[openssl-dev] [openssl.org #4140] GITHUB PULL REQUEST: do not load engines twice

2015-11-14 Thread Marcus Meissner via RT 
Hi,

https://github.com/openssl/openssl/pull/466

If you try to run OPENSSL_config twice, it will fail on loading engines.

(We encountered this case with ruby and libzypp both running OPENSSL_config
in the same process.)

Ciao, Marcus
-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 
3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real 

___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4132] test/dsatest.c wrong argument to BIO_printf

2015-11-10 Thread Marcus Meissner via RT 
Hi,

apply this patch ... 


commit c01f7e9e233e5e5dabd1ec01eb17198b0798e092
Author: Marcus Meissner 
Date:   Tue Nov 10 16:24:51 2015 +0100

fixed wrong argument to BIO_printf

diff --git a/test/dsatest.c b/test/dsatest.c
index 1f4b837..fe25352 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -247,7 +247,7 @@ static int dsa_cb(int p, int n, BN_GENCB *arg)
 (void)BIO_flush(BN_GENCB_get_arg(arg));
 
 if (!ok && (p == 0) && (num > 1)) {
-BIO_printf((BIO *)arg, "error in dsatest\n");
+BIO_printf(BN_GENCB_get_arg(arg), "error in dsatest\n");
 return 0;
 }
 return 1;

___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4121] avoid configuring openssl twice

2015-11-04 Thread Marcus Meissner via RT 
Hi,

In a mix of various libraries using openssl it can happen
that OPENSSL_config is called multiple times.

Usually this works, but e.g. if you have engines configured,
the second load of engines will not work.

OPENSSL_config checks openssl_configured on begin, but
does not set it when done. (only in OPENSSL_no_config).

So lets set it at the end of OPENSSL_config.

Sent as https://github.com/openssl/openssl/pull/466

Ciao, Marcus
-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 
3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real 

___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3927] regression in 1.0.2c spotted by Net-SSLeay

2015-06-29 Thread Marcus Meissner via RT 
Hi,

I am debugging a testsuite error in the perl Net-SSLeay module, which got 
introduced between 1.0.2a
and 1.0.2c.

The test code looks like this:

  ... private key in $pk ...

  ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname(DES-EDE3-OFB), 
EVP_get_cipherbyname);
  like(my $key_pem4 = 
Net::SSLeay::PEM_get_string_PrivateKey($pk,password,$alg2), qr/-BEGIN 
(ENCRYPTED|RSA) PRIVATE KEY-/, PEM_get_string_PrivateKey+passwd+enc_alg);

Previously it returned a encrypted key, now it does not.

The error stack has:
0:error:0D0A706C:asn1 encoding routines:PKCS5_pbe2_set_iv:cipher has no 
object identifier:p5_pbev2.c:104:
0:error:2307D00D:PKCS12 routines:PKCS8_encrypt:ASN1 lib:p12_p8e.c:86:

Which I _think_ is caused by this change between 1.0.2a and 1.0.2c:

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 5cd755d..aca382a 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -400,6 +400,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const 
unsigned int *bp)
 j = (a-length - b-length);
 if (j)
 return (j);
+if (a-length == 0)
+return 0;
 return (memcmp(a-data, b-data, a-length));
 }
 
@@ -415,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
 if (a-nid != 0)
 return (a-nid);
 
+if (a-length == 0)
+return NID_undef;
+
 if (added != NULL) {
 ad.type = ADDED_DATA;
 ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */


which comes from the objects entry:
obj_dat.h:{DES-EDE3-CBC,des-ede3-cbc,NID_des_ede3_cbc,8,(lvalues[235]),0},
obj_dat.h:{DES-EDE3-OFB,des-ede3-ofb,NID_des_ede3_ofb64,0,NULL,0},

I was not able to find out why des-ede3-cbc does have length 8, but ofb does 
not? 

How to fix this? Should it have length 8 too?

Ciao, Marcus

___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl.org #3402] spurios change in perl NET_SSLeay module

2014-06-13 Thread Marcus Meissner via RT 
On Thu, Jun 12, 2014 at 07:11:24PM +0200, Stephen Henson via RT wrote:
 On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote:
  Hi,
 
  The Net-SSLeay perl module failed its testsuite after 1.0.1g - 1.0.1h
  update.
 
  The code looks like this:
 
  ... create more X509 certificate stuff ...
  is(Net::SSLeay::X509_NAME_print_ex($name), O=Company
  Name,C=UK,CN=Common name text X509, X509_NAME_print_ex);
  is(unpack(H*,Net::SSLeay::X509_NAME_digest($name, $sha1_digest)),
  044d7ea7fddced7b9b63799600b9989a63b36819, X509_NAME_digest);
 
  The sha1 sum of the ASN.1 encoding changed.
 
  The reason for this is commit
 
  git show 3009244da47b989c4cc59ba
  commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431
  Author: Dr. Stephen Henson st...@openssl.org
  Date: Sun Jun 1 15:03:00 2014 +0100
 
  Set default global mask to UTF8 only.
 
  diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
  index dedc488..8993264 100644
  --- a/crypto/asn1/a_strnid.c
  +++ b/crypto/asn1/a_strnid.c
  @@ -74,7 +74,7 @@ static int sk_table_cmp(const ASN1_STRING_TABLE *
  const *a,
  * certain software (e.g. Netscape) has problems with them.
  */
 
  -static unsigned long global_mask = 0xL;
  +static unsigned long global_mask = B_ASN1_UTF8STRING;
 
  void ASN1_STRING_set_default_mask(unsigned long mask)
  {
 
  Should this change the above behaviour?
 
 
 Yes it would change that behaviour. When OpenSSL is asked to construct a DN it
 uses various criteria to determine what string types to use. for
 DirectoryString. Before that change it was using some ancient rules which 
 would
 use long obsolete type. After that change it is brought up to date.
 
 Because the string types change that means the encoding and hence the hash 
 will
 change.

Sounds sensible.

The ticket could be closed again ;)

Ciao, Marcus


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #3336] 1.0.1g breaks IronPORT SMTP appliance (padding extension)

2014-05-01 Thread Marcus Meissner via RT 
Hi,

SUSE has received a bugreport from a user, that the padding extension
change breaks IronPort SMTP appliances.

There might a RT on this already, not sure.

https://bugzilla.novell.com/show_bug.cgi?id=875639
http://postfix.1071664.n5.nabble.com/OpenSSL-1-0-1g-and-Ironport-SMTP-appliances-interop-issue-td66873.html

Quoting from our openSUSE bugreport:

Last upgrade to openssl-1.0.1g-11.36.1.x86_64 broke SSL connections to some
services, e.g. Cisco Ironport SMTP appliances.

1.0.1g not only fixes the Heartbleed bug but also adds another change by
adding:
#define TLSEXT_TYPE_padding 21

This in turn breaks SSL connections to e.g. Ironports, probably others:
SSL23_GET_SERVER_HELLO:tlsv1 alert decode error

Workaround: Force protocol to SSLv3 or recompile without the define above.

For details, please refer to:
postfix.1071664.n5.nabble.com/OpenSSL-1-0-1g-and-Ironport-SMTP-appliances-interop-issue-td66873.html


Reproducible: Always

Steps to Reproduce:
1. openssl s_client -connect some.ironport.com:25 -starttls smtp

Note: Send me an email for a hostname of an Ironport SMTP appliance to test
with. I don't want to disclose it here.
Actual Results:  
CONNECTED(0003)
139718758192784:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
decode error:s23_clnt.c:762:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 129 bytes and written 552 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---


Expected Results:  
CONNECTED(0003)
---
Certificate chain
[...cut...]
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1
[...cut..-]
250 STARTTLS

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2526] bad sequence in OCSP_parse_url

2011-05-24 Thread Marcus Meissner via RT 
OCSP_parse_url has a bad sequence of initializing the parameter
returns and buf strdupping + error handling.

If the first error handling triggers, it will access the 
3 argument pointers uninitialized memory.

(the goto mem_err; patch will free **pport et.al.)

found by Coverity scanner.

Ciao, Marcus

--- crypto/ocsp/ocsp_lib.c.xx   2011-05-18 14:17:25.0 +0200
+++ crypto/ocsp/ocsp_lib.c  2011-05-18 14:17:34.0 +0200
@@ -170,14 +170,14 @@
 
char *host, *port;
 
-   /* dup the buffer since we are going to mess with it */
-   buf = BUF_strdup(url);
-   if (!buf) goto mem_err;
-
*phost = NULL;
*pport = NULL;
*ppath = NULL;
 
+   /* dup the buffer since we are going to mess with it */
+   buf = BUF_strdup(url);
+   if (!buf) goto mem_err;
+
/* Check for initial colon */
p = strchr(buf, ':');
 

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2527] doublefree in apps/asn1parse.c

2011-05-24 Thread Marcus Meissner via RT 
Hi,

NCONF_free(cnf) is again called later when errors are handled,
which would lead to double free of cnf.

Spotted by Coverity checker.

Ciao, Marcus

--- apps/asn1pars.c.xx  2011-05-18 14:40:29.0 +0200
+++ apps/asn1pars.c 2011-05-18 14:40:43.0 +0200
@@ -408,6 +408,7 @@
 
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
+   cnf = NULL;
 
if (!atyp)
return -1;

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2528] setup_engine curious return value

2011-05-24 Thread Marcus Meissner via RT 
HI,

apps/engine.c, function setup_engine()

It has return e; on success,
but the code has:


/* Free our structural reference. */
ENGINE_free(e);
}
return e;

ENGINE_free(e) makes e invalid, so returning it is very dangerous.

The return value mostly seems to be unused though, so perhaps
get fully rid of it.

Spotted also by Coverity.

Ciao, Marcus

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2529] potential bug in ssl/bio_ssl.c::ssl_ctrl BIO_C_SET_SSL

2011-05-24 Thread Marcus Meissner via RT 
Hi,

Coverity thinks that in this sequence b-ptr is used
after free and I have to agree:

case BIO_C_SET_SSL:
if (ssl != NULL)
ssl_free(b);// MARCUS: frees also b-ptr 
b-shutdown=(int)num;
ssl=(SSL *)ptr;
((BIO_SSL *)b-ptr)-ssl=ssl;   // MARCUS: Derferences freed 
b-ptr
bio=SSL_get_rbio(ssl);
if (bio != NULL)
{
if (b-next_bio != NULL)
BIO_push(bio,b-next_bio);
b-next_bio=bio;
CRYPTO_add(bio-references,1,CRYPTO_LOCK_BIO);
}
b-init=1;
break;

Not sure what was really intended in the second commented line.

Ciao, MArcus

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2530] crypto/dsa/dsa_gen.c::dsa_builtin_paramgen has potential uninitialized seed

2011-05-24 Thread Marcus Meissner via RT 
Hi,

(I am not fully sure I understand it right.)

Coverity thinks dsa_builtin_paramgen() can use portions of seed uninitialized
and I can agree.

If seed_len is  0 but  qsize, the memcpy(seed,seed_in,seed_len) does
not trigger, but seed is used, being a uninitialized stack variable.


This would probably means that the seeding is done with whatever is on the stack
if a seed_len 0 qsize is passed in, and would be predictable.


Usually the for () loop will detect this as bad state and redo it.

But I am not sure if you can in some call sequence setup the stack so it
gets a predictable content which would be a valid number (and so always
get the same initial state).

Also the comment above the check seems to be wrong, nothing is ever copied
to seed_in in the function.

I do think an invalid seed_len with the condition might not be happening in 
real life.

I would _suggest_ this fix, but it needs to be reviewed.

Ciao, Marcus

--- crypto/dsa/dsa_gen.c.xx 2011-05-18 16:55:14.0 +0200
+++ crypto/dsa/dsa_gen.c2011-05-18 16:55:17.0 +0200
@@ -140,11 +140,12 @@
 
bits = (bits+63)/64*64;
 
-   /* NB: seed_len == 0 is special case: copy generated seed to
-* seed_in if it is not NULL.
+   /* NB: seed_len == 0 is special case: use a random initial seed.
 */
-   if (seed_len  (seed_len  (size_t)qsize))
+   if (seed_len  (seed_len  (size_t)qsize)) {
seed_in = NULL; /* seed buffer too small -- ignore */
+   seed_len = 0;   /* ... and use randomness by default */
+   }
if (seed_len  (size_t)qsize) 
seed_len = qsize;   /* App. 2.2 of FIPS PUB 186 allows 
larger SEED,
 * but our internal buffers are 
restricted to 160 bits*/

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2531] small memory leak in t1_lib

2011-05-24 Thread Marcus Meissner via RT 
Hi,

probably not triggers in real life conditions.
also spotted by Coverity, untested.

--- ssl/t1_lib.c.xx 2011-05-18 15:50:08.0 +
+++ ssl/t1_lib.c2011-05-18 15:50:22.0 +
@@ -1714,8 +1714,10 @@
return -1;
}
EVP_DecryptUpdate(ctx, sdec, slen, p, eticklen);
-   if (EVP_DecryptFinal(ctx, sdec + slen, mlen) = 0)
+   if (EVP_DecryptFinal(ctx, sdec + slen, mlen) = 0) {
+   OPENSSL_free(sdec);
goto tickerr;
+   }
slen += mlen;
EVP_CIPHER_CTX_cleanup(ctx);
p = sdec;

Ciao, Marcus

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #2199] patch: mark assembler as non-exec-stack

2010-03-23 Thread Marcus Meissner via RT 
Hi,

Type: patch

We use the following patch on openSUSE to make sure that openssl
uses non-executable stack by marking the assembler code as
not requiring x-stack.

Ciao, Marcus

--- crypto/perlasm/x86unix.pl
+++ crypto/perlasm/x86unix.pl
@@ -586,6 +586,7 @@
 		push(@out,$const);
 		$const=;
 		}
+	push(@out, .section 	.note.GNU-stack,\\,\...@progbits);
 	}
 
 sub main'data_word

[openssl.org #2200] patch: fixed a crash with openssl req

2010-03-23 Thread Marcus Meissner via RT 
Our QA found a scenario where openssl req is crashing,
this is tracked in https://bugzilla.novell.com/show_bug.cgi?id=430141

It seems a non-asn1 converted string is passed into ASN1_TYPE_set1.

We applied the patch attached.

Ciao, Marcus

Index: openssl-0.9.8h/crypto/x509/x509_att.c

--- openssl-0.9.8h/crypto/x509/x509_att.c
+++ openssl-0.9.8h/crypto/x509/x509_att.c
@@ -305,7 +305,7 @@
 	if(!(ttmp = ASN1_TYPE_new())) goto err;
 	if (len == -1)
 		{
-		if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+		if (!ASN1_TYPE_set1(ttmp, attrtype, stmp))
 			goto err;
 		}
 	else