headers
Robert Ripberger via RT | 1 Sep 2010 10:31
Picon
Favicon

[openssl.org #2327] bug report

OpenSSL 1.0.0
perl Configure VC-WIN32
ms\do_nasm

Getting runtime exception errors at t1_lib.c function ssl_parse_clienthello_tlsext, line 798. The
code at that line is:

   if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
We disabled TLS extensions with OPENSSL_NO_TLSEXT as a workaround.

OpenSSL 1.0.0
perl Configure VC-WIN32
ms\do_nasm
 
Getting runtime exception errors at t1_lib.c function ssl_parse_clienthello_tlsext, line 798. The code at that line is:
 
   if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
We disabled TLS extensions with OPENSSL_NO_TLSEXT as a workaround.
 
Permalink | Reply | 0 comments |
headers
Robert Ripberger via RT | 1 Sep 2010 10:31
Picon
Favicon

[openssl.org #2328] bug report

OpenSSL 1.0.0
perl Configure VC-WIN32
ms\do_nasm

When compiling with OPENSSL_NO_EC defined we get numerous compile errors such as "EC is disabled".

OpenSSL 1.0.0
perl Configure VC-WIN32
ms\do_nasm
 
When compiling with OPENSSL_NO_EC defined we get numerous compile errors such as "EC is disabled".
 
Permalink | Reply | 0 comments |
headers
Benjamin GIGON via RT | 1 Sep 2010 10:38
Picon
Favicon

[openssl.org #2329] Bug in SHA1 functions with special file ?

Hello,
I used SHA1 functions to create HMAC fingerprint
It is a very simple prog:

---------------------------------
        char *content;
        SHA_CTX ctx;
        unsigned char message_digest[SHA_DIGEST_LENGTH];
        int retval;
        FILE *fh;

        /* SHA1 DIGEST */
        SHA1_Init(&ctx);

        fh = fopen(argv[1], "r");
        content = (char*)malloc(4096);

        while( !feof(fh) ) {
                retval = fread((char*)content, 1, 4096, fh);
                printf("Read:%d\n", retval);
                SHA1_Update(&ctx, content, retval);
        }

        SHA1_Final(message_digest, &ctx);
        puts((char *)message_digest);

        free((void*)content);
        fclose(fh);
-------------------------------
(Continue reading)

Permalink | Reply | 2 comments |
headers
Timo Teräs | 1 Sep 2010 11:54
Picon
Picon
Favicon

Re: [openssl.org #2329] Bug in SHA1 functions with special file ?

On 09/01/2010 11:38 AM, Benjamin GIGON via RT wrote:
> Hello,
> I used SHA1 functions to create HMAC fingerprint
> It is a very simple prog:
>[snip]
>         while( !feof(fh) ) {
>                 retval = fread((char*)content, 1, 4096, fh);
>                 printf("Read:%d\n", retval);
>                 SHA1_Update(&ctx, content, retval);
>         }
> 
>         SHA1_Final(message_digest, &ctx);
>         puts((char *)message_digest);

This is the problem. puts prints zero terminated string of ASCII.
SHA1_Final returns a unsigned char buffer of non-ASCII data.

Use fwrite(message_digest, SHA_DIGEST_LENGTH, 1, stdout) to write
the binary data, or something like:
  for (i = 0; i < SHA_DIGEST_LENGTH; i++)
    printf("%02x", message_digest[i]);
  printf("\n");

To print the hex dump of the hash (which is likely what you wanted).

> I read file and I create a message digest with SHA1_Final;
> For 99,99% of files, I have a good message digest

I'm pretty sure you get other weird results too. Likely the number
of bytes the fputs prints can vary depending if the hash a zero byte
(Continue reading)

Permalink | Reply | 1 comment |
headers
Timo Teräs via RT | 1 Sep 2010 11:58
Picon
Favicon

Re: [openssl.org #2329] Bug in SHA1 functions with special file ?

On 09/01/2010 11:38 AM, Benjamin GIGON via RT wrote:
> Hello,
> I used SHA1 functions to create HMAC fingerprint
> It is a very simple prog:
>[snip]
>         while( !feof(fh) ) {
>                 retval = fread((char*)content, 1, 4096, fh);
>                 printf("Read:%d\n", retval);
>                 SHA1_Update(&ctx, content, retval);
>         }
> 
>         SHA1_Final(message_digest, &ctx);
>         puts((char *)message_digest);

This is the problem. puts prints zero terminated string of ASCII.
SHA1_Final returns a unsigned char buffer of non-ASCII data.

Use fwrite(message_digest, SHA_DIGEST_LENGTH, 1, stdout) to write
the binary data, or something like:
  for (i = 0; i < SHA_DIGEST_LENGTH; i++)
    printf("%02x", message_digest[i]);
  printf("\n");

To print the hex dump of the hash (which is likely what you wanted).

> I read file and I create a message digest with SHA1_Final;
> For 99,99% of files, I have a good message digest

I'm pretty sure you get other weird results too. Likely the number
of bytes the fputs prints can vary depending if the hash a zero byte
(Continue reading)

Permalink | Reply | 0 comments |
headers
Benjamin GIGON via RT | 1 Sep 2010 18:20
Picon
Favicon

Re : [openssl.org #2329] Bug in SHA1 functions with special file ?

Hello,
You right !
It's strange: for the first time I thought that the problem was maybe \0 (and I 
do not why I never tested this "problem" ...)

After SHA1_Final, I use BIO_* and specially this:

BIO_write(b64, message_digest, strlen((char*)message_digest));

strlen isn't a good idea  :)
better is:

BIO_write(b64, message_digest, SHA_DIGEST_LENGTH);

Thanks a lot for your helps, Timo

Have a good day

Bye

----- Message d'origine ----
> De : Timo Teräs via RT <rt <at> openssl.org>
> À : benjamin <at> gigon.org
> Cc : openssl-dev <at> openssl.org
> Envoyé le : Mer 1 septembre 2010, 11h 58min 52s
> Objet : Re: [openssl.org #2329] Bug in SHA1 functions with special file ?
> 
> On 09/01/2010 11:38 AM, Benjamin GIGON via RT wrote:
> > Hello,
> > I  used SHA1 functions to create HMAC fingerprint
(Continue reading)

Permalink | Reply | 0 comments |
headers
Georgi Guninski | 2 Sep 2010 09:59

Re: inconsistent timings for rsa sign/verify with 100K bit rsa keys

On Mon, Aug 30, 2010 at 05:34:49PM +0200, Mounir IDRASSI wrote:
> So, the modular exponentiation with the public exponent of key2 is 4
> times slower that the signing operation of key1 and it should cost 4
> x 5 min = 20 min which is very close to the 21 min you actually
> obtained.
> 
> Does this answer your question?
>

yes, thanks.

i didn't know about the implementation details + openssl being visibly slower than
general purpose programs on generic 100K exponentiations added up to the
confusion. 

thanks.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 0 comments |
headers
Stephen Henson via RT | 2 Sep 2010 19:26
Picon
Favicon

[openssl.org #2328] bug report

> [rip <at> lan-aces.com - Wed Sep 01 10:31:09 2010]:
> 
> OpenSSL 1.0.0
> perl Configure VC-WIN32
> ms\do_nasm
> 
> When compiling with OPENSSL_NO_EC defined we get numerous compile
> errors such as "EC is disabled".
> 

Use this instead:

perl Configure VC-WIN32 no-ec

unfortunately there's a bug which doesn't disable gost properly for
Windows builds. Here is a patch:

http://cvs.openssl.org/chngview?cn=19874

Steve.
--

-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mounir IDRASSI | 3 Sep 2010 19:02
Favicon
Gravatar

CVE-2010-2939

Hi,

The very simple patch I submitted to RT, for the issue CVE-2010-2939, on
August 8th under reference #2314 has not been applied yet.
Is there any reason for that? I hope it was not lost in translation...

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
Permalink | Reply | 0 comments |
headers
Stephen Henson via RT | 4 Sep 2010 14:41
Picon
Favicon

[openssl.org #2327] bug report

> [rip <at> lan-aces.com - Wed Sep 01 10:30:58 2010]:
> 
> OpenSSL 1.0.0
> perl Configure VC-WIN32
> ms\do_nasm
> 
> Getting runtime exception errors at t1_lib.c function
> ssl_parse_clienthello_tlsext, line 798. The code at that line is:
> 
>    if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s-
> >session->tlsext_ellipticcurvelist);

What do you do to get that exception?

> We disabled TLS extensions with OPENSSL_NO_TLSEXT as a workaround.
> 

Disabling TLS extensions is not advisable because you then become
vulnerable to the renegotiation attack.

Steve.
--

-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org
(Continue reading)

Permalink | Reply | 0 comments |

Gmane