Brian Smith | 27 Mar 22:40 2015

Re: s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST

Brian Smith <brian <at> briansmith.org> wrote:
> Although the RFC4851 (an informational RFC documenting EAP-FAST) does
> not require the server to send the session ticket extension during
> resumption, it is based on RFC4507/RFC5077 (which are on the standards
> track), which *does* require the server to send the extension. So,
> this is a bug in the non-conformant servers, not in the openssl
> client.

Sorry. It seems I am wrong about this. RFC 5077 says "It is also
permissible to have an exchange similar to Figure 3 using the
abbreviated handshake defined in Figure 2 of RFC 4346, where the
client uses the SessionTicket extension to resume the session, but the
server does not wish to issue a new ticket, and therefore does not
send a SessionTicket extension."

AFAICT this means that, even outside of EAP-FAST, it is allowed for
the server to resume a session using a session ticket without sending
the session ticket extension in its ServerHello message.

Also, note that RFC 5077 section 3.4 allows the client to use a
session ticket and an empty session ID to resume a session, instead of
generating a "fake" session ID for the session ticket: "Alternatively,
the client MAY include an empty Session ID in the ClientHello.  In
this case, the client ignores the Session ID sent in the ServerHello
and determines if the server is resuming a session by the subsequent
handshake messages."

If OpenSSL's client code were changed to always use an empty session
ID when attempting resumption using a session ticket, then the
EAP-FAST case wouldn't be different from the general session ticket
(Continue reading)

Julien Kauffmann via RT | 27 Mar 18:46 2015
Picon

Re: [openssl.org #3765] AutoReply: [BUG] Crash in PEM write functions with generated EC_KEY on Windows

Follow up: apparently the problem seems to go away if I add:

     ::EC_KEY_set_asn1_flag(private_key->pkey.ec, OPENSSL_EC_NAMED_CURVE);

Before the call.

Sadly, I'm facing a similar with the reverse operation (loading EC_KEY 
from memory/file) using PEM_read_bio_EC_PUBKEY() when the generated key 
did not have the OPENSSL_EC_NAMED_CURVE flag set.

Le 23/03/2015 16:48, The default queue via RT a écrit :
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
> 	"[BUG] Crash in PEM write functions with generated EC_KEY on Windows",
> a summary of which appears below.
>
> There is no need to reply to this message right now.  Your ticket has been
> assigned an ID of [openssl.org #3765].
>
> Please include the string:
>
>           [openssl.org #3765]
>
> in the subject line of all future correspondence about this issue. To do so,
> you may reply to this message.
>
>                          Thank you,
>                          rt <at> openssl.org
(Continue reading)

Linsell, StevenX via RT | 27 Mar 14:12 2015
Picon

[openssl.org #3768] [BUG] using s_server with ECDHE-RSA is broken on OpenSSL 1.0.1m

When testing s_server/s_client with ECDHE-RSA based ciphers
- with any protocol version 
- on the OpenSSL 1.0.1m release 
- on x86_64 Fedora 16 
the handshake fails with:
140305461679776:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1389:

Example commands:

s_server:
./openssl s_server -cert rsa1024TestServer.cert.pem -key rsa1024TestServer.key.pem -WWW -accept
4411 -cipher ECDHE-RSA-AES128-SHA -nbio -tls1_2 -debug -state

s_client:
echo "GET /file_1byte.html HTTP/1.0" | ./openssl s_client  -host localhost -port 4411 -cipher
ECDHE-RSA-AES128-SHA -tls1_2 -ign_eof -debug -state

The issue has been tracked back to breaking on the following commit:-

 commit 059907771b89549cbd07a81df1a5bdf51e062066
 Author: Matt Caswell <matt <at> openssl.org>
 Date:   Fri Feb 27 00:02:06 2015 +0000

     Fix warning with no-ec

     This fixes another warning when config'd with no-ec

     Reviewed-by: Dr. Stephen Henson <steve <at> openssl.org>

And I have confirmed it has been broken by the following uninitialised variable:
(Continue reading)

Fred .Flintstone via RT | 27 Mar 13:46 2015
Picon

Re: [openssl.org #3767] Enhancement: Use PNG instead of GIF

You are right, it is not a bug.
It was failed as an "enhancement", like a feature request.

On Fri, Mar 27, 2015 at 1:19 PM, Rich Salz via RT <rt <at> openssl.org> wrote:

> not a source code bug. not really a bug, even.
> --
> Rich Salz, OpenSSL dev team; rsalz <at> openssl.org
>
>

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Fred .Flintstone via RT | 27 Mar 13:46 2015
Picon

Re: [openssl.org #3767] AutoReply: Enhancement: Use PNG instead of GIF

You are right, it is not a bug.
It was failed as an "enhancement", like a feature request.

On Fri, Mar 27, 2015 at 9:38 AM, The default queue via RT <rt <at> openssl.org>
wrote:

>
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
>         "Enhancement: Use PNG instead of GIF",
> a summary of which appears below.
>
> There is no need to reply to this message right now.  Your ticket has been
> assigned an ID of [openssl.org #3767].
>
> Please include the string:
>
>          [openssl.org #3767]
>
> in the subject line of all future correspondence about this issue. To do
> so,
> you may reply to this message.
>
>                         Thank you,
>                         rt <at> openssl.org
>
> -------------------------------------------------------------------------
> /usr/share/doc/openssl/openssl_button.gif
(Continue reading)

Rich Salz via RT | 27 Mar 13:19 2015
Picon

[openssl.org #3767] Enhancement: Use PNG instead of GIF

not a source code bug. not really a bug, even.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Fred .Flintstone via RT | 27 Mar 09:38 2015
Picon

[openssl.org #3767] Enhancement: Use PNG instead of GIF

/usr/share/doc/openssl/openssl_button.gif

GIF is an outdated old legacy file format.
Please convert it to the modern PNG file format.

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Michel | 26 Mar 17:50 2015
Picon

Explicit call to SSL_CTX_check_private_key() no longer needed ?

OpenSSL 1.0.2a

 

A call to SSL_CTX_check_private_key() is already done in ssl_set_pkey() / SSL_CTX_use_PrivateKey() line 597.

 

Consequently, SSL_CTX_check_private_key() is called twice in apps\s_cb.c, set_cert_key_stuff() line 274.

 

This might be enclosed in an include directive testing the version of OpenSSL ?

 

Regards,

 

Michel.

 

 

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dan Fulger via RT | 26 Mar 12:39 2015
Picon

[openssl.org #3766] OS/400 port of OpenSSL 1.0.1m

I updated the patch after the OpenSSL team reformatted the code.
________________________________________
De la: Dan Fulger
Trimis: 4 iulie 2014 18:03
Către: rt <at> openssl.org
Subiect: I updated George Shaw's 0.9.8e port to OS/400 from 2007

The attached patch and notes apply to 1.0.1h.

OS/400 fixes since George's port: unit tests now work better, X509 strings are now correctly encoded in generated
  certificates when not using prompt mode, a dependency to the OS/400 secure random numbers library
  was added, UTF8 strings in certificates no longer print garbage (but other Unicode encodings are not fixed).

Still to be fixed:
  - tsa test shows "bad time value" when printing but otherwise works
  - cms verification does not work

Attachment (AS400patch.tar.gz): application/x-compressed-tar, 64 KiB
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Igenyar Saharam | 25 Mar 20:59 2015
Picon

server code for SNI?

Hi,


I am interested in the TLS extension of Server Name Indication (SNI). The link provided here https://wiki.openssl.org/index.php/SSL/TLS_Client only contains the client side code. If I want to write the server side that supports SNI, is there any sample code I can start with?

Thanks a lot,


Igenyar
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Matt Cross | 25 Mar 19:56 2015
Picon

[PATCH] Insert CFI directives in x86_64 SHA1 implementation to enable backtracing

I am working with something that does a lot of SHA1's.  I am trying to profile my application and generate flame graphs (see http://www.brendangregg.com/flamegraphs.html ), but profiling tools cannot successfully backtrace when the processor is running the optimized SHA1 code on x86_64.  This patch adds CFI directives when compiled with a GNU assembler to enable tools that understand DWARF debugging information to backtrace in this circumstance.

I don't have a build environment for win64, but I did verify that the perl code does not generate the CFI directives if we are not generating code for the GNU assembler (IE if $cfi is not set).

    -Matt


commit 9522d706fa58679abd0b6f923aad623fad39abe5
Author: Matt Cross <matt.cross <at> gmail.com>
Date:   Wed Mar 25 14:15:37 2015 -0400

    Add CFI directives to the x86_64 SHA1 implementation to allow DWARF aware utilities to backtrace through these routines.

diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl
index 9bb6b49..9fe7b2b 100755
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/sha/asm/sha1-x86_64.pl
<at> <at> -95,6 +95,7 <at> <at> die "can't locate x86_64-xlate.pl";
 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
  =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
  $avx = ($1>=2.19) + ($1>=2.22);
+ $cfi = 1
 }
 
 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
<at> <at> -247,6 +248,8 <at> <at> $code.=<<___;
 .type sha1_block_data_order,\ <at> function,3
 .align 16
 sha1_block_data_order:
+`".cfi_startproc" if $cfi`
+
  mov OPENSSL_ia32cap_P+0(%rip),%r9d
  mov OPENSSL_ia32cap_P+4(%rip),%r8d
  mov OPENSSL_ia32cap_P+8(%rip),%r10d
<at> <at> -275,17 +278,35 <at> <at> $code.=<<___;
 .align 16
 .Lialu:
  mov %rsp,%rax
+`".cfi_def_cfa_register rax" if $cfi`
  push %rbx
+# The CFA (Cononical Frame Address) is after the pushed return value, so RBX was just stored at CFA - 16:
+`".cfi_offset rbx,-16" if $cfi`
  push %rbp
+`".cfi_offset rbp,-24" if $cfi`
  push %r12
+`".cfi_offset r12,-32" if $cfi`
  push %r13
+`".cfi_offset r13,-40" if $cfi`
  push %r14
+`".cfi_offset r14,-48" if $cfi`
  mov %rdi,$ctx # reassigned argument
  sub \$`8+16*4`,%rsp
  mov %rsi,$inp # reassigned argument
  and \$-64,%rsp
  mov %rdx,$num # reassigned argument
  mov %rax,`16*4`(%rsp)
+# This adds a "CFA expression" to say that the CFA is calculated by reading the value at RSP+0x40, and adding 8 to it:
+# DW_CFA_def_cfa_expression    0x0f           : says CFA is calculated by evaluating the following expression
+# BLOCK
+#   length (ULEB128)           0x06           : number of bytes remaining
+#   DW_OP_breg7 0x40           0x77 0xc0 0x00 : read RSP, add 0x40, and push onto stack - note SLEB128 encoding of 0x40
+#                                               requires 2 bytes to avoid sign extension
+#   DW_OP_deref                0x06           : read from addr on top of stack
+#   DW_OP_plus_uconst 0x8      0x23 0x08      : pop top of stack, add 8, push back onto stack
+
+`".cfi_escape 0x0f,0x06,0x77,0xc0,0x00,0x06,0x23,0x08" if $cfi`
+
 .Lprologue:
 
  mov 0($ctx),$A
<at> <at> -319,14 +340,22 <at> <at> $code.=<<___;
  jnz .Lloop
 
  mov `16*4`(%rsp),%rsi
+`".cfi_def_cfa rsi,8" if $cfi`
  mov -40(%rsi),%r14
+`".cfi_restore r14" if $cfi`
  mov -32(%rsi),%r13
+`".cfi_restore r13" if $cfi`
  mov -24(%rsi),%r12
+`".cfi_restore r12" if $cfi`
  mov -16(%rsi),%rbp
+`".cfi_restore rbp" if $cfi`
  mov -8(%rsi),%rbx
+`".cfi_restore rbx" if $cfi`
  lea (%rsi),%rsp
+`".cfi_def_cfa rsp,8" if $cfi`
 .Lepilogue:
  ret
+`".cfi_endproc" if $cfi`
 .size sha1_block_data_order,.-sha1_block_data_order
 ___
 if ($shaext) {{{
<at> <at> -342,6 +371,7 <at> <at> $code.=<<___;
 .align 32
 sha1_block_data_order_shaext:
 _shaext_shortcut:
+`".cfi_startproc" if $cfi`
 ___
 $code.=<<___ if ($win64);
  lea `-8-4*16`(%rsp),%rsp
<at> <at> -440,6 +470,7 <at> <at> $code.=<<___ if ($win64);
 ___
 $code.=<<___;
  ret
+`".cfi_endproc" if $cfi`
 .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
 ___
 }}}
<at> <at> -473,12 +504,19 <at> <at> $code.=<<___;
 .align 16
 sha1_block_data_order_ssse3:
 _ssse3_shortcut:
+`".cfi_startproc" if $cfi`
  mov %rsp,%rax
+`".cfi_def_cfa_register rax" if $cfi`
  push %rbx
+`".cfi_offset rbx,-16" if $cfi`
  push %rbp
+`".cfi_offset rbp,-24" if $cfi`
  push %r12
+`".cfi_offset r12,-32" if $cfi`
  push %r13 # redundant, done to share Win64 SE handler
+`".cfi_offset r13,-40" if $cfi`
  push %r14
+`".cfi_offset r14,-48" if $cfi`
  lea `-64-($win64?6*16:0)`(%rsp),%rsp
 ___
 $code.=<<___ if ($win64);
<at> <at> -492,6 +530,7 <at> <at> $code.=<<___ if ($win64);
 ___
 $code.=<<___;
  mov %rax,%r14 # original %rsp
+`".cfi_def_cfa_register r14" if $cfi`
  and \$-64,%rsp
  mov %rdi,$ctx # reassigned argument
  mov %rsi,$inp # reassigned argument
<at> <at> -907,14 +946,22 <at> <at> $code.=<<___ if ($win64);
 ___
 $code.=<<___;
  lea (%r14),%rsi
+`".cfi_def_cfa_register rsi" if $cfi`
  mov -40(%rsi),%r14
+`".cfi_restore r14" if $cfi`
  mov -32(%rsi),%r13
+`".cfi_restore r13" if $cfi`
  mov -24(%rsi),%r12
+`".cfi_restore r12" if $cfi`
  mov -16(%rsi),%rbp
+`".cfi_restore rbp" if $cfi`
  mov -8(%rsi),%rbx
+`".cfi_restore rbx" if $cfi`
  lea (%rsi),%rsp
+`".cfi_def_cfa_register rsp" if $cfi`
 .Lepilogue_ssse3:
  ret
+`".cfi_endproc" if $cfi`
 .size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
 ___
 
<at> <at> -935,12 +982,19 <at> <at> $code.=<<___;
 .align 16
 sha1_block_data_order_avx:
 _avx_shortcut:
+`".cfi_startproc" if $cfi`
  mov %rsp,%rax
+`".cfi_def_cfa_register rax" if $cfi`
  push %rbx
+`".cfi_offset rbx,-16" if $cfi`
  push %rbp
+`".cfi_offset rbp,-24" if $cfi`
  push %r12
+`".cfi_offset r12,-32" if $cfi`
  push %r13 # redundant, done to share Win64 SE handler
+`".cfi_offset r13,-40" if $cfi`
  push %r14
+`".cfi_offset r14,-48" if $cfi`
  lea `-64-($win64?6*16:0)`(%rsp),%rsp
  vzeroupper
 ___
<at> <at> -955,6 +1009,7 <at> <at> $code.=<<___ if ($win64);
 ___
 $code.=<<___;
  mov %rax,%r14 # original %rsp
+`".cfi_def_cfa_register r14" if $cfi`
  and \$-64,%rsp
  mov %rdi,$ctx # reassigned argument
  mov %rsi,$inp # reassigned argument
<at> <at> -1271,14 +1326,22 <at> <at> $code.=<<___ if ($win64);
 ___
 $code.=<<___;
  lea (%r14),%rsi
+`".cfi_def_cfa_register rsi" if $cfi`
  mov -40(%rsi),%r14
+`".cfi_restore r14" if $cfi`
  mov -32(%rsi),%r13
+`".cfi_restore r13" if $cfi`
  mov -24(%rsi),%r12
+`".cfi_restore r12" if $cfi`
  mov -16(%rsi),%rbp
+`".cfi_restore rbp" if $cfi`
  mov -8(%rsi),%rbx
+`".cfi_restore rbx" if $cfi`
  lea (%rsi),%rsp
+`".cfi_def_cfa_register rsp" if $cfi`
 .Lepilogue_avx:
  ret
+`".cfi_endproc" if $cfi`
 .size sha1_block_data_order_avx,.-sha1_block_data_order_avx
 ___
 
<at> <at> -1302,12 +1365,19 <at> <at> $code.=<<___;
 .align 16
 sha1_block_data_order_avx2:
 _avx2_shortcut:
+`".cfi_startproc" if $cfi`
  mov %rsp,%rax
+`".cfi_def_cfa_register rax" if $cfi`
  push %rbx
+`".cfi_offset rbx,-16" if $cfi`
  push %rbp
+`".cfi_offset rbp,-24" if $cfi`
  push %r12
+`".cfi_offset r12,-32" if $cfi`
  push %r13
+`".cfi_offset r13,-40" if $cfi`
  push %r14
+`".cfi_offset r14,-48" if $cfi`
  vzeroupper
 ___
 $code.=<<___ if ($win64);
<at> <at> -1322,6 +1392,7 <at> <at> $code.=<<___ if ($win64);
 ___
 $code.=<<___;
  mov %rax,%r14 # original %rsp
+`".cfi_def_cfa_register r14" if $cfi`
  mov %rdi,$ctx # reassigned argument
  mov %rsi,$inp # reassigned argument
  mov %rdx,$num # reassigned argument
<at> <at> -1750,14 +1821,22 <at> <at> $code.=<<___ if ($win64);
 ___
 $code.=<<___;
  lea (%r14),%rsi
+`".cfi_def_cfa_register rsi" if $cfi`
  mov -40(%rsi),%r14
+`".cfi_restore r14" if $cfi`
  mov -32(%rsi),%r13
+`".cfi_restore r13" if $cfi`
  mov -24(%rsi),%r12
+`".cfi_restore r12" if $cfi`
  mov -16(%rsi),%rbp
+`".cfi_restore rbp" if $cfi`
  mov -8(%rsi),%rbx
+`".cfi_restore rbx" if $cfi`
  lea (%rsi),%rsp
+`".cfi_def_cfa_register rsp" if $cfi`
 .Lepilogue_avx2:
  ret
+`".cfi_endproc" if $cfi`
 .size sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
 ___
 }

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Gmane