Re: [openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build
On Thu, 2016-02-04 at 03:04 +, Rich Salz via RT wrote: > So guys, sorry for dropping the ball. Where are we on this now? Going backwards. I don't seem to be able to configure with 'no-ui no-engines' any more. :) -- David WoodhouseOpen Source Technology Centre david.woodho...@intel.com Intel Corporation - http://rt.openssl.org/Ticket/Display.html?id=3964 Please log in as guest with password guest if prompted smime.p7s Description: S/MIME cryptographic signature ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build
On Thu, 2016-02-04 at 03:04 +, Rich Salz via RT wrote: > So guys, sorry for dropping the ball. Where are we on this now? I see four patches still at the top of http://git.infradead.org/users/dwmw2/openssl.git but I've completely forgotten. I'll update and rebase my patches on both the OpenSSL and EDK2 side, and take stock. I think we also have our own implementation of TS support in EDK2, from the 0.9.8 days when OpenSSL didn't. Qin, did you make any progress on killing that off? -- David WoodhouseOpen Source Technology Centre david.woodho...@intel.com Intel Corporation smime.p7s Description: S/MIME cryptographic signature ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build
On Wed, 2015-09-30 at 02:01 +, Rich Salz via RT wrote: > We fixed this in a slightly different way. We made BIO_new_file and BIO_s_file > return an alternate implementation that returns run-time failures. Almost all > of the OpenSSL code uses the BIO object, so we didn't have to remove that. We > did #ifdef out any routine that had a "FILE*" param or local variable. > -- > Rich Salz, OpenSSL dev team; rs...@openssl.org If things like BIO_new_file() were inline, or macros, then the compiler could *see* that they'd return NULL. And lots of code in the *calling* functions (basically everything but the error path) could be elided from the compiled result... -- Sent with Evolution's ActiveSync support. David WoodhouseOpen Source Technology Centre david.woodho...@intel.com Intel Corporation smime.p7s Description: S/MIME cryptographic signature ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled
On Tue, 2015-07-28 at 11:00 +, Salz, Rich via RT wrote: > It seems that the simplest and most obvious thing is to indicate that > you don't care about the dates, which is what this patch does. Obviously I agree, but life's too short to argue about it and I *do* have a viable alternative, with a verify_cb function that just ignores X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED. So (for the record) I've submitted patches to EDKII which do precisely that, and I don't depend on this patch any more. Close the RT if you wish. Having said that, if OpenSSL *does* gain this functionality then I'll happily change the EDKII code to make use of it, because I think it's the better approach. If requested, I can still provide a patch with the alternative variant of using a X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time(). -- David WoodhouseOpen Source Technology Centre david.woodho...@intel.com Intel Corporation smime.p7s Description: S/MIME cryptographic signature ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build
This is the full patch, in case that's easier to read.
--
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com Intel Corporation
commit 422b63a1fd1f4ba6620429fa16cd995f6aff760c
Author: David Woodhouse
Date: Wed Jul 29 12:10:14 2015 +0100
Include for sscanf() even with no-stdio
This isn't actually stdio or file access per se; it merely lives in
.
We rely on sscanf() to parse the OPENSSL_ia32cap environment variable,
since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
Fixing that without using sscanf() is... distinctly non-trivial. So I'm
prepared to live with claiming that it's acceptable to use sscanf() even
when OPENSSL_NO_STDIO is set.
Anyone who disagrees can do so in 'diff -up' form.
commit 046270b1909976668c12e52dc1c8fbc392a50405
Author: David Woodhouse
Date: Wed Jul 29 12:07:03 2015 +0100
Make OPENSSL_showfatal do nothing with no-stdio
Without stdio, there's nothing we can do. There is some merit in
allowing platforms to provide their own BIO for "stderr". Soee platforms
do have a debug console that they could hook that up to, while they
don't have true stdio or file access. But for now, just make it do
nothing if OPENSSL_NO_STDIO is set.
commit e2b3c56d74c95e1f434f936acbb2db5a1ba9785b
Author: David Woodhouse
Date: Wed Jul 29 11:53:57 2015 +0100
Kill OPENSSL_stderr()
It isn't used within OpenSSL. It's private now so it can't be used from
outside either. It's utterly pointless because it only ever returns
'stderr' anyway. And it breaks the build with OPENSSL_NO_STDIO.
Perhaps we should have OPENSSL_std{in,out,err} that return a BIO* instead,
and then we can output to those. In firmware environments where there's
no true stdio or FILE*, we *do* often have a way to print messages to the
console, and those BIOs could do the right thing.
That might actually give us a way to fix OPENSSL_showfatal() (qv).
commit ad771ea474f3065208d584536aa3da34192ac8f2
Author: David Woodhouse
Date: Tue Jul 28 21:29:17 2015 +0100
Remove file-based functionality from ssl/ for no-stdio build
The function prototypes were already gone, but not the functions themselves.
commit 3ff9391624da53b47ae96d34de08593556df0723
Author: David Woodhouse
Date: Tue Jul 28 21:26:23 2015 +0100
Remove unviable conf functionality from no-stdio build
Rip out anything which requires file access. It couldn't have worked
anyway; let's be honest about its absence.
commit efc8bbe37fe45370319b695e8573cfa3df23a663
Author: David Woodhouse
Date: Tue Jul 28 21:24:58 2015 +0100
Add fallback definition of BUFSIZ for no-stdio build
This is in , and might not be present from the system includes
if OPENSSL_NO_STDIO is set. Define it ourselves to a reasonable value
in that case, in the places where we're (ab)using it.
commit afc62e3b07c2b251c3e1bf07fc6985b935966050
Author: David Woodhouse
Date: Tue Jul 28 21:14:22 2015 +0100
Disable file: values in pci_process_value() for no-stdio build
commit c6bb3eddd60ae54e3d1f5232ac914884b184343b
Author: David Woodhouse
Date: Tue Jul 28 21:12:42 2015 +0100
Disable file-based TS_CONF_* functions for no-stdio build
If we can't access files, none of this is usable.
commit 73eebf202f2bd2266b5c7aaadca91fb485f85ee1
Author: David Woodhouse
Date: Tue Jul 28 20:56:28 2015 +0100
Remove functions taking FILE * from header files for no-stdio
If OPENSSL_NO_STDIO is set, we don't include and the FILE
type does not exist. So a whole bunch of function prototypes (for
functions that don't exist anyway) end up not compiling. Make them
go away.
While at it, fix up a few 'BIO *fp' in function prototypes which in
my first attempt got those functions #ifdef'd out too...
commit 455cfd0c79b53db92fc2007adf88480ded49a2be
Author: David Woodhouse
Date: Tue Jul 28 17:23:11 2015 +0100
Add missing DECLARE_PEM_write_fp_const for no-stdio
This was missing when OPENSSL_NO_STDIO was set, causing build errors.
commit 74a997c120b36d1686f476fd7089f6e34a7cd900
Author: David Woodhouse
Date: Tue Jul 28 17:09:48 2015 +0100
Disable X509_LOOKUP_hash_dir() with no-stdio
If OEPNSSL_NO_STDIO is set, we have no file access. So the hash directory
can't work.
X509_LOOKUP_file() was already compiled out, but its prototype was
still present in x509_vfy.h. Fix that too.
commit da6e508a5d58453b0f79a938e6cf825799ad94f4
Author: David Woodhouse
Date: Tue Jul 28 17:04:30 2015 +0100
Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid() to fix no-stdio
If OPENSSL_NO_STDIO is set, we cannot use fprintf(stderr…). So use
OPENSSL_showfatal() instead. OK, I haven't actually fixed *that* yet
either, and I'm not en
[openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build
Please pull the following fixes from
git://git.infradead.org/users/dwmw2/openssl-nostdio.git
These are browsable in gitweb at
http://git.infradead.org/users/dwmw2/openssl-nostdio.git
This removes a number of functions which require file access, which is not
possible when OPENSSL_NO_STDIO is set. In some cases the functions were already
missing, but the declarations were still present in the header files (and
causing compilation errors if FILE was not defined). In other cases the
declarations were correctly made conditional but the actual functions still
existed.
A couple of places use the BUFSIZ macro for a temporary buffer, and needed an
alternative.
The unused OPENSSL_stderr() function that does nothing but return stderr is
removed entirely.
OPENSSL_showfatal() now does nothing for the no-stdio build. It might be
possible to (re)introduce OPENSSL_std{in,out,err} as BIOs. Even platforms which
have no file access and no true stdio will often have some form of console
output, and BIO_printf() to that could certainly work for things like
OPENSSL_showfatal(). That's left for a later date.
The main thing that I'm *not* happy with is including to make
sscanf() work in OPENSSL_cpuid_setup(). That's at the very end of the tree for
a reason.
David Woodhouse (17):
Eliminate compiler warning for unused send_fp_chars() with no-stdio
Disable GOST engine when no-stdio
Disable TEST_ENG_OPENSSL_PKEY with no-stdio
Eliminate compiler warning for unused do_pk8pkey_fp() with no-stdio
Eliminate SRP_VBASE_init() and supporting functions for no-stdio
Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid() to fix no-stdio
Disable X509_LOOKUP_hash_dir() with no-stdio
Add missing DECLARE_PEM_write_fp_const for no-stdio
Remove functions taking FILE * from header files for no-stdio
Disable file-based TS_CONF_* functions for no-stdio build
Disable file: values in pci_process_value() for no-stdio build
Add fallback definition of BUFSIZ for no-stdio build
Remove unviable conf functionality from no-stdio build
Remove file-based functionality from ssl/ for no-stdio build
Kill OPENSSL_stderr()
Make OPENSSL_showfatal do nothing with no-stdio
Include for sscanf() even with no-stdio
--
Sent with Evolution's ActiveSync support.
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled
There are various circumstances in which it makes no sense to be
checking the start and end times of a certificate's validity.
When validating OS kernel drivers, or indeed when validating the OS
kernel itself when the firmware loads it, we *really* don't want to
have a built-in obsolescence date after which the system will no longer
function. That would be a bad thing even if we *could* reliably trust
the system's real time clock at this stage in the boot sequence.
This patch gives us a way to disable the time checks entirely, by using
X509_VERIFY_PARAM_set_time() with a time of -1.
There is a slight risk here — if anyone was genuinely using the value
of -1 to check if a certificate chain was indeed valid in the last
second of 1969. I judge that risk to be negligible. And it certainly
shouldn't be externally triggerable — if an attacker could influence
the value passed to X509_VERIFY_PARAM_set_time() then all bets were off
w.r.t. time-based checks anyway.
If there are serious concerns, however, I can provide an alternative
patch which adds an X509_V_FLAG_NO_CHECK_TIME flag for this purpose
instead.
I'm happy with anything except the existing version in the UEFI source
tree that everyone is shipping, which just disables the time check if
OPENSSL_SYS_UEFI is set¹. That one I *don't* like.
--
David WoodhouseOpen Source Technology Centre
david.woodho...@intel.com Intel Corporation
¹ http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/2fb12afc2ceb
>From 7999a8d8bafee04eef7d4015417652e8407d5378 Mon Sep 17 00:00:00 2001
From: David Woodhouse
Date: Wed, 22 Jul 2015 13:53:20 +0100
Subject: [PATCH] Allow certificate time checks to be disabled
Make a value of (time_t)-1 in X509_VERIFY_PARAM_set_time() indicate that
time checks are to be disabled completely. It seems fairly unlikely that
anyone is genuinely using this value to check whether a certificate
chain *was* valid in the last second of 1969, so this seems cleaner
than adding a new flag for it.
---
crypto/x509/x509_vfy.c | 8 +++-
doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 3 ++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index df012dd..282c127 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -953,6 +953,9 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
else
ptime = NULL;
+if (ptime && *ptime == (time_t)-1)
+ goto done;
+
i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
if (i == 0) {
if (!notify)
@@ -989,7 +992,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
return 0;
}
}
-
+ done:
if (notify)
ctx->current_crl = NULL;
@@ -1673,6 +1676,9 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet)
else
ptime = NULL;
+if (ptime && *ptime == (time_t)-1)
+return 1;
+
i = X509_cmp_time(X509_get_notBefore(x), ptime);
if (i == 0) {
if (quiet)
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 066ce0f..3b6b4d2 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -60,7 +60,8 @@ X509_VERIFY_PARAM_set_trust() sets the trust setting in B to
B.
X509_VERIFY_PARAM_set_time() sets the verification time in B to
-B. Normally the current time is used.
+B. Normally the current time is used. If B is set to the value B<-1>
+then checking the time is disabled completely.
X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
by default) and adds B to the acceptable policy set.
--
2.4.3
smime.p7s
Description: S/MIME cryptographic signature
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
