Can you cut/paste the output you're getting? I think this is fixed in the
post-1.0.2 branch at least.
making install in engines/ccgost...
Fixed, sorry for the inconvenience.
OpenSSL_1_0_2-stable 3258429 RT3271 update; extra; semi-colon; confuses; some;
master cb4bb56 RT3271 update; extra; semi-colon; confuses; some;
Author: Rich Salz rs...@openssl.org
Date: Wed Sep 10 15:05:38
I think the bug is that we need to ouput a leading zero to avoid confusing the
number as negative.
:��IϮ��r�m�
(Z+�7�zZ)���1���x���hW^��^��%�����jם.+-1�ځ��j:+v���h�
The attached diff adds GET support to ocsp. I'd appreciate any feedback.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
ocsp-get.patch
Description: ocsp-get.patch
I don't see where the OCSP request is de-base64-ified, and URL-decoded.
In both cases, d2i_OCSP_REQUEST_bio is called to get the request, but it's
done directly on the HTTP request line for a GET.
Doh! Right :(
__
OpenSSL
Any input from Windows folks on the attached?
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
rt2301.patch
Description: rt2301.patch
Thanks for working on this.
I haven’t looked at the patch yet. Can we just put the constants in engine.h?
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
] On Behalf Of Salz, Rich
Sent: Sunday, September 14, 2014 12:05
To: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org
Subject: Windows folks -- comment on this patch for RT 2301?
Any input from Windows folks on the attached?
--
Principal Security Engineer, Akamai Technologies
IM: rs
-DSHA512_ASM -DAES_ASM -DGHASH_ASM -c -o md2test.o md2test.c
md2test.c:1: error: syntax error before '.' token
md2test.c:1:12: warning: no newline at end of file
Your copy of this file is corrupted.
; wc test/md2test.c
48 148 955 test/md2test.c
;
It's too late for 1.0.2, which is in feature-freeze and only getting bugfixes.
But I'll put it in my branch on github for inclusion in the next release after.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
The default time comes from the gettimeofday() system call (see def_time_cb in
ts_rsp_sign.c).
I don't see any openssl bug here.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
-Original Message-
From: owner-openssl-...@openssl.org
Jeremy Farrell was kind enough off-list to provide me with a clue :) There is a
bug in openssl formatting.
:��IϮ��r�m�
(Z+�7�zZ)���1���x���hW^��^��%�����jם.+-1�ځ��j:+v���h�
I'm not sure what you're expecting, but no. It's using TLS with an SRP crypto
and that's what the output shows.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
I understand your frustration. We've fixed bugs and added some features in
1.0.2; 'git log apps' will show many entries. Yes, not everything. We're also
hoping to have more frequent releases so hopefully the wait won't be as long.
And once we clean up some things, my branch will get merged
The error makes no sense. The compiler is complaining about the include line?
Do wc -l md2test.c
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
Starting with the next release after 1.0.2, we're planning on removing the
following platforms from the codebase.
NeXT NEWS SUNOS
It looks like SUNOS can be handled by adding -Dssize_t=int as a compiler flag.
For your information, we have already removed BEOS, MWERKS and pre-OSx Mac
Somehow the file that you have is corrupted.
It is not corrupted in the tar file.
It is a local error.
I do not know what the error is but mdtest.c on your disk is WRONG.
I don't see where the OCSP request is de-base64-ified, and URL-decoded.
In both cases, d2i_OCSP_REQUEST_bio is called to get the request, but it's
done directly on the HTTP request line for a GET.
I forgot to post the updated patch. Thanks Erwann.
--
Principal Security Engineer, Akamai
I just wanted to double check to make sure that SUNOS is the pre-5.X Solaris
version and it doesn't include the currently supported Solaris release
(Solaris
8-11.2).
Yes, old SunOS, not Solaris.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
This code treats non-hex characters as zero, they should trigger an error.
Be liberal in what you accept :) If there's a problem with it, the base64
decode or the DER parse will fail later. If there's not a problem with it,
then there.. is no problem.
+ if (strchr(p, '+') !=
You're doing HTML-entity decoding here. URL decoding uses only the
%xx stuff. See RFC3986.
+ else if (*p != '%')
+ *out++ = *p;
Yes, I was treating it as an HTML form, not just a strict URI encoding.
+ /* URL decode? Really shouldn't be needed.
The decoder does not correctly NUL terminate p when it shrinks by
replacing '%xx' with the corresponding octet.
Arrgh. Thanks.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
__
Great work!
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
This is cool, we should do it, but it's probably too late for 1.0.2.
Thanks!
In crypto/bn/bn_ctx.c, line 161:
fprintf(stderr,(%08x): , (unsigned int)ctx);
change it to this
fprintf(stderr,(%p): , ctx);
and see if that fixes it.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
Did you take the (unsigned int) cast off?
Do sed –n –e 160,162p bn_ctx.
:��IϮ��r�m�
(Z+�7�zZ)���1���x���hW^��^��%�����jם.+-1�ځ��j:+v���h�
Most of the OpenSSL development team will be at LinuxConf in Dusseldorf next
week. We'll have some kind of BoF or public session. But feel free to also look
for me (and probably others) directly.
We would like to thank the Linux Foundation for their generous financial
support that made this
Is there any time that the value of HOST_cl2 is used? Could we just add the
(void) cast to the macro definition?
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
__
OpenSSL Project
Let's fix it the right way. :)
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
:��IϮ��r�m�
(Z+�7�zZ)���1���x���hW^��^��%�����jם.+-1�ځ��j:+v���h�
Look like a bug and a reasonable fix. Thanks.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Dmitry Belyavsky
Sent: Saturday, October 11,
I suppose it fixes both - client and server ?
The server-side is automatic: when it sees the SCSV fallback, it sends a fatal
alert back to the client.
Clients that will do fallback must call a new API; see the changes file.
--
Principal Security Engineer, Akamai Technologies
IM:
Note that the CVE identifier was assigned to the SSL 3.0 protocol issue
related to CBC padding. The new SCSV does not help with that at all.
What? It prevents silently falling back to the broken protocol.
Perhaps we can keep this battle-thread just in the TLS WG mail?
/r$
--
Again, this is not related to the question whether the fallback SCSV is a good
idea. It is a procedural issue with CVE naming.
Then take it up with the CVE folks. Not here. :)
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
Yes, thanks. We'll open a ticket in a day or two
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-
d...@openssl.org] On Behalf Of Brad House
Sent: Thursday,
[I'm all for mandating C99 - but not for switching prereqs of a
legacy/maintenance branch]
That was not our intent -- to do the switch -- and it's a bug we're working on.
Thanks for the report.
/r$
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter:
I'm working on Network Time Security and the draft specification requires
RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).
You're a bit confused. 5280 is the cert/crl profile. Pkcs9, evolved into RFC
2985 I think.
How complete is OpenSSL's support for both of these standards?
Better
8:50 PM
To: openssl-dev@openssl.org
Subject: Re: [PATCH] Suppress unused value warnings casue by HOST_cl2
ping?
On Mon, Oct 13, 2014 at 3:57 PM, Doug Kwan (關振德)
dougk...@google.com wrote:
On Fri, Oct 10, 2014 at 2:39 PM, Salz, Rich rs...@akamai.com wrote:
Let's fix it the right way
AES 128 is worth supporting.
I agree that AES 192 is not.
AES 128 is worth supporting.
Not for me; doing this strictly for fun.
Sure, I understand that.
We're unlikely to incorporate the patch without finishing it and doing AES
128. Nobody said it had to be you :)
It will take awhile anyway, and it won't show up in 1.0.2
You might want to toggle off base64 encoding on your emails. Some mail
clients choke on it as do list aggregators (e.g.
http://marc.info/?l=openssl-devm=141387182603109w=2).
The problem is that openssl is running really old mailing list software. It is
going to be upgraded soon. It's
It's an interesting idea. I'll chat with the Moz folks. Best we could do is
probably early patch to 1.0.2
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Is there a way to disable SSLv3 for ALL applications by a central OpenSSL
configuration ?
No.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
make with -j option fails,
because dependency to libraries is not described in Makefile.
Please see http://rt.openssl.org/Ticket/Display.html?id=1688
I think this is a duplicate
#if !defined(OPENSSL_NO_SOCK) !(defined(OPENSSL_NO_SSL2)
defined(OPENSSL_NO_SSL3))
That's a bug. Make it only !defined(OPENSSL_NO_SOCK)
__
OpenSSL Project http://www.openssl.org
Development
It boggles the mind that to this day that patch has not been integrated in the
5 years since the bug was opened.
So many things about openssl can boggle the mind :)
In this particular case, I think the issue is that adding things to
s_client/s_server apps isn't really enough to enable IPv6
Does this look like a good idea?
Yes, very. I think the min/max versions should be two explicit parameters,
where '0' means the highest(lowest) supported by the library.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
not available on Windows Phone. Unfortunately, this requires C++ code,
but together with the added extern C {...} everything links fine in the
end, even if this single file is compiled by the C++ compiler.
It would probably be better if wind_phone_rand.cpp were a separate file.
--
I've received the attached patch to make EVP_DecryptFinal_ex call
EVPerr() in case of an error.
I think that unless Emilia (or other constant-time expert) agrees, then the
current behavior makes the right trade-off. It sacrifies some level of error
detail in favor of protecting against a
Please send this to r...@openssl.org so it doesn't get lost.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Please let me know how to disable SSLV2 and SSLV3 from apache(Unix) Server.
Go see https://bettercrypto.org/
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
__
OpenSSL Project
Does this mean that if I want to use low level digest APIs that I would
comment out the ' if (FIPS_mode())' test below?
If this is ocorrect, am I now violating FIPS?
Yes, if you make that change and try to use that API, you would be violating
the FIPS validation.
The error message seems
Yes I am.
I have seen in other posting about using EVP instead, but I am a bit unclear
on how to get there from here.
Well, kinda hard to say without looking at what you're currently doing. (And
I'm not volunteering to do that kind of code review, although others on this
list might help.)
2. When will RT2574 be integrated to protect our ECC keys in the inevitable
presence of software defects like this?
http://rt.openssl.org/Ticket/Display.html?id=2574user=guestpass=guest
Timing attacks on ECC isn't a very high priority right now, given all the other
bigger easier to exploit
We will soon be freezing the mailing list memberships for a couple of days.
We are moving to a new server and upgrading the mail infrastructure.
(For mail wonks who might care: replacing the aging majordomo setup with a
more-current mailman setup, among other things.)
--
Principal Security
Yes, I will revert the change.
Please look at https://github.com/richsalz/openssl/tree/master/apps which will
be merged into master soon (I hope)
I'll fix it thanks
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-
d...@openssl.org] On Behalf Of The Doctor
Sent: Saturday, November 29, 2014 1:09 AM
To:
https://github.com/richsalz/openssl/tree/master/apps
the bad descriptions are gone, but the new ones are still missing
Yes. I have to resync against master. Of course I'll do that before the merge.
a .tar.gz is part of the directory name.
Fixed. thanks
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
The requested URL /related/binaries.html was not found on this server.
The link moved. I added a rewrite to send you to the right place. It works
now.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
Gee, BOGUS_CONST is a little harsh. MAYBE_CONST or SHOULDBE_CONST would have
been nicer.
___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
I think magic names -- shorthands -- are a very bad idea. They are
point-in-time statements whose meaning evolves, if not erodes, over time.
___
openssl-dev mailing list
openssl-dev@openssl.org
Let's imagine someone develop extension module to OpenSSL, and release it
under Apache v2 license.
Do you see any possible issues with using this extension module as a part of
OpenSSL?
Are you writing an extension that you are going to distribute, or is it
something you want to contribute
This is something I would like to be contributed to OpenSSL.
Sure, I'm talking about new engine and new files.
Great, thanks.
But, if for some reasons licensing of it will be possible under Apache v2
only - what issues could it cause?
Impossible to say for sure. Maybe no issues. Maybe a
Now POODLE is hitting TLS
http://www.computerworld.com/article/2857274/security0/poodle-flaw-tls-
itbwcw.html
Any fixes in the works?
As has already been covered in the openssl-dev list. OpenSSL does not have
this defect.
--
Principal Security Engineer, Akamai Technologies
IM:
Kind of humorous that I get cert errors when connecting to
https://mta.opensslfoundation.net/
Glad you appreciate the humor :)
We didn't want to wait for the CA to reply before making the switch.
___
openssl-dev mailing list
openssl-dev@openssl.org
For what it's worth, I have tested the Alexa top 1 million servers with the -
trusted_first option and haven't found a single server that looses its trusted
status, on the other hand, good few percent of servers do gain it.
It's worth a great deal. Thanks! I love fact-based analysis. :)
Is this a theoretical issue, or have you seen it in widespread use?
I thought most servers these days picked what they wanted, and used the client
ordering as a suggestion, at best.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
The boringssl patch was quite invasive, so I gave up to try to port their
changes.
We're working with the Boring folks to keep closer in sync so maybe something
will happen in this area.
___
openssl-dev mailing list
openssl-dev@openssl.org
In particular there MUST NOT be any fragile hand-tuning. All ordering needs
to be based on general principles.
This is not a universally-held view.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
___
Subtracting (in local configuration) algorithms from a keyword denoting all
known-strong algorithms is hand-tuning, but not fragile hand-tuning.
Three years ago RC4 was known-strong. Two years ago DES-CBC was known-strong.
Now we only have AES-GCM. At what point do we think ChaCha/Poly is
There's clearly only one solution: I'll implement a DWIM keyword in OpenSSL
1.1 Maybe @BEST sorting order.
It's hard. You aren't doing people a service by attempting magic.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
I am putting the finishing touches on an Internet-Draft for textual
encodings of security structures
http://tools.ietf.org/html/draft-josefsson-pkix-textual-09, which
OpenSSL refers to as the PEM format.
Cool. You know why it's called PEM format, right? (RFC 1115 et al)
#define
Are you trying to be proscriptive (say what people should use) or descriptive
(document what is in use)?
Yes, PKCS8-based PRIVATE KEY is better. But RSA PRIVATE KEY is in (wide) use
and should be described.
___
openssl-dev mailing list
This is a security issue in the sense that is a Type-II error (disallowing
good
guys). It affects thousands of sites and who-knows-how-many users.
Well, kinda. It disallows good guys who made a mistake and are violating the
RFC. Sure, they're not written in stone and that particular RFC
In order to fix the Poodle vulnerability on SSLv3, I tried to disable my
SSLv3 cipher using the below cipher set, but did not even initiate SSL in
0.9.8a.
If you are running 0.9.8a Poodle is probably the least of your worries.
Looking at https://www.openssl.org/news/openssl-0.9.8-notes.html
Looking at just OPENSSL_NO_xxx, we have over 100 openssl #ifdef options and we
are considering removing nearly a third of them. Please reply soon if the
following plan would cause problems. This will happen only in master, for
post-1.0.2.
We will remove the following options. You could argue
Yes.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
The only one of all those that matters (to me) is OPENSSL_NO_SSL_INTERN since
that provides a way to anticipate the effects of this API change. I'm fine
with it going, but it needs a specified replacement (even if the replacement
is we'll do that by default). Currently for example Qt won't
I think these definitions should stay the same, but I have no
objection to disabling RC4 in DEFAULT, or entirely removing
EXPORT/LOW.
That seems inconsistent with your view that RC4 must remain in MEDIUM, yet you
are willing to drop other terms that other applications might be using.
I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
explicilty in DEFAULT) is a good one that maintains important backward
compatibility while providing the desired removal of RC4 by default. There's
no advantage to moving RC4 to LOW.
Sure there is: it's an accurate
Also, what about changing order so that 128bit+ AEAD and PFS are
preferred over other ciphers (including 256 bit ones)?
I sent in a patch for exactly that a while ago.
Unfortunately I got zero feedback...
https://mta.openssl.org/pipermail/openssl-dev/2015-January/000421.html
Sorry
Note that for most applications the correct approach to configuring
ciphersuites should be to start with DEFAULT and subtract what they don't
want. The library is then responsible for a generally sensible default order
and default exclusions.
I strongly disagree. Most applications should
Please continue to make it possible to build the crypto part of OpenSSL,
without the X.509 and SSL/TLS code. There are lots of uses of OpenSSL that
don't need that code.
You can build crypto without ssl. And the only place OPENSSL_NO_X509 appeared
was, strangely, in ssl. So crypto builds,
By all means, don't use it, but it is not OpenSSL's choice to make by breaking
the meaning of existing interfaces.
Except that we've explicitly stated we're breaking things with this new release.
Those magic cipher keywords are point-in-time statements. And time has moved
on.
Not all applications are browsers folks, and libraries need to provide stable
interfaces that mirror the application's intent consistent with expected
behaviour of existing interfaces.
Please point to where it is documented what the value of MEDIUM means and what
interface is being broken?
currently, this is an error:
0 dkg@alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER
bash: !NO-SUCH-CIPHER: event not found
0 dkg@alice:~$
Yeah, but that's coming from bash, not openssl :)
; openssl ciphers -v ALL | wc
111 6758403
; openssl ciphers -v ALL:!FOOBAR | wc
111
Some time ago, I had submitted a patch which allows administrators, but
most importantly OS distributors to set their own strings in the configuration
file, which software can then rely on, to provide a consistent security level:
https://github.com/openssl/openssl/pull/192
And my intent is
I've been tasked with wrapping OpenSSL encrypted traffic in another protocol
(HTTP).
That's going to be a bit tricky, and require some pretty detailed knowledge of
the protocol. For example, the initial setup -- the hello messages -- will
require a couple of POST and reply messages. Even
I'm sure this would resolve the issue. The problem exists in 1.0.1, but not
1.0.2. Here's the entry in the 1.0.1 libeay.num:
Fixed. It was a mistake to remove engine_rsax, and I just reverted that.
Should show up in the snapshots within an hour
Thanks for the update. I was curious why it was removed from 1.0.1. It
seemed to be beyond the scope of a bug fix. Given 1.0.2 has now been
released, should eng_rsax been removed there too?
I goofed removing it from 1.0.1
For 1.0.2 it wasn't compiled so it's just an OCD kinda thing :)
3) submit a patch. So I chose the latter.
Your choice of action makes sense to me, thanks!
Thanks for the patch, it seems useful and makes sense.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
If it hasn't landed, does anyone know the status of the patch AGL provided a
while back?
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a8646510b
I can answer this, easy, one. That patch is outdated by the latest I-D
___
openssl-dev
The OpenSSL coding style document is now available on our web site:
https://www.openssl.org/about/codingstyle.txt
It is derived from the Linux Kernel coding style, and we are grateful to them
for providing such an excellent document that we could use as our base. Because
it is derived
* Add task for decryption of client key exchange response
* Add task for generating client certificate verify message
* Add task for signing of server key exchange message
Can you explain this a little more?
I can. I mentioned this on the -team mailing list. The idea is that an
Matt tried to explain this before.
1.0.1e-30 is not a version that OpenSSL provides. You will have to contact
your vendor.
The backtrace information is not usable as there are no function names; you
will have to build a debugging version.
We cannot help you.
--
Principal Security Engineer,
you think is still necessary to leave in the code #ifndef OPENSSL_NO_SHA
and #ifdef OPENSSL_NO_SHA are so many function calls EVP_sha1() (and
other similar) that compiling with -DOPENSSL_NO_SHA gives an endless
series of errors and warnings.
Right, it's not useful. We're looking at cleaning
If you're going to change this, then perhaps at the same time as changing the
API these could be inverted so we have defines that say what /is/ enabled
since that's probably a better design overall.
The key word being probably There is something to be said for the idea that
new features
In order to fix the Poodle vulnerability on SSLv3, I tried to disable my
SSLv3 cipher using the below cipher set, but did not even initiate SSL in
0.9.8a.
If you are running 0.9.8a Poodle is probably the least of your worries.
Looking at https://www.openssl.org/news/openssl-0.9.8-notes.html
Looking at just OPENSSL_NO_xxx, we have over 100 openssl #ifdef options and we
are considering removing nearly a third of them. Please reply soon if the
following plan would cause problems. This will happen only in master, for
post-1.0.2.
We will remove the following options. You could argue
201 - 300 of 1073 matches
Mail list logo
