.pl.  Although the functionality itself of CA.pl was
> rewritten for 1.1 (so that #844 was closed), the usage message remains
> incomplete, and Debian continues to apply a local patch to add the usage.
> 
> So, as mentioned in the closing message of #844, this is a new ticket
> for this lingering issue.

It seems this was partially fixed in the 1.0.2 version.  But there
are 2 places it shows the usage, and only 1 of the 2 was updated.


Kurt


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4256
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4682] PKITS tests fails with 1.0.2i on GNU/Linux

[Rich Salz via RT]

Duplicate of https://github.com/openssl/openssl/issues/1611

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4682
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4683] [BUG] Failure running openssl speed ecdh in master branch

[Linsell, StevenX via RT]

Running against master branch (commit 39c136cc53d7b6fafdd1a0b52c035fd24358e01c 
- Updates CHANGES and NEWS for new release) we see a failure when running 
openssl speed with the ecdh parameter:

./openssl speed ecdh
Doing 160 bit  ecdh's for 10s: 35676 160-bit ECDH ops in 9.98s
Doing 192 bit  ecdh's for 10s: 29928 192-bit ECDH ops in 9.98s
Doing 224 bit  ecdh's for 10s: 21881 224-bit ECDH ops in 9.98s
Doing 256 bit  ecdh's for 10s: 91839 256-bit ECDH ops in 9.98s
Doing 384 bit  ecdh's for 10s: 9642 384-bit ECDH ops in 9.98s
Doing 521 bit  ecdh's for 10s: 4737 521-bit ECDH ops in 9.98s
Doing 163 bit  ecdh's for 10s: 32911 163-bit ECDH ops in 9.98s
Doing 233 bit  ecdh's for 10s: 25740 233-bit ECDH ops in 9.98s
Doing 283 bit  ecdh's for 10s: 14392 283-bit ECDH ops in 9.98s
Doing 409 bit  ecdh's for 10s: 9203 409-bit ECDH ops in 9.98s
Doing 571 bit  ecdh's for 10s: 3866 571-bit ECDH ops in 9.98s
Doing 163 bit  ecdh's for 10s: 31212 163-bit ECDH ops in 9.98s
Doing 233 bit  ecdh's for 10s: 24564 233-bit ECDH ops in 9.98s
Doing 283 bit  ecdh's for 10s: 13510 283-bit ECDH ops in 9.97s
Doing 409 bit  ecdh's for 10s: 8603 409-bit ECDH ops in 9.98s
Doing 571 bit  ecdh's for 10s: 3572 571-bit ECDH ops in 9.98s
ECDH failure.
140194445354752:error:100AE081:elliptic curve 
routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:3100:
140194445354752:error:100AE081:elliptic curve 
routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:3100:
OpenSSL 1.1.1-dev  xx XXX 

This bug appears to have been introduced by the recent refactoring of X25519.
I'm not up to speed on the X25519 curve refactoring and how that curve should 
be used from the libCrypto interfaces now, so I'm not sure how this issue 
should be resolved. I could have made a pull request to just remove X25519 from 
the tested curves but that seemed to be a retrograde step.
Let me know if that is the route you would like to take and I can submit a pull 
request for that if you like.

Kind Regards,

Steve Linsell   
Intel Shannon DCG/CID Software Development Team
stevenx.lins...@intel.com

--
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263


This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4683
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4682] PKITS tests fails with 1.0.2i on GNU/Linux

[Bruce Stephens via RT]

The problem appears to be 325da823, x509_vfy.c line 1132.

best_score starts at 0 (from get_crl_delta's crl_score, initialised to
0), and (for whatever reason) crl_score also turns out to be 0. So

if (ASN1_TIME_diff(, , X509_CRL_get_lastUpdate(best_crl),
   X509_CRL_get_lastUpdate(crl)) == 0)

segfaults (best_crl is NULL).

The test (and the other tests) seem to pass if I change the
initialisation in get_crl_delta:

int crl_score = -1;

I find this with test 4.4.19 specifically (with our own code which uses
OpenSSL), but actually pkits-test.pl shows segfaulting for many tests,
and this is resolved with the above change (the return codes seem to be
different causing the script to report failure, but I suspect that's
just the script needing updating).


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4682
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4681] X.509 load method

[Roumen Petrov via RT]

This is an enhancement request.

OpenSSL 1.1 hides details of structures used to load X.509 certificates, 
in particular - x509_lookup_method_st , x509_lookup_st and x509_object_st.
This impact non OpenSSL projects as external application has to 
duplicated those structures.

Request is OpenSSL do not change those structures until new 
implementation in a binary incompatible release.


It seems to me current look-up method is quite complex.
For instance get_by_subject performs two main steps load and query - see 
"by_dir".
In first step code using "query constraint" fetch data and adds each 
item found to store. Update of store requires thread lock.
In second step code query entire store using "query constraint" and 
prepare result. Query of store requires thread lock.

I guess that could be used more simple "callback" model - a method with 
callback context.
Method fetch data, return only item (certificate, CRL, etc.) on each 
call and so until end of data.
With this model library is responsible to update store and to prepare 
result. Lock of store could be managed internally.


Regards,
Roumen


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4681
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

[Richard Levitte via RT]

Fix in place in master, OpenSSL_1_1_0-stable and OpenSSL_1_0_2-stable

Closing ticket.

Cheers,
Richard

On Fri Sep 02 14:57:41 2016, rs...@akamai.com wrote:
> Yeah, something like that for 1.0.2; simpler for 1.1.0. I'll do it.
>


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4669
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4680] new_session_callback issue.

[ELHARRAR via RT]

Sorry it is not a bug. It was a mistake in my code. 
I just want to know when exactly the callbacks new and get are called when I 
work with external caching. 
Thanks 
Mikael

Sent from my iPhone

> On 20 Sep 2016, at 1:38 PM, The default queue via RT <r...@openssl.org> wrote:
> 
>  [openssl.org #4680]


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4680
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4679] Bug: The 'test4' in openssl-1.0.2h/test/hmactest.c dumped core in FIPS mode

[Ziyan Zhou via RT]

Hi,

When I was trying run the test code openssl-1.0.2h/test/hmactest.c in 
FIPS mode, I got SIGSEGV.
I did following changes to run it in FIPS mode.
a) Added FIPS_mode_set(1);
b) Commented out the test 1 ~ test 3 since MD5 is not supported in FIPS 
mode.
c) I renamed hmactest.c to hmactest_changed_for_test4_in_fips.c

OpenSSL version: 1.0.2h
OpenSSL FIPS version: 2.0.12
OS: CentOS 6.7

I compiled it like this:
# gcc -I /usr/local/ssl/include/ -L /usr/local/ssl/lib/ -lcrypto 
-Wl,-rpath=/usr/local/ssl/lib/ hmactest_changed_for_test4_in_fips.c
(The e_os.h is at same directory with hmactest.c)

Output from gdb:
(gdb)
192if (HMAC_Init_ex(, NULL, 0, NULL, NULL)) {
(gdb)
197if (HMAC_Update(, test[4].data, test[4].data_len)) {
(gdb)
Program received signal SIGSEGV, Segmentation fault.


This issue could be reproduced with the attached 
hmactest_changed_for_test4_in_fips.c

Thanks,
Ziyan

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4679
Please log in as guest with password guest if prompted

/* crypto/hmac/hmactest.c */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (e...@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (t...@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *notice, this list of conditions and the following disclaimer in the
 *documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *must display the following acknowledgement:
 *"This product includes cryptographic software written by
 * Eric Young (e...@cryptsoft.com)"
 *The word 'cryptographic' can be left out if the rouines from the library
 *being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *the apps directory (application code) you must include an acknowledgement:
 *"This product includes software written by Tim Hudson (t...@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include 
#include 
#include 

#include "e_os.h"

#ifdef OPENSSL_NO_HMAC
int main(int argc, char *argv[])
{
printf("No HMAC support\n");
return (0);
}
#else
# include 
# ifndef OPENSSL_NO_MD5
#  include 
# endif

# ifdef CHARSET_EBCDIC
#  include 
# endif

# ifndef OPENSSL_NO_MD5
static struct test_st {
unsigned char key[16];
int key_len;
unsigned char data[64];
int data_len;
unsigned char *digest;
} test[8] = {
{
"", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
},
{
{
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
}, 16, "Hi There", 8,
  

[openssl-dev] [openssl.org #4680] new_session_callback issue.

[ELHARRAR via RT]

Hi OpenSSL team,


A simple question:


I wrote a proof of concept in order to use external cache for session id.

In my POC I used openssl version 1.1.0 and all seemed OK. I mean, as server, 
the new_session callback was called as expected (at the first connection) and 
then the get_session callback, when the client send me an non empty session id 
in client hello.


When I want to introduce this code in our real project, which uses openssl 
1.0.2e, I see that at the first connection (when the session id in client hello 
is empty), the server does not call the new_session callback. Then it send a 
session id in server hello, and at the reuse (when session id is not empty in 
client hello) it call get_session and because the session was not cached, it 
call new_session callback because it generate a new session.


Do you know something about this issue ?


Thanks

Mikael


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4680
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4678] Bug: the 'dhtest_rfc5114_2048_224_bad_y' in dhtest.c didn't fail in FIPS mode

[Ziyan Zhou via RT]

Hi,

The test case openssl-1.0.2h/test/dhtest.c failed when running in FIPS 
mode, because the BAD test vector 'dhtest_rfc5114_2048_224_bad_y' didn't 
fail.
I found this issue when I was trying to run regular OpenSSL test code in 
FIPS mode.

OpenSSL version: 1.0.2
OpenSSL fips version: 2.0.12
OS: CentOS release 6.7 (Final)


Before building the dhtest.c, I did some code changes.
[STEP 1]
Calling FIPS_mode_set(1); in dhtest.c

[STEP 2]
Modifying the 'prime_len' of DH_generate_parameters_ex (line 128) to 
1024 bits since the minimal bit for FIPS mode is 1024-bit.

[STEP 3]
# gcc -I /usr/local/ssl/include/ -L /usr/local/ssl/lib/ -lcrypto 
-Wl,-rpath=/usr/local/ssl/lib/ dhtest.c

[STEP 4]

# ./a.out
..+...
...

RFC5114 parameter test 1 OK
RFC5114 parameter test 2 OK
RFC5114 parameter test 3 OK
Test failed RFC5114 set 4

The expected return value of DH_compute_key(Z1, bady, dhA); is -1, but I 
got 256.

Thanks,
Ziyan



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4678
Please log in as guest with password guest if prompted



smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4677] Options after parameters are ignored in OpenSSL 1.1.0

[Richard Levitte via RT]

On Sat Sep 17 17:54:11 2016, pe...@lekensteyn.nl wrote:
> Hi,
>
> Commands which execute normally with OpenSSL 1.0.2h fail in OpenSSL
> 1.1.0. Presumably after the "Big apps cleanup (option-parsing, etc)",
>
> Options after parameters are no longer interpreted. For example,
> 'openssl dhparam 128 -out /dev/null' used to discard the DH params
> output, but since 1.0.2 it no longer happens.

You're right. There should at least be a warning

> I also noticed that 'openssl genrsa -help' no longer displays the
> 'numbits' option.

Good point.

I'll have a closer look at this and the other commands in the next few days.

Cheers,
Richard

--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4677
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4677] Options after parameters are ignored in OpenSSL 1.1.0

[Peter Wu via RT]

Hi,

Commands which execute normally with OpenSSL 1.0.2h fail in OpenSSL
1.1.0. Presumably after the "Big apps cleanup (option-parsing, etc)",

Options after parameters are no longer interpreted. For example,
'openssl dhparam 128 -out /dev/null' used to discard the DH params
output, but since 1.0.2 it no longer happens.

I also noticed that 'openssl genrsa -help' no longer displays the
'numbits' option.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4677
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables

[Georg Höllrigl via RT]

Hello,

I found a working configuration now.
I could not find that when searching fort he problem.

Nevertheless, it still feels somehow not working as expected.

Thank you very much for pointing me in the right direction and sorry for 
bothering you.

Georg

-Ursprüngliche Nachricht-
Von: Stephen Henson via RT [mailto:r...@openssl.org] 
Gesendet: Freitag, 16. September 2016 16:18
An: georg.hoellr...@gmx.at
Cc: openssl-dev@openssl.org
Betreff: [openssl.org #4675] Bug: Parsing Configuration that contains System 
Variables

On Fri Sep 16 13:54:00 2016, georg.hoellr...@gmx.at wrote:
>
> As long as $SAN is unset I get
> openssl version
> 6870300:error:0E065068:configuration file routines:STR_COPY:variable 
> has no value:conf_def.c:618:line 17
>

This is expected and documented behaviour: see config manual page for details.

If you want a non existent environment variable to have a default value you can 
use the default section to define it. Again see config manual page and examples 
for details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4675
Please log in as guest with password guest if prompted


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4675
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables

[Stephen Henson via RT]

On Fri Sep 16 13:54:00 2016, georg.hoellr...@gmx.at wrote:
>
> As long as $SAN is unset I get
> openssl version
> 6870300:error:0E065068:configuration file routines:STR_COPY:variable has no
> value:conf_def.c:618:line 17
>

This is expected and documented behaviour: see config manual page for details.

If you want a non existent environment variable to have a default value you can
use the default section to define it. Again see config manual page and examples
for details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4675
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables

[Georg Höllrigl via RT]

Hello,

I think there is a bug in the config file parsing code.

Configuration:
---
openssl version -a
OpenSSL 1.0.1k 8 Jan 2015 (Library: OpenSSL 1.0.1g 7 Apr 2014)
built on: Tue Apr  8 11:04:36 CEST 2014
platform: Cygwin
options:  bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -D_WINDLL -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS  -DDSO_DLFCN
-DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486
-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/ssl"
---

Changed Config File to
---
cat /usr/ssl/openssl.cnf
[req]
promt=no
distinguished_name=dn
default_md=sha256
default_bits=2048
req_extensions=alt_names

[dn]
C=AT
ST=SomeState
L=MyLocation
O="Test"
OU="Test"
E="t...@example.com"

[alt_names]
subjectAltName=${ENV::SAN}
---

As long as $SAN is unset I get
openssl version
6870300:error:0E065068:configuration file routines:STR_COPY:variable has no
value:conf_def.c:618:line 17

Setting an empty variable, fixes the problem:

export SAN="" && openssl version
OpenSSL 1.0.1k 8 Jan 2015 (Library: OpenSSL 1.0.1g 7 Apr 2014)

Expected beahviour: Such a configuration file should also work when it
contains an empty variable.

I've tested this behaivor on different systems and with different verison.

Kind Regards,
Georg


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4675
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Richard Levitte via RT]

And finally got committed to master, with all suggested fixups.

Closing this ticket.

Cheers,
Richard

On Wed Sep 14 02:09:15 2016, levitte wrote:
> Issue 2 is implemented in https://github.com/openssl/openssl/pull/1572
>
> Please try it out.
>
> Cheers,
> Richard
>
> On Tue Sep 13 22:32:37 2016, levitte wrote:
> > Issue 1 now resolved, fix pushed to master branch as well as
> > OpenSSL_1_1_0-stable.
> >
> > Issue 2 remaining.
> >
> > Cheers,
> > Richard
> >
> > On Tue Sep 13 20:32:18 2016, levitte wrote:
> > > I can confirm issue one and raise you one: it's not just on Windows
> > >
> > > On it.
> > >
> > > Cheers,
> > > Richard
> > >
> > > On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> > > > This may be two requests, one a bug and one a feature request.
> > > >
> > > > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5
> > > > passwords
> > > > (-1 / -apr1), returns "". I haven't tested other platforms.
> > > > See
> > > > output below.
> > > >
> > > > Issue 2: openssl 1.1.0 passwd doesn't support newer password
> > > > hashing
> > > > algorithms used by unix / linux platforms. This limitation may
> > > > force
> > > > people to use weaker password storage than possible, for example if
> > > > generating crypts using openssl passwd to feed into usermod -p.
> > > > Please add
> > > > support for password types 5 (SHA-256) and 6 (SHA-512).
> > > >
> > > > http://man7.org/linux/man-pages/man3/crypt.3.html
> > > >
> > > > ID | Method
> > > > ─
> > > > 1 | MD5
> > > > 2a | Blowfish (not in mainline glibc; added in some
> > > > | Linux distributions)
> > > > 5 | SHA-256 (since glibc 2.7)
> > > > 6 | SHA-512 (since glibc 2.7)
> > > >
> > > >
> > > > Issue 1: collateral:
> > > >
> > > > Working in OpenSSL 1.0.2.h:
> > > > D:\>openssl version
> > > > OpenSSL 1.0.2h 3 May 2016
> > > >
> > > > D:\>openssl passwd -apr1 password
> > > > $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
> > > >
> > > > D:\>openssl passwd -1 password
> > > > $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
> > > >
> > > > Compiled Openssl 1.1.0:
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > OpenSSL 1.1.0 25 Aug 2016
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > OpenSSL 1.1.0 25 Aug 2016
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> > > > UZ8kfkzdGoYTQ
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> > > > 
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> > > > 
> > > >
> > > > (To show that MD5 wasn't compiled out):
> > > >
> > > > D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> > > > Usage: passwd [options]
> > > > Valid options are:
> > > > -help Display this summary
> > > > -in infile Pead passwords from file
> > > > -noverify Never verify when reading password from terminal
> > > > -quiet No warnings
> > > > -table Format output as table
> > > > -reverse Switch table columns
> > > > -salt val Use provided salt
> > > > -stdin Read passwords from stdin
> > > > -apr1 MD5-based password algorithm, Apache variant
> > > > -1 MD5-based password algorithm
> > > > -crypt Standard Unix password algorithm (default)
> > >
> > >
> > > --
> > > Richard Levitte
> > > levi...@openssl.org
> >
> >
> > --
> > Richard Levitte
> > levi...@openssl.org
>
>
> --
> Richard Levitte
> levi...@openssl.org


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Richard Levitte via RT]

Done!

On Wed Sep 14 03:16:11 2016, bkhow...@gmail.com wrote:
> Richard,
> I had taken a crack at this and got to the point of actually
> needing
> sha2crypt(). I compared your changes to mine, which is all pretty
> predictable so matched line by line. The only exception is 203, which
> is
> because it's entirely redundant as the max_pwlen defaults to 256.
>
> So maybe:
>
> - else if (use1 || useapr1)
> + else if (use1 || useapr1 || use5 || use6)
>
> or
>
> - else if (use1 || useapr1)
> - pw_maxlen = 256; /* arbitrary limit, should be enough
> for
> most
> - * passwords */
>
> Cheers,
> Brian
>
>
> On Tue, Sep 13, 2016 at 10:57 PM, Brian Howson <bkhow...@gmail.com>
> wrote:
>
> > Thanks Richard,
> > Quick work on issue 1, I git cloned & tested it, works as
> > expected.
> > I downloaded the pull above, built it and it appears to work.
> >
> > I found test vectors in the specification document here:
> > https://www.akkadia.org/drepper/sha-crypt.html
> >
> >
> > openssl passwd -5 -salt saltstring "Hello world!" | find
> > "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"
> >
> > openssl passwd -6 -salt saltstring "Hello world!" | find
> > "$6$saltstring$
> > svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBF
> > dcbYEdFCoEOfaS35inz1"
> >
> >
> > So looks good. One suggestion is to re-order the help output so it's
> > in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's
> > minor.
> >
> >
> > Cheers,
> > Brian
> >
> > On Tue, Sep 13, 2016 at 10:09 PM, Richard Levitte via RT
> > <r...@openssl.org>
> > wrote:
> >
> >> Issue 2 is implemented in
> >> https://github.com/openssl/openssl/pull/1572
> >>
> >> Please try it out.
> >>
> >> Cheers,
> >> Richard
> >>
> >> On Tue Sep 13 22:32:37 2016, levitte wrote:
> >> > Issue 1 now resolved, fix pushed to master branch as well as
> >> > OpenSSL_1_1_0-stable.
> >> >
> >> > Issue 2 remaining.
> >> >
> >> > Cheers,
> >> > Richard
> >> >
> >> > On Tue Sep 13 20:32:18 2016, levitte wrote:
> >> > > I can confirm issue one and raise you one: it's not just on
> >> > > Windows
> >> > >
> >> > > On it.
> >> > >
> >> > > Cheers,
> >> > > Richard
> >> > >
> >> > > On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> >> > > > This may be two requests, one a bug and one a feature request.
> >> > > >
> >> > > > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate
> >> > > > MD5
> >> > > > passwords
> >> > > > (-1 / -apr1), returns "". I haven't tested other
> >> > > > platforms.
> >> > > > See
> >> > > > output below.
> >> > > >
> >> > > > Issue 2: openssl 1.1.0 passwd doesn't support newer password
> >> > > > hashing
> >> > > > algorithms used by unix / linux platforms. This limitation may
> >> > > > force
> >> > > > people to use weaker password storage than possible, for
> >> > > > example if
> >> > > > generating crypts using openssl passwd to feed into usermod
> >> > > > -p.
> >> > > > Please add
> >> > > > support for password types 5 (SHA-256) and 6 (SHA-512).
> >> > > >
> >> > > > http://man7.org/linux/man-pages/man3/crypt.3.html
> >> > > >
> >> > > > ID | Method
> >> > > > ─
> >> > > > 1 | MD5
> >> > > > 2a | Blowfish (not in mainline glibc; added in some
> >> > > > | Linux distributions)
> >> > > > 5 | SHA-256 (since glibc 2.7)
> >> > > > 6 | SHA-512 (since glibc 2.7)
> >> > > >
> >> > > >
> >> > > > Issue 1: collateral:
> >> > > >
> >> > > > Working in OpenSSL 1.0.2.h:
> >> > > > D:\>openssl version
> >> > > > OpenSSL 1.0.2h 3 May 2016
> >> > > >
> >> > > > D:\>openssl passwd -apr1 password
> >>

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Richard Levitte via RT]

Those test vectors are already in test/recipes/20-test_passwd.t

On Wed Sep 14 02:58:09 2016, bkhow...@gmail.com wrote:
> Thanks Richard,
> Quick work on issue 1, I git cloned & tested it, works as
> expected.
> I downloaded the pull above, built it and it appears to work.
>
> I found test vectors in the specification document here:
> https://www.akkadia.org/drepper/sha-crypt.html
>
>
> openssl passwd -5 -salt saltstring "Hello world!" | find
> "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"
>
> openssl passwd -6 -salt saltstring "Hello world!" | find
>
"$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1"
>
>
> So looks good. One suggestion is to re-order the help output so it's
> in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's
> minor.
>
>
> Cheers,
> Brian
>
> On Tue, Sep 13, 2016 at 10:09 PM, Richard Levitte via RT
> <r...@openssl.org>
> wrote:
>
> > Issue 2 is implemented in
> > https://github.com/openssl/openssl/pull/1572
> >
> > Please try it out.
> >
> > Cheers,
> > Richard
> >
> > On Tue Sep 13 22:32:37 2016, levitte wrote:
> > > Issue 1 now resolved, fix pushed to master branch as well as
> > > OpenSSL_1_1_0-stable.
> > >
> > > Issue 2 remaining.
> > >
> > > Cheers,
> > > Richard
> > >
> > > On Tue Sep 13 20:32:18 2016, levitte wrote:
> > > > I can confirm issue one and raise you one: it's not just on
> > > > Windows
> > > >
> > > > On it.
> > > >
> > > > Cheers,
> > > > Richard
> > > >
> > > > On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> > > > > This may be two requests, one a bug and one a feature request.
> > > > >
> > > > > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate
> > > > > MD5
> > > > > passwords
> > > > > (-1 / -apr1), returns "". I haven't tested other
> > > > > platforms.
> > > > > See
> > > > > output below.
> > > > >
> > > > > Issue 2: openssl 1.1.0 passwd doesn't support newer password
> > > > > hashing
> > > > > algorithms used by unix / linux platforms. This limitation may
> > > > > force
> > > > > people to use weaker password storage than possible, for
> > > > > example if
> > > > > generating crypts using openssl passwd to feed into usermod -p.
> > > > > Please add
> > > > > support for password types 5 (SHA-256) and 6 (SHA-512).
> > > > >
> > > > > http://man7.org/linux/man-pages/man3/crypt.3.html
> > > > >
> > > > > ID | Method
> > > > > ─
> > > > > 1 | MD5
> > > > > 2a | Blowfish (not in mainline glibc; added in some
> > > > > | Linux distributions)
> > > > > 5 | SHA-256 (since glibc 2.7)
> > > > > 6 | SHA-512 (since glibc 2.7)
> > > > >
> > > > >
> > > > > Issue 1: collateral:
> > > > >
> > > > > Working in OpenSSL 1.0.2.h:
> > > > > D:\>openssl version
> > > > > OpenSSL 1.0.2h 3 May 2016
> > > > >
> > > > > D:\>openssl passwd -apr1 password
> > > > > $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
> > > > >
> > > > > D:\>openssl passwd -1 password
> > > > > $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
> > > > >
> > > > > Compiled Openssl 1.1.0:
> > > > >
> > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > > OpenSSL 1.1.0 25 Aug 2016
> > > > >
> > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > > OpenSSL 1.1.0 25 Aug 2016
> > > > >
> > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> > > > > UZ8kfkzdGoYTQ
> > > > >
> > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> > > > > 
> > > > >
> > > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> > > > > 
> > > > >
> > > > > (To show that MD5 wasn't compiled out):
> > > > >
> > > > > D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> > > > > Usage: passwd [options]
> > > > > Valid options are:
> > > > > -help Display this summary
> > > > > -in infile Pead passwords from file
> > > > > -noverify Never verify when reading password from terminal
> > > > > -quiet No warnings
> > > > > -table Format output as table
> > > > > -reverse Switch table columns
> > > > > -salt val Use provided salt
> > > > > -stdin Read passwords from stdin
> > > > > -apr1 MD5-based password algorithm, Apache variant
> > > > > -1 MD5-based password algorithm
> > > > > -crypt Standard Unix password algorithm (default)
> > > >
> > > >
> > > > --
> > > > Richard Levitte
> > > > levi...@openssl.org
> > >
> > >
> > > --
> > > Richard Levitte
> > > levi...@openssl.org
> >
> >
> > --
> > Richard Levitte
> > levi...@openssl.org
> >
> > --
> > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
> > Please log in as guest with password guest if prompted
> >
> >


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Brian Howson via RT]

Richard,
  I had taken a crack at this and got to the point of actually needing
sha2crypt().  I compared your changes to mine, which is all pretty
predictable so matched line by line.  The only exception is 203, which is
because it's entirely redundant as the max_pwlen defaults to 256.

So maybe:

-else if (use1 || useapr1)
+else if (use1 || useapr1 || use5 || use6)

or

-else if (use1 || useapr1)
-pw_maxlen = 256;/* arbitrary limit, should be enough for
most
- * passwords */

Cheers,
Brian


On Tue, Sep 13, 2016 at 10:57 PM, Brian Howson <bkhow...@gmail.com> wrote:

> Thanks Richard,
> Quick work on issue 1, I git cloned & tested it, works as expected.
> I downloaded the pull above, built it and it appears to work.
>
> I found test vectors in the specification document here:
>  https://www.akkadia.org/drepper/sha-crypt.html
>
>
> openssl passwd -5 -salt saltstring "Hello world!" | find
> "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"
>
> openssl passwd -6 -salt saltstring "Hello world!" | find "$6$saltstring$
> svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBF
> dcbYEdFCoEOfaS35inz1"
>
>
> So looks good.  One suggestion is to re-order the help output so it's
> in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's minor.
>
>
> Cheers,
> Brian
>
> On Tue, Sep 13, 2016 at 10:09 PM, Richard Levitte via RT <r...@openssl.org>
> wrote:
>
>> Issue 2 is implemented in https://github.com/openssl/openssl/pull/1572
>>
>> Please try it out.
>>
>> Cheers,
>> Richard
>>
>> On Tue Sep 13 22:32:37 2016, levitte wrote:
>> > Issue 1 now resolved, fix pushed to master branch as well as
>> > OpenSSL_1_1_0-stable.
>> >
>> > Issue 2 remaining.
>> >
>> > Cheers,
>> > Richard
>> >
>> > On Tue Sep 13 20:32:18 2016, levitte wrote:
>> > > I can confirm issue one and raise you one: it's not just on Windows
>> > >
>> > > On it.
>> > >
>> > > Cheers,
>> > > Richard
>> > >
>> > > On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
>> > > > This may be two requests, one a bug and one a feature request.
>> > > >
>> > > > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5
>> > > > passwords
>> > > > (-1 / -apr1), returns "". I haven't tested other platforms.
>> > > > See
>> > > > output below.
>> > > >
>> > > > Issue 2: openssl 1.1.0 passwd doesn't support newer password
>> > > > hashing
>> > > > algorithms used by unix / linux platforms. This limitation may
>> > > > force
>> > > > people to use weaker password storage than possible, for example if
>> > > > generating crypts using openssl passwd to feed into usermod -p.
>> > > > Please add
>> > > > support for password types 5 (SHA-256) and 6 (SHA-512).
>> > > >
>> > > > http://man7.org/linux/man-pages/man3/crypt.3.html
>> > > >
>> > > > ID | Method
>> > > > ─
>> > > > 1 | MD5
>> > > > 2a | Blowfish (not in mainline glibc; added in some
>> > > > | Linux distributions)
>> > > > 5 | SHA-256 (since glibc 2.7)
>> > > > 6 | SHA-512 (since glibc 2.7)
>> > > >
>> > > >
>> > > > Issue 1: collateral:
>> > > >
>> > > > Working in OpenSSL 1.0.2.h:
>> > > > D:\>openssl version
>> > > > OpenSSL 1.0.2h 3 May 2016
>> > > >
>> > > > D:\>openssl passwd -apr1 password
>> > > > $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
>> > > >
>> > > > D:\>openssl passwd -1 password
>> > > > $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
>> > > >
>> > > > Compiled Openssl 1.1.0:
>> > > >
>> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
>> > > > OpenSSL 1.1.0 25 Aug 2016
>> > > >
>> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
>> > > > OpenSSL 1.1.0 25 Aug 2016
>> > > >
>> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
>> > > > UZ8kfkzdGoYTQ
>> > > >

Re: [openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Brian Howson via RT]

Thanks Richard,
Quick work on issue 1, I git cloned & tested it, works as expected.
I downloaded the pull above, built it and it appears to work.

I found test vectors in the specification document here:
 https://www.akkadia.org/drepper/sha-crypt.html


openssl passwd -5 -salt saltstring "Hello world!" | find
"$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"

openssl passwd -6 -salt saltstring "Hello world!" | find
"$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1"


So looks good.  One suggestion is to re-order the help output so it's
in declining "best to worst" 6 -> 5 -> 1 -> apr1 -> des), but that's minor.


Cheers,
Brian

On Tue, Sep 13, 2016 at 10:09 PM, Richard Levitte via RT <r...@openssl.org>
wrote:

> Issue 2 is implemented in https://github.com/openssl/openssl/pull/1572
>
> Please try it out.
>
> Cheers,
> Richard
>
> On Tue Sep 13 22:32:37 2016, levitte wrote:
> > Issue 1 now resolved, fix pushed to master branch as well as
> > OpenSSL_1_1_0-stable.
> >
> > Issue 2 remaining.
> >
> > Cheers,
> > Richard
> >
> > On Tue Sep 13 20:32:18 2016, levitte wrote:
> > > I can confirm issue one and raise you one: it's not just on Windows
> > >
> > > On it.
> > >
> > > Cheers,
> > > Richard
> > >
> > > On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> > > > This may be two requests, one a bug and one a feature request.
> > > >
> > > > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5
> > > > passwords
> > > > (-1 / -apr1), returns "". I haven't tested other platforms.
> > > > See
> > > > output below.
> > > >
> > > > Issue 2: openssl 1.1.0 passwd doesn't support newer password
> > > > hashing
> > > > algorithms used by unix / linux platforms. This limitation may
> > > > force
> > > > people to use weaker password storage than possible, for example if
> > > > generating crypts using openssl passwd to feed into usermod -p.
> > > > Please add
> > > > support for password types 5 (SHA-256) and 6 (SHA-512).
> > > >
> > > > http://man7.org/linux/man-pages/man3/crypt.3.html
> > > >
> > > > ID | Method
> > > > ─
> > > > 1 | MD5
> > > > 2a | Blowfish (not in mainline glibc; added in some
> > > > | Linux distributions)
> > > > 5 | SHA-256 (since glibc 2.7)
> > > > 6 | SHA-512 (since glibc 2.7)
> > > >
> > > >
> > > > Issue 1: collateral:
> > > >
> > > > Working in OpenSSL 1.0.2.h:
> > > > D:\>openssl version
> > > > OpenSSL 1.0.2h 3 May 2016
> > > >
> > > > D:\>openssl passwd -apr1 password
> > > > $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
> > > >
> > > > D:\>openssl passwd -1 password
> > > > $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
> > > >
> > > > Compiled Openssl 1.1.0:
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > OpenSSL 1.1.0 25 Aug 2016
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > > OpenSSL 1.1.0 25 Aug 2016
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> > > > UZ8kfkzdGoYTQ
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> > > > 
> > > >
> > > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> > > > 
> > > >
> > > > (To show that MD5 wasn't compiled out):
> > > >
> > > > D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> > > > Usage: passwd [options]
> > > > Valid options are:
> > > > -help Display this summary
> > > > -in infile Pead passwords from file
> > > > -noverify Never verify when reading password from terminal
> > > > -quiet No warnings
> > > > -table Format output as table
> > > > -reverse Switch table columns
> > > > -salt val Use provided salt
> > > > -stdin Read passwords from stdin
> > > > -apr1 MD5-based password algorithm, Apache variant
> > > > -1 MD5-based password algorithm
> > > > -crypt Standard Unix password algorithm (default)
> > >
> > >
> > > --
> > > Richard Levitte
> > > levi...@openssl.org
> >
> >
> > --
> > Richard Levitte
> > levi...@openssl.org
>
>
> --
> Richard Levitte
> levi...@openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
> Please log in as guest with password guest if prompted
>
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Richard Levitte via RT]

Issue 2 is implemented in https://github.com/openssl/openssl/pull/1572

Please try it out.

Cheers,
Richard

On Tue Sep 13 22:32:37 2016, levitte wrote:
> Issue 1 now resolved, fix pushed to master branch as well as
> OpenSSL_1_1_0-stable.
>
> Issue 2 remaining.
>
> Cheers,
> Richard
>
> On Tue Sep 13 20:32:18 2016, levitte wrote:
> > I can confirm issue one and raise you one: it's not just on Windows
> >
> > On it.
> >
> > Cheers,
> > Richard
> >
> > On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> > > This may be two requests, one a bug and one a feature request.
> > >
> > > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5
> > > passwords
> > > (-1 / -apr1), returns "". I haven't tested other platforms.
> > > See
> > > output below.
> > >
> > > Issue 2: openssl 1.1.0 passwd doesn't support newer password
> > > hashing
> > > algorithms used by unix / linux platforms. This limitation may
> > > force
> > > people to use weaker password storage than possible, for example if
> > > generating crypts using openssl passwd to feed into usermod -p.
> > > Please add
> > > support for password types 5 (SHA-256) and 6 (SHA-512).
> > >
> > > http://man7.org/linux/man-pages/man3/crypt.3.html
> > >
> > > ID | Method
> > > ─
> > > 1 | MD5
> > > 2a | Blowfish (not in mainline glibc; added in some
> > > | Linux distributions)
> > > 5 | SHA-256 (since glibc 2.7)
> > > 6 | SHA-512 (since glibc 2.7)
> > >
> > >
> > > Issue 1: collateral:
> > >
> > > Working in OpenSSL 1.0.2.h:
> > > D:\>openssl version
> > > OpenSSL 1.0.2h 3 May 2016
> > >
> > > D:\>openssl passwd -apr1 password
> > > $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
> > >
> > > D:\>openssl passwd -1 password
> > > $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
> > >
> > > Compiled Openssl 1.1.0:
> > >
> > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > OpenSSL 1.1.0 25 Aug 2016
> > >
> > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > > OpenSSL 1.1.0 25 Aug 2016
> > >
> > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> > > UZ8kfkzdGoYTQ
> > >
> > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> > > 
> > >
> > > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> > > 
> > >
> > > (To show that MD5 wasn't compiled out):
> > >
> > > D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> > > Usage: passwd [options]
> > > Valid options are:
> > > -help Display this summary
> > > -in infile Pead passwords from file
> > > -noverify Never verify when reading password from terminal
> > > -quiet No warnings
> > > -table Format output as table
> > > -reverse Switch table columns
> > > -salt val Use provided salt
> > > -stdin Read passwords from stdin
> > > -apr1 MD5-based password algorithm, Apache variant
> > > -1 MD5-based password algorithm
> > > -crypt Standard Unix password algorithm (default)
> >
> >
> > --
> > Richard Levitte
> > levi...@openssl.org
>
>
> --
> Richard Levitte
> levi...@openssl.org


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Richard Levitte via RT]

Issue 1 now resolved, fix pushed to master branch as well as
OpenSSL_1_1_0-stable.

Issue 2 remaining.

Cheers,
Richard

On Tue Sep 13 20:32:18 2016, levitte wrote:
> I can confirm issue one and raise you one: it's not just on Windows
>
> On it.
>
> Cheers,
> Richard
>
> On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> > This may be two requests, one a bug and one a feature request.
> >
> > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5 passwords
> > (-1 / -apr1), returns "". I haven't tested other platforms. See
> > output below.
> >
> > Issue 2: openssl 1.1.0 passwd doesn't support newer password hashing
> > algorithms used by unix / linux platforms. This limitation may force
> > people to use weaker password storage than possible, for example if
> > generating crypts using openssl passwd to feed into usermod -p. Please add
> > support for password types 5 (SHA-256) and 6 (SHA-512).
> >
> > http://man7.org/linux/man-pages/man3/crypt.3.html
> >
> > ID | Method
> > ─
> > 1 | MD5
> > 2a | Blowfish (not in mainline glibc; added in some
> > | Linux distributions)
> > 5 | SHA-256 (since glibc 2.7)
> > 6 | SHA-512 (since glibc 2.7)
> >
> >
> > Issue 1: collateral:
> >
> > Working in OpenSSL 1.0.2.h:
> > D:\>openssl version
> > OpenSSL 1.0.2h 3 May 2016
> >
> > D:\>openssl passwd -apr1 password
> > $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
> >
> > D:\>openssl passwd -1 password
> > $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
> >
> > Compiled Openssl 1.1.0:
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > OpenSSL 1.1.0 25 Aug 2016
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > OpenSSL 1.1.0 25 Aug 2016
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> > UZ8kfkzdGoYTQ
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> > 
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> > 
> >
> > (To show that MD5 wasn't compiled out):
> >
> > D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> > Usage: passwd [options]
> > Valid options are:
> > -help Display this summary
> > -in infile Pead passwords from file
> > -noverify Never verify when reading password from terminal
> > -quiet No warnings
> > -table Format output as table
> > -reverse Switch table columns
> > -salt val Use provided salt
> > -stdin Read passwords from stdin
> > -apr1 MD5-based password algorithm, Apache variant
> > -1 MD5-based password algorithm
> > -crypt Standard Unix password algorithm (default)
>
>
> --
> Richard Levitte
> levi...@openssl.org


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Richard Levitte via RT]

A note for the future: since this is really two issues, they should be one
ticket each. I'll let this one slip by, 'cause it's relatively simple to fix
both. However, please understand that while issue 1 will be fixed in OpenSSL
1.1.0a, issue 2 will not appear before OpenSSL 1.1.1.

Cheers,
Richard

On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> This may be two requests, one a bug and one a feature request.
>
> Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5 passwords
> (-1 / -apr1), returns "". I haven't tested other platforms. See
> output below.
>
> Issue 2: openssl 1.1.0 passwd doesn't support newer password hashing
> algorithms used by unix / linux platforms. This limitation may force
> people to use weaker password storage than possible, for example if
> generating crypts using openssl passwd to feed into usermod -p. Please add
> support for password types 5 (SHA-256) and 6 (SHA-512).
>
> http://man7.org/linux/man-pages/man3/crypt.3.html
>
> ID | Method
> ─
> 1 | MD5
> 2a | Blowfish (not in mainline glibc; added in some
> | Linux distributions)
> 5 | SHA-256 (since glibc 2.7)
> 6 | SHA-512 (since glibc 2.7)
>
>
> Issue 1: collateral:
>
> Working in OpenSSL 1.0.2.h:
> D:\>openssl version
> OpenSSL 1.0.2h 3 May 2016
>
> D:\>openssl passwd -apr1 password
> $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
>
> D:\>openssl passwd -1 password
> $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
>
> Compiled Openssl 1.1.0:
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> OpenSSL 1.1.0 25 Aug 2016
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> OpenSSL 1.1.0 25 Aug 2016
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> UZ8kfkzdGoYTQ
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> 
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> 
>
> (To show that MD5 wasn't compiled out):
>
> D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> Usage: passwd [options]
> Valid options are:
> -help Display this summary
> -in infile Pead passwords from file
> -noverify Never verify when reading password from terminal
> -quiet No warnings
> -table Format output as table
> -reverse Switch table columns
> -salt val Use provided salt
> -stdin Read passwords from stdin
> -apr1 MD5-based password algorithm, Apache variant
> -1 MD5-based password algorithm
> -crypt Standard Unix password algorithm (default)


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Richard Levitte via RT]

I can confirm issue one and raise you one: it's not just on Windows

On it.

Cheers,
Richard

On Tue Sep 13 17:23:48 2016, bkhow...@gmail.com wrote:
> This may be two requests, one a bug and one a feature request.
>
> Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5 passwords
> (-1 / -apr1), returns "". I haven't tested other platforms. See
> output below.
>
> Issue 2: openssl 1.1.0 passwd doesn't support newer password hashing
> algorithms used by unix / linux platforms. This limitation may force
> people to use weaker password storage than possible, for example if
> generating crypts using openssl passwd to feed into usermod -p. Please add
> support for password types 5 (SHA-256) and 6 (SHA-512).
>
> http://man7.org/linux/man-pages/man3/crypt.3.html
>
> ID | Method
> ─
> 1 | MD5
> 2a | Blowfish (not in mainline glibc; added in some
> | Linux distributions)
> 5 | SHA-256 (since glibc 2.7)
> 6 | SHA-512 (since glibc 2.7)
>
>
> Issue 1: collateral:
>
> Working in OpenSSL 1.0.2.h:
> D:\>openssl version
> OpenSSL 1.0.2h 3 May 2016
>
> D:\>openssl passwd -apr1 password
> $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
>
> D:\>openssl passwd -1 password
> $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
>
> Compiled Openssl 1.1.0:
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> OpenSSL 1.1.0 25 Aug 2016
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> OpenSSL 1.1.0 25 Aug 2016
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> UZ8kfkzdGoYTQ
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> 
>
> D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> 
>
> (To show that MD5 wasn't compiled out):
>
> D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> Usage: passwd [options]
> Valid options are:
> -help Display this summary
> -in infile Pead passwords from file
> -noverify Never verify when reading password from terminal
> -quiet No warnings
> -table Format output as table
> -reverse Switch table columns
> -salt val Use provided salt
> -stdin Read passwords from stdin
> -apr1 MD5-based password algorithm, Apache variant
> -1 MD5-based password algorithm
> -crypt Standard Unix password algorithm (default)


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request

[Brian Howson via RT]

This may be two requests, one a bug and one a feature request.

Issue 1: openssl 1.1.0  passwd on Windows 64 doesn't generate MD5 passwords
(-1 / -apr1), returns "".  I haven't tested other platforms.  See
output below.

Issue 2: openssl 1.1.0 passwd doesn't support newer password hashing
algorithms used by unix / linux platforms.  This limitation may force
people to use weaker password storage than possible, for example if
generating crypts using openssl passwd to feed into usermod -p.  Please add
support for password types 5 (SHA-256) and 6 (SHA-512).

http://man7.org/linux/man-pages/man3/crypt.3.html

ID  | Method
─
1   | MD5
2a  | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5   | SHA-256 (since glibc 2.7)
6   | SHA-512 (since glibc 2.7)


Issue 1: collateral:

Working in OpenSSL 1.0.2.h:
D:\>openssl version
OpenSSL 1.0.2h  3 May 2016

D:\>openssl passwd -apr1 password
$apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.

D:\>openssl passwd -1 password
$1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0

Compiled Openssl 1.1.0:

D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
OpenSSL 1.1.0  25 Aug 2016

D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
OpenSSL 1.1.0  25 Aug 2016

D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
UZ8kfkzdGoYTQ

D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password


D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password


(To show that MD5 wasn't compiled out):

D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
Usage: passwd [options]
Valid options are:
 -help   Display this summary
 -in infile  Pead passwords from file
 -noverify   Never verify when reading password from terminal
 -quiet  No warnings
 -table  Format output as table
 -reverseSwitch table columns
 -salt val   Use provided salt
 -stdin  Read passwords from stdin
 -apr1   MD5-based password algorithm, Apache variant
 -1  MD5-based password algorithm
 -crypt  Standard Unix password algorithm (default)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4673] a weird error, please help to check whether is it a but. thanks!

[openssl-us...@openssl.org via RT]

> On Sep 12, 2016, at 4:08 PM, zy_chongqing via RT <r...@openssl.org> wrote:
> 
> SSL_CTX_use_certificate_file return 0, and the log show: error:140AB18F:SSL 
> routines:SSL_CTX_use_certificate:ee key too small
> 1. this programe is running well in one server, but failed in another. 
> actually these 2 servers is mirrow relationship. 2. I checked the pem file 
> (as attached), also is same on two servers3. I checked the error reason, but 
> cannot find any description about it in the website.I am almost crazy for 
> this issue, would you help to check what's the reason of this error for me? 
> thanks a lot!
> my OS: Linux version 3.7.10-1.1-desktop (geeko@buildhost) (gcc version 4.7.2 
> 20130108 [gcc-4_7-branch revision 195012] (SUSE Linux) ) #1 SMP PREEMPT Thu 
> Feb 28 15:06:29 UTC 2013 (82d3f21)OpenSSL version: OpenSSL 1.1.0  25 Aug 2016
> thanks & Regards!

Use stronger keys, see:

https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_security_level.html

-- 
Viktor.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4673
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4673] a weird error, please help to check whether is it a but. thanks!

[zy_chongqing via RT]

Hello,
I have a function to initial the CTX as below:
#define CA_CERT_PATH          "./pem"
#define RSA_CLIENT_CERT "./pem/PushChatCert.pem"
#define RSA_CLIENT_KEY       "./pem/PushChatKey.pem"
bool CAPNSClient::InitCTX()
{
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
 
m_pMeth = TLS_client_method();
m_pCtx = SSL_CTX_new(m_pMeth);
if(NULL == m_pCtx)
{
ERRLOG("Could not get SSL Context");
return false;
}

if(0 == SSL_CTX_load_verify_locations(m_pCtx, NULL, CA_CERT_PATH))
{
ERRLOG("Failed to set CA location:%s", ERR_error_string( 
ERR_get_error(), NULL ));
return false;
}

if (0 == SSL_CTX_use_certificate_file(m_pCtx, RSA_CLIENT_CERT, 
SSL_FILETYPE_PEM))
{
ERRLOG("Cannot use Certificate File:%s", ERR_error_string( 
ERR_get_error(), NULL ));
return false;
}

SSL_CTX_set_default_passwd_cb_userdata(m_pCtx, (void*)"Memo_Server");
 
if (0 == SSL_CTX_use_PrivateKey_file(m_pCtx, RSA_CLIENT_KEY, 
SSL_FILETYPE_PEM))
{
ERRLOG("Cannot use Private Key:%s", ERR_error_string( ERR_get_error(), 
NULL ));
return false;
}

/* Check if the client certificate and private-key matches 验证私钥是否与证书一致*/
if (0 == SSL_CTX_check_private_key(m_pCtx))
{
ERRLOG("Private key does not match the certificate public key");
return false;
}

return true;
}
SSL_CTX_use_certificate_file return 0, and the log show: error:140AB18F:SSL 
routines:SSL_CTX_use_certificate:ee key too small
1. this programe is running well in one server, but failed in another. actually 
these 2 servers is mirrow relationship. 2. I checked the pem file (as 
attached), also is same on two servers3. I checked the error reason, but cannot 
find any description about it in the website.I am almost crazy for this issue, 
would you help to check what's the reason of this error for me? thanks a lot!
my OS: Linux version 3.7.10-1.1-desktop (geeko@buildhost) (gcc version 4.7.2 
20130108 [gcc-4_7-branch revision 195012] (SUSE Linux) ) #1 SMP PREEMPT Thu Feb 
28 15:06:29 UTC 2013 (82d3f21)OpenSSL version: OpenSSL 1.1.0  25 Aug 2016
thanks & Regards!
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4673
Please log in as guest with password guest if prompted



PushChatCert.pem
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4130] Provide enginesdir in pkgconfig file

[Richard Levitte via RT]

Fixed in the 1.1.0 and 1.0.2 branches, as well as master.

Closing ticket. Thank you!

Cheers,
Richard

On Mon Nov 09 08:15:26 2015, dw...@infradead.org wrote:
> External engines such as engine_pkcs11 want to install into
> $ENGINESDIR. Would be nice if we could tell where it is by using
> $(pkg-config --variable=enginesdir openssl)
>
> It's theoretically possible to find it by defining HEADER_CRYPTLIB_H
> and then including opensslconf.h, although that's horrid enough even
> before you consider cross-compilation (i.e. you can't just use printf).
>
> Can we put it in openssl.pc please?
>
> (Of course, something as fundamental as engine_pkcs11 shouldn't be
> external anyway, but that's a different story...)
>


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4130
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4667] Issue with OpenSSL v1.1.0 on AIX with XLC and GCC and -O

[REIX, Tony via RT]

Hi Andy,

Your patch DOES work fine with GCC 6.2.0 and -O, both for 32 & 64bits.
It also works fine with XLC v12.1.0.14 and -O in 64bits (was OK in 32bits).

Thanks for your help !

Regards,

Tony

Le 03/09/2016 00:42, Andy Polyakov via RT a écrit :

- GCC 6.1.0 is: KO, 64 & 32 bits:
#   Failed test 'running evp_test evptests.txt'
#   at ../test/recipes/30-test_evp.t line 18.
# Looks like you failed 1 test of 1.
../test/recipes/30-test_evp.t ..
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests



Phew! Mystery solved! Verify attached patch. Trouble was that vector
ChaCha subroutine relies on its alignment in memory. But on AIX it's
impossible to *control* alignment with desired granularity without
specifying higher alignment for .text segment itself. And .text
directive was missing in chacha-ppc module :-( So it's not exactly
optimizations of ppccap.o that mattered, but its changing size depending
on optimization options that was affecting chacha subroutine's
alignment. It actually *could* be vice versa, i.e. work with
optimizations on and fail without, it's all about a coincidence.


--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4667
Please log in as guest with password guest if prompted


ATOS WARNING !
This message contains attachments that could potentially harm your computer.
Please make sure you open ONLY attachments from senders you know, trust and is 
in an e-mail that you are expecting.

AVERTISSEMENT ATOS !
Ce message contient des pièces jointes qui peuvent potentiellement endommager 
votre ordinateur.
Merci de vous assurer que vous ouvrez uniquement les pièces jointes provenant 
d’emails que vous attendez et dont vous connaissez les expéditeurs et leur 
faites confiance.

AVISO DE ATOS !
Este mensaje contiene datos adjuntos que pudiera ser que dañaran su ordenador.
Asegúrese de abrir SOLO datos adjuntos enviados desde remitentes de confianza y 
que procedan de un correo esperado.

ATOS WARNUNG !
Diese E-Mail enthält Anlagen, welche möglicherweise ihren Computer beschädigen 
könnten.
Bitte beachten Sie, daß Sie NUR Anlagen öffnen, von einem Absender den Sie 
kennen, vertrauen und vom dem Sie vor allem auch E-Mails mit Anlagen erwarten.



-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4667
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4672] BUG: NEWSLOG - an error occurred while processing this directive

[Richard Levitte via RT]

Thanks for the notification. Problem fixed, will be visible in a couple of
minutes.

Closing ticket

Cheers,
Richard

On Tue Sep 06 06:44:32 2016, tallev...@yahoo.com wrote:
> Hi,
> I've encountered the following error: "an error occurred while
> processing this directive" when
> opening the news log. https://www.openssl.org/news/newslog.html
> Thanks.
> Tal.


--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4672
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4672] BUG: NEWSLOG - an error occurred while processing this directive

[Tal Levi via RT]

Hi,
I've encountered the following error: "an error occurred while processing this 
directive" when
opening the news log. https://www.openssl.org/news/newslog.html
Thanks.
Tal.




-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4672
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4671] Bug: pkcs8 application limits output passwords to 50 characters

[Jarmo Jaakkola via RT]

The pkcs8 application limits output keyfile passwords to at most 50
characters if -passout parameter is not used.  This seems to be because
the buffer used for password input in pkcs8.c has a fixed size of 50.

This has a small security impact: the limitation leaks the maximum
length of a password used on some PKCS#8 keys.


How to reproduce:

---8<---8<---
$ openssl genrsa -out rsa.key
$ openssl pkcs8 -topk8 -in rsa.key -out key.pkcs8
Enter Encryption 
Password:123456789012345678901234567890123456789012345678901
---8<---8<---


Actual result:
pkcs8 exits without output and returns value 1.

---8<---8<---
$ echo $?
1
---8<---8<---


Expected result:
pkcs8 prompts to verify the password and uses said password for
encryption.  It should be possible to use passwords of arbitrary
length.


Workaround:
Use the -passout parameter, e.g. "-passout stdin".


Versions tested:
---8<---8<---
$ uname -srm
NetBSD 7.0.0 amd64
$ openssl version
OpenSSL 1.0.2h  3 May 2016
$ /usr/bin/openssl version
OpenSSL 1.0.1p 9 Jul 2015

$ uname -srm
NetBSD 7.0.1 amd64
$ openssl version
OpenSSL 1.0.1t  3 May 2016
---8<---8<---

-- 
Jarmo Jaakkola


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4671
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4670] a bug in ssl_lib(ver 1.0.2)

[aa via RT]

Hi OpenSSL,
First, Thank you for your contribution in OpenSSL.


I found the bug last week, that is:
step-1, Create a socket of non-blocking mode, and then establish the 
connection-oriented; (all works successfully done)
step-2, Call SSL_connect(or SSL_do_handshake) for establish a security session 
on that original-connection; (all works successfully done)
step-3, After some works of data transfer, I want to shutdown the 
SSL-CONNECTION and close the original-socket, So I do the procedure as 
following,
step-3.1, Call SSL_shutdown firstly, and it returns zero. According to comments 
of SSL_shutdown in manual as:
   (0: The shutdown is not yet finished. Call SSL_shutdown() for a second 
time, if a bidirectional shutdown shall be performed. The output of 
SSL_get_error may be misleading, as an erroneous SSL_ERROR_SYSCALL may be 
flagged even though no error occurred.)
 So, I call SSL_shutdown again, and it returns -1, and SSL_get_error 
returns SSL_ERROR_SYSCALL.
step-3.2, For a while, go back the step-1, at that time, I found SSL_connect / 
SSL_do_handshake will be always failed( the original-socket is still good );
   But, if sleep/pause around 400ms between the operator 
'connect'(original socket API) and the operator 'SSL_connect', then all works 
successfully finished.


Hope you will check it.
Maybe it occurred due to my incorrect processing.




Best regards
CXX
SST.
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4670
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] ������RE: [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object

[shuai.chang via RT]

This transaction appears to have no content
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4660
Please log in as guest with password guest if prompted



bind6Z00uJN6D.bin
Description: Binary data


bin1I7STPaGEj.bin
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4667] Issue with OpenSSL v1.1.0 on AIX with XLC and GCC and -O

[Andy Polyakov via RT]

> - GCC 6.1.0 is: KO, 64 & 32 bits:
> #   Failed test 'running evp_test evptests.txt'
> #   at ../test/recipes/30-test_evp.t line 18.
> # Looks like you failed 1 test of 1.
> ../test/recipes/30-test_evp.t ..
> Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/1 subtests

Phew! Mystery solved! Verify attached patch. Trouble was that vector
ChaCha subroutine relies on its alignment in memory. But on AIX it's
impossible to *control* alignment with desired granularity without
specifying higher alignment for .text segment itself. And .text
directive was missing in chacha-ppc module :-( So it's not exactly
optimizations of ppccap.o that mattered, but its changing size depending
on optimization options that was affecting chacha subroutine's
alignment. It actually *could* be vice versa, i.e. work with
optimizations on and fail without, it's all about a coincidence.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4667
Please log in as guest with password guest if prompted

diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl
index b978f58..8a54cba 100755
--- a/crypto/chacha/asm/chacha-ppc.pl
+++ b/crypto/chacha/asm/chacha-ppc.pl
@@ -133,6 +133,7 @@ my 
($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
 
 $code.=<<___;
 .machine   "any"
+.text
 
 .globl .ChaCha20_ctr32_int
 .align 5
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

[Rich Salz via RT]

The title now has the URL. Closing. Fixed as it's gonna get :)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object

[Glen Matthews via RT]

Hi

Are you saying that it was full?

glen

-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Stephen 
Henson via RT
Sent: Friday, September 02, 2016 12:00 PM
To: 1047941...@qq.com
Cc: openssl-dev@openssl.org
Subject: [openssl-dev] [openssl.org #4660] 
error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object

On Sat Aug 27 14:01:11 2016, 1047941...@qq.com wrote:
> hello:
> i want to use libcurl with openssl, and i build openssl use this
> cmd:
> "perl configure VC-WIN32 no-asm -DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi
> -DOPENSSL_CAPIENG_DIALO"
>
>
> when i use curl get url,eg "curl -k 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__-2A.com=DQICAg=ZgVRmm3mf2P1-XDAyDsu4A=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs=IuQq7WSAP9cJ_y-1fyCdn_8WwrZkjkgpnDza8tOuE7w=
>  ",return the error:
> error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object
>

Quick answer: use OpenSSL 1.1.0 . Alternatively disable TLS 1.2 (e.g. curl 
command line option) or indicate support only for SHA1+RSA for client signature 
algorithms (don't think there is a curl command line option for this).

Long answer: the capi ENGINE in OpenSSL 1.0.2 and earlier uses the CSP attached 
to the key for cryptographic operations. Unfortunately this means that SHA2 
algorithms are not supported for client authentication.

OpenSSL 1.1.0 adds a workaround for this issue. If you disable TLS 1.2 in 
earlier versions of OpenSSL it will not use SHA2 for client auth so that will 
also work.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openssl.org=DQICAg=ZgVRmm3mf2P1-XDAyDsu4A=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs=vd-4WnAUoA49neABl9NK-g38u00nQ2f7vJWLpope-KA=
 

--
Ticket here: 
https://urldefense.proofpoint.com/v2/url?u=http-3A__rt.openssl.org_Ticket_Display.html-3Fid-3D4660=DQICAg=ZgVRmm3mf2P1-XDAyDsu4A=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs=d_EFK2MpG35FfJdpz5zxneka6JHkljpl79ksuSy143s=
Please log in as guest with password guest if prompted

--
openssl-dev mailing list
To unsubscribe: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev=DQICAg=ZgVRmm3mf2P1-XDAyDsu4A=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs=_OR1SdBBZFy-d7W2zBYnsW_arfIKATUXmzPP9xSdAXA=
 


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4660
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object

[Stephen Henson via RT]

On Sat Aug 27 14:01:11 2016, 1047941...@qq.com wrote:
> hello:
> i want to use libcurl with openssl, and i build openssl use this
> cmd:
> "perl configure VC-WIN32 no-asm -DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi
> -DOPENSSL_CAPIENG_DIALO"
>
>
> when i use curl get url,eg "curl -k https://*.com",return the error:
> error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object
>

Quick answer: use OpenSSL 1.1.0 . Alternatively disable TLS 1.2 (e.g. curl
command line option) or indicate support only for SHA1+RSA for client signature
algorithms (don't think there is a curl command line option for this).

Long answer: the capi ENGINE in OpenSSL 1.0.2 and earlier uses the CSP attached
to the key for cryptographic operations. Unfortunately this means that SHA2
algorithms are not supported for client authentication.

OpenSSL 1.1.0 adds a workaround for this issue. If you disable TLS 1.2 in
earlier versions of OpenSSL it will not use SHA2 for client auth so that will
also work.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4660
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

[Salz, Rich via RT]

> Errr, yes. That's because all pages include the same header, which has:
> 
> OpenSSL
> 
> I thought that was by design...

No, it was because the person who rebuilt the web doesn't know much about the 
web.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

[Salz, Rich via RT]

Yeah, something like that for 1.0.2; simpler for 1.1.0.  I'll do it.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4669
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

[Richard Levitte via RT]

On Fri Sep 02 14:37:30 2016, rs...@akamai.com wrote:
> There is a bug. Navigate around and then right-click on the back
> button. All the pages just say openssl.

Errr, yes. That's because all pages include the same header, which has:

OpenSSL

I thought that was by design...

Cheers,
Richard

--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

[Salz, Rich via RT]

There is a bug.  Navigate around and then right-click on the back button.  All 
the pages just say openssl.
Re-opening.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4641] [openssl-1.1.0-pre6] make test stops with solaris64-x86_64-gcc

[Kiyoshi KANAZAWA via RT]

I forgot writing.

crypto/x86_64cpuid.s generated by 64 bit perl & generated by rebuilt 32 bit perl
is the same.

Regards,

--- Kiyoshi 


> With my old 32 bit perl,built by default except for prefix,
>   perl -e 'use integer; printf 
> "%d\n",0x<<32>>32'
> prints 0.
> 64 bit perl prints -1.
> 
> After rebuilding 32 bit perl with Configuring "-Duse64bitint", output 
> was changed to -1.
> With this rebuilt 32 bit perl, openssl-1.1.0 "make test" passes.
> 
> 
> (I checked perl-5.24.0, building both with gcc 5.4.0 & developerstudio12.5 
> cc,
> and had the same results.)
> 
> Regards,
> 
> --- Kiyoshi 
> 
> 
>> 
>>>   Note that a 32-bit Perl can be compiled with or without support for 
> 64-bit 
>>  integers.
>>>   That fact hit me once doing OpenSSL builds, some 64-bit constants were 
> not
>>>   calculated correctly, however that showed up at build time so not 
> likely
>>>   to be the case here. However, it might be helpful checking if the 
> 32-bit 
>>  perl
>>>   in question supports 64-bit or not.
>> 
>>  Those problems were addressed and both configurations are known to work.
>>  For example 32-bit perl I use by default on Linux is *not* compiled with
>>  64-bit integers, while 32-bit perl I have on Solaris is. No problem with
>>  either. It appears to me that problem is likely to occur at sign
>>  extension when processing effective addresses. To demonstrate this with
>>  one-liner:
>> 
>>  perl -e 'use integer; printf 
>>  "%d\n",0x<<32>>32'
>> 
>>  It should print -1 in either combination of bitnesses.
>> 
>> 
>>  -- 
>>  Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4641
>>  Please log in as guest with password guest if prompted
>> 
>


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4641
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

[Steffen Nurpmeso via RT]

Richard Levitte via RT <r...@openssl.org> wrote:
 |On Thu Sep 01 13:18:44 2016, stef...@sdaoden.eu wrote:
 |> From the documentation i cannot tell what is wrong with the
 |> following:
 |>
 |> echo abc > a; echo def > b; echo ghi > c
 |> openssl genpkey -algorithm RSA -out k.prv
 |> openssl pkey -in k.prv -pubout -out k.pub
 |> openssl dgst -sha512 -sign k.prv -out .sig a b c
 |> openssl dgst -sha512 -verify k.pub -signature .sig a b c
 |> rm k.prv k.pub a b c
 |
 |The manual for dgst has this little note
 |
 |The signing and verify options should only be used if a single file \
 |is being
 |signed or verified.
 |In other words, don't do that.

I really haven't seen that.  It is the second last sentence.  Hm.

 |While I can understand the desire to do multiple files in one swoop, the
 |signature file (.sig in this case) isn't formatted in any special way, it's
 |litterally just a stream of bytes. So it does contain all the signatures, \
 |but
 |in an unstructured format. Verification will read that file and use \
 |the first n
 |bytes from it when verifying each file you give it. That's why you \
 |get correct
 |verification on the first file but not the others.
 |
 |The solution to this is to enhance dgst so it loudly refuses to sign \
 |or verify
 |more than one file.

If that is your way.  I haven't actually tried it, but the
following should do what you want?!
Ciao,

--- dgst.c.orig 2016-09-02 15:06:08.952110179 +0200
+++ dgst.c  2016-09-02 15:13:57.592904667 +0200
@@ -369,6 +369,14 @@ int dgst_main(int argc, char **argv)
 if (md)
 md_name = EVP_MD_name(md);
 }
+
+if (argc > 1 && (sigbuf != NULL || sigkey != NULL)){
+BIO_printf(bio_err, "Signing and verifying cannot be used with 
"
+   "multiple files\n");
+ret = 1;
+goto end;
+}
+
 ret = 0;
 for (i = 0; i < argc; i++) {
 int r;

--steffen


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4669
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

[Steffen Nurpmeso via RT]

Richard Levitte via RT <r...@openssl.org> wrote:
 |On Thu Sep 01 13:13:44 2016, stef...@sdaoden.eu wrote:
 |> Before sending the last message i looked around on the website (it
 |> has become particularly complicated to find the bug tracker), and
 |> looking at the "go-back" list i saw dozens of "OpenSSL" entries,
 |> rather than rt, "Getting started as a contributor", etc.
 |
 |Not sure what you're on about... I just had a look through the whole set of
 |files, and there's only one page that has that string. This one:
 |https://www.openssl.org/community/getting-started.html
 |
 |As for page titles, all our pages have the title 'OpenSSL'

My name is Hare and i know nothing.
I don't have a Github account (they don't accept hard cash), but
i have found a repository there which seems to be this web page.
The makefile etc. seem to follow security-by-obscurity, but it
seems that you use SSI to generate some load.
If that is really true, the pages could very well be changed to
have a

  

that is repeated in the  further down via

  

I must admit that i don't know whether that is working, the last
time i have used SSI was, i think, and if i recall correctly, with
the Xitami webserver, and before 1999?  Can this be correct?  I am
not lying this, anyway.

 |To sum it up, I don't think we have a problem here. Closing this ticket.

I could place this on my (pretty long) TODO and adjust the web
pages as above at some later time.  Because i think you are
mistaken: to me it seems to be bad style and impolite; the latter
not so much because of the filenames, but these you don't see in
the browser navigation buttons of my graphical browser, only in
the history.
Just my one penny.  Ciao.

--steffen


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4669] Enhancement request: let dgst support multiple files

[Richard Levitte via RT]

On Thu Sep 01 13:18:44 2016, stef...@sdaoden.eu wrote:
> Hello.
>
> From the documentation i cannot tell what is wrong with the
> following:
>
> echo abc > a; echo def > b; echo ghi > c
> openssl genpkey -algorithm RSA -out k.prv
> openssl pkey -in k.prv -pubout -out k.pub
> openssl dgst -sha512 -sign k.prv -out .sig a b c
> openssl dgst -sha512 -verify k.pub -signature .sig a b c
> rm k.prv k.pub a b c

The manual for dgst has this little note

The signing and verify options should only be used if a single file is being
signed or verified.
In other words, don't do that.

While I can understand the desire to do multiple files in one swoop, the
signature file (.sig in this case) isn't formatted in any special way, it's
litterally just a stream of bytes. So it does contain all the signatures, but
in an unstructured format. Verification will read that file and use the first n
bytes from it when verifying each file you give it. That's why you get correct
verification on the first file but not the others.

The solution to this is to enhance dgst so it loudly refuses to sign or verify
more than one file.

Cheers,
Richard
--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4669
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

[Richard Levitte via RT]

On Thu Sep 01 13:13:44 2016, stef...@sdaoden.eu wrote:
> Before sending the last message i looked around on the website (it
> has become particularly complicated to find the bug tracker), and
> looking at the "go-back" list i saw dozens of "OpenSSL" entries,
> rather than rt, "Getting started as a contributor", etc.

Not sure what you're on about... I just had a look through the whole set of
files, and there's only one page that has that string. This one:
https://www.openssl.org/community/getting-started.html

As for page titles, all our pages have the title 'OpenSSL'

To sum it up, I don't think we have a problem here. Closing this ticket.

Cheers,
Richard

--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles

[Steffen Nurpmeso via RT]

"Salz, Rich"  wrote:
  ..
 |for and fix?  (I'm kinda slow sometimes)

Do you know the story of the couple that had been married for
decades when suddenly, at a Sunday morning breakfast, it has been
revealed that she, who was given the upper half of the bread rolls
for so long -- because he thought that was what she likes --,
would much rather have eaten the lower half, but didn't say
a word, because she thought it would have hurt him if she would
have done so?

This story is one of my childhood Traumatas, by the way. ^_^

--steffen


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev