Nabble - OpenSSL - Dev

Re: Certificate Expiry and pem file

2008-10-07T17:32:42Z

Oh that worked.........Thank you very much :)

Larry Bugbee-2 wrote:

> One of our clients are renewing the digital certificates on their
> side as it
> is due to expire and would be rolling over to a new certificate.They
> have
> provided a .cer file.Actually we decrypt the messages from them.I
> understand
> that I need to generate a .pem file from this .cer file.Can anyone
> help me
> in achieveing this.

to convert to pem, try:
openssl x509 < nameofcerfile.cer > nameofpemfile.pem

if all you want to do is see it, try:
openssl x509 -text < nameofcerfile.cer

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org

Re: help regarding random numbers in openssl

2008-10-07T10:47:35Z

I see that you've cross-posted to both lists a few times, please don't.
Most of your posts (if not all) belong on openssl-users. openssl-dev is
for discussing the development of openssl itself, whereas openssl-users
is for discussing development *using* openssl (or anything else related
to openssl).

Thanks,
Geoff

On Tuesday 07 October 2008 11:47:42 prashanth s joshi wrote:
> Hi all,
>
> In openssl code which part actually handles catching of the random
> numbers exchanged during the handshake?
>
> Regards,
> Prashanth..

--
Un terrien, c'est un singe avec des clefs de char...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: Fwd: how to run gdb in openssl

2008-10-07T09:21:20Z

Hi,

> In gdb I am running the command as path_of_bin/bin/openssl s_client
> -connect ipaddress:4433.
> But i get the error as: Undefined command: "". Try "help".
> why is it so?

For gdb, loading an executable and running it, are two separate steps.
So starting "gdb path_of_bin/bin/openssl" will start gdb and load the
executable. Now, when you get to the gdb prompt, you can run the
executable by "run <parameters style="margin:0px;">", e.g. "run -connect
ipaddress:4433".

Normally, gdb documentation is not that bad, it should be described
there as well ...

HTH,
Stefan

P.S.: No, I don't believe this is the appropriate list for general
"how do I use gdb" questions ...

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

help regarding random numbers in openssl

2008-10-07T08:47:42Z

Hi all,

In openssl code which part actually handles catching of the random numbers exchanged during the handshake?

Regards,
Prashanth..

Fwd: how to run gdb in openssl

2008-10-07T08:43:59Z

Hi all,

Could anyone please tell me how to run the gdb in openssl?

In gdb I am running the command as path_of_bin/bin/openssl s_client -connect ipaddress:4433.
But i get the error as: Undefined command: "". Try "help".
why is it so?
How do i ensure that the gdb runs correclty?

Regards,
Prashanth

---------- Forwarded message ----------
From: prashanth s joshi <prashanthlingsur@...>
Date: Tue, Oct 7, 2008 at 6:52 PM
Subject: how to run gdb in openssl
To: openssl-users@...

Hi all,

could anyone please tell me how to run the gdb in openssl?

Regards,
Prashanth

[openssl.org #1761] [PATCH] AWOL openssl s_client eating CPU time.

2008-10-07T06:50:03Z

To connect to company-internal IMAP servers, my mail clients are
configured to run the following command:

ssh $BOX_ON_VPN exec openssl s_client -quiet -connect $IMAPSERVER:993

The '-quiet' part of that is necessary, because the mail programs
generally can't cope with extra noise -- they only want IMAP. But the
-quiet option implies -ign_eof, which means that when the ssh client
disconnects, the openssl process is left eating CPU time in an endless
loop:

select(5, [4], [4], NULL, NULL) = 1 (out [4])
select(5, [0 4], [], NULL, NULL) = 1 (in [0])
read(0, "", 8192) = 0
select(5, [4], [4], NULL, NULL) = 1 (out [4])
select(5, [0 4], [], NULL, NULL) = 1 (in [0])
read(0, "", 8192) = 0
select(5, [4], [4], NULL, NULL) = 1 (out [4])
select(5, [0 4], [], NULL, NULL) = 1 (in [0])
read(0, "", 8192) = 0

I assume that changing the behaviour of the -quiet option so that it no
longer implies -ign_eof is not going to be considered acceptable, so
this patch instead adds a -no_ign_eof option which can be used to
override the unwanted setting.

--- apps/s_client.c.orig 2008-10-05 21:50:22.000000000 +0100
+++ apps/s_client.c 2008-10-07 14:18:23.000000000 +0100
@@ -216,6 +216,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
BIO_printf(bio_err," -quiet - no s_client output\n");
BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
+ BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
@@ -427,6 +428,8 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-ign_eof") == 0)
c_ign_eof=1;
+ else if (strcmp(*argv,"-no_ign_eof") == 0)
+ c_ign_eof=0;
else if (strcmp(*argv,"-pause") == 0)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)

--
dwmw2

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

2008-10-07T02:12:18Z

This patch against the 0.9.8 branch adds an SSL option for compatibility
with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
VPN. This is RT #1751.

With this patch, and with the two bug fixes I just posted, I now have a
fully functional client operating with Cisco's VPN servers.

Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.3.2.10
diff -u -p -r1.3.2.10 d1_clnt.c
--- ssl/d1_clnt.c 4 Jun 2008 18:35:25 -0000 1.3.2.10
+++ ssl/d1_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s

static SSL_METHOD *dtls1_get_client_method(int ver)
{
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
return(DTLSv1_client_method());
else
return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
{
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.1.2.5
diff -u -p -r1.1.2.5 d1_lib.c
--- ssl/d1_lib.c 5 Oct 2007 21:05:27 -0000 1.1.2.5
+++ ssl/d1_lib.c 29 Sep 2008 08:38:49 -0000
@@ -186,7 +186,10 @@ void dtls1_free(SSL *s)
void dtls1_clear(SSL *s)
{
ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
}

/*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.12
diff -u -p -r1.4.2.12 d1_pkt.c
--- ssl/d1_pkt.c 14 Sep 2008 17:57:03 -0000 1.4.2.12
+++ ssl/d1_pkt.c 29 Sep 2008 08:27:31 -0000
@@ -986,15 +986,17 @@ start:
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
{
struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;

dtls1_get_ccs_header(rr->data, &ccs_hdr);

/* 'Change Cipher Spec' is just a single byte, so we know
* exactly what the record payload has to look like */
/* XDTLS: check that epoch is consistent */
- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
{
i=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
@@ -1310,7 +1312,7 @@ int do_dtls1_write(SSL *s, int type, con
#if 0
/* 'create_empty_fragment' is true only when this function calls itself */
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
{
/* countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt)
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.17
diff -u -p -r1.88.2.17 s3_clnt.c
--- ssl/s3_clnt.c 16 Jun 2008 16:56:41 -0000 1.88.2.17
+++ ssl/s3_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -708,7 +708,7 @@ int ssl3_get_server_hello(SSL *s)

if (!ok) return((int)n);

- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
{
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.161.2.21
diff -u -p -r1.161.2.21 ssl.h
--- ssl/ssl.h 13 Aug 2008 19:44:44 -0000 1.161.2.21
+++ ssl/ssl.h 29 Sep 2008 08:39:24 -0000
@@ -510,6 +510,8 @@ typedef struct ssl_session_st
#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
+#define SSL_OP_CISCO_ANYCONNECT 0x00008000L

/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.133.2.15
diff -u -p -r1.133.2.15 ssl_lib.c
--- ssl/ssl_lib.c 16 Jun 2008 16:56:42 -0000 1.133.2.15
+++ ssl/ssl_lib.c 29 Sep 2008 08:37:16 -0000
@@ -993,7 +993,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
s->max_cert_list=larg;
return(l);
case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+ SSL_version(s) == DTLS1_BAD_VER)
{
s->d1->mtu = larg;
return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.51.2.9
diff -u -p -r1.51.2.9 ssl_sess.c
--- ssl/ssl_sess.c 4 Jun 2008 18:35:27 -0000 1.51.2.9
+++ ssl/ssl_sess.c 29 Sep 2008 08:27:31 -0000
@@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int sess
ss->ssl_version=TLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
else if (s->version == DTLS1_VERSION)
{
ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.6
diff -u -p -r1.35.2.6 t1_enc.c
--- ssl/t1_enc.c 13 Sep 2008 18:25:36 -0000 1.35.2.6
+++ ssl/t1_enc.c 29 Sep 2008 08:35:54 -0000
@@ -757,10 +757,10 @@ int tls1_mac(SSL *ssl, unsigned char *md
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);

- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+ if (ssl->version == DTLS1_BAD_VER ||
+ (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
{
unsigned char dtlsseq[8],*p=dtlsseq;
-
s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
memcpy (p,&seq[2],6);

@@ -785,7 +785,7 @@ printf("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif

- if ( SSL_version(ssl) != DTLS1_VERSION)
+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
{
for (i=7; i>=0; i--)
{

--
dwmw2

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[PATCH] Fix DTLS problems with reordered incoming packets

2008-10-07T02:07:50Z

This patch to the 0.9.8 branch fixes two bugs with misordered incoming
packets in DTLS, which are reported as RT #1752.

Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.

--- ssl/d1_lib.c~ 2008-10-02 06:43:47.000000000 +0100
+++ ssl/d1_lib.c 2008-10-05 21:31:38.000000000 +0100
@@ -106,6 +106,7 @@ int dtls1_new(SSL *s)
pq_64bit_init(&(d1->bitmap.map));
pq_64bit_init(&(d1->bitmap.max_seq_num));

+ d1->next_bitmap.length = d1->bitmap.length;
pq_64bit_init(&(d1->next_bitmap.map));
pq_64bit_init(&(d1->next_bitmap.max_seq_num));

--- ssl/d1_pkt.c~ 2008-10-02 06:43:47.000000000 +0100
+++ ssl/d1_pkt.c 2008-10-05 21:44:54.000000000 +0100
@@ -597,6 +597,7 @@ again:
/* check whether this is a repeat, or aged record */
if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
{
+ rr->length = 0;
s->packet_length=0; /* dump this record */
goto again; /* get another record */
}

--
dwmw2

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[PATCH] Fix assert failure in d1_pkt.c

2008-10-07T02:02:29Z

This simple fix to the 0.9.8 branch addresses RT #1703, where a DTLS bug
causes applications to abort. It was causing my VPN client to abort
during temporary network problems which it should have coped with and
recovered from.

When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.

--- ssl/s3_pkt.c~ 2006-11-29 14:45:14.000000000 +0000
+++ ssl/s3_pkt.c 2008-10-02 06:41:07.000000000 +0100
@@ -753,8 +753,15 @@ int ssl3_write_pending(SSL *s, int type,
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
- else if (i <= 0)
+ else if (i <= 0) {
+ if (s->version == DTLS1_VERSION ||
+ s->version == DTLS1_BAD_VER) {
+ /* For DTLS, just drop it. That's kind of the whole
+ point in using a datagram service */
+ s->s3->wbuf.left = 0;
+ }
return(i);
+ }
s->s3->wbuf.offset+=i;
s->s3->wbuf.left-=i;
}

--
dwmw2

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: Certificate Expiry and pem file

2008-10-07T00:39:23Z

> One of our clients are renewing the digital certificates on their
> side as it
> is due to expire and would be rolling over to a new certificate.They
> have
> provided a .cer file.Actually we decrypt the messages from them.I
> understand
> that I need to generate a .pem file from this .cer file.Can anyone
> help me
> in achieveing this.

to convert to pem, try:
openssl x509 < nameofcerfile.cer > nameofpemfile.pem

if all you want to do is see it, try:
openssl x509 -text < nameofcerfile.cer

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: Certificate Expiry and pem file

2008-10-07T00:30:11Z

> One of our clients are renewing the digital certificates on their
> side as it
> is due to expire and would be rolling over to a new certificate.They
> have
> provided a .cer file.Actually we decrypt the messages from them.I
> understand
> that I need to generate a .pem file from this .cer file.Can anyone
> help me
> in achieveing this.

try: openssl x509 < nameofcerfile.cer > nameofpemfile.pem

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Certificate Expiry and pem file

2008-10-06T21:15:43Z

HI,

One of our clients are renewing the digital certificates on their side as it is due to expire and would be rolling over to a new certificate.They have provided a .cer file.Actually we decrypt the messages from them.I understand that I need to generate a .pem file from this .cer file.Can anyone help me in achieveing this.

Thanks in Advance.

Prabu.

[openssl.org #1757] Compile crash on IA64 due to crypto/sha/Makefile problem

2008-10-06T09:56:59Z

Thanks, I have applied the respective patch to the 0.9.7, 0.9.8 and 0.9.9
branches, see
http://cvs.openssl.org/rlog?f=openssl/crypto/sha/Makefile
for commits 17496 to 17498.

Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[openssl.org #1757] Compile crash on IA64 due to crypto/sha/Makefile problem

2008-10-06T09:53:45Z

Hi,

I got a problem on compile of openssl-SNAP-20081003 on IA64 (same on older
versions of 0.9.9 dev source) like this:

making all in apps...
make[1]: Entering directory `/nethome/a/amadeu/prodapp/openssl-0.9.9/apps'
rm -f openssl
shlib_target=; if [ -n "libcrypto.so.0.9.9 libssl.so.0.9.9" ]; then \
shlib_target="linux-shared"; \
fi; \
LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \
make -f ../Makefile.shared -e \
APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o
rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o
genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o
app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o
pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o
ts.o" \
LIBDEPS=" $LIBRARIES -ldl" \
link_app.${shlib_target}
make[2]: Entering directory `/nethome/a/amadeu/prodapp/openssl-0.9.9/apps'
../libcrypto.so: undefined reference to `sha1_block_data_order'
collect2: ld returned 1 exit status
make[2]: *** [link_app.gnu] Error 1
make[2]: Leaving directory `/nethome/a/amadeu/prodapp/openssl-0.9.9/apps'
make[1]: *** [openssl] Error 2
make[1]: Leaving directory `/nethome/a/amadeu/prodapp/openssl-0.9.9/apps'
make: *** [build_apps] Error 1

The cause of problem is:
$ ls -s crypto/sha/sha*.s
0 crypto/sha/sha1-ia64.s 8 crypto/sha/sha256-ia64.s 16
crypto/sha/sha512-ia64.s

Look that the sha1-ia64.s is empty! Because the
crypto/sha/asm/sha1-ia64.pl is generating a empty file. This occurs
because the Makefile are filling wrong the command line for sha1-ia64.pl.

The following patch on crypto/sha/Makefile makes all right.

The first argument for sha1-ia64.pl should be the .s file and not the
$CFLAGS. I tested and works fine for me.

--
Amadeu A. Barbosa Jr :: http://www.inf.puc-rio.br/~ajunior

--- crypto/sha/Makefile 2008-01-13 21:00:27.000000000 -0200
+++ crypto/sha/Makefile.new 2008-10-03 16:47:35.000000000 -0300
@@ -50,7 +50,7 @@ sha512-586.s: asm/sha512-586.pl ../perla
$(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@

sha1-ia64.s: asm/sha1-ia64.pl
- (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@
+ (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS))
sha256-ia64.s: asm/sha512-ia64.pl
(cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
sha512-ia64.s: asm/sha512-ia64.pl

[openssl.org #1756] PATCH: v3_addr_canonize() needs to set comparision function

2008-10-06T09:52:41Z

v3_addr_canonize() mistakenly assumes that the comparision function
has already been set. IPAddrBlocks objects constructed by the decoder
do have the comparision function set, but it's possible for a program
to construct IPAddrBlocks for which the assumption is incorrect, which
can trigger a core dump.

--- crypto/x509v3/v3_addr.c.~1~ 2007-01-21 09:00:24.000000000 -0500
+++ crypto/x509v3/v3_addr.c 2008-10-06 12:19:08.000000000 -0400
@@ -869,22 +869,23 @@
*/
int v3_addr_canonize(IPAddrBlocks *addr)
{
int i;
for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
!IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
v3_addr_get_afi(f)))
return 0;
}
+ sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
sk_IPAddressFamily_sort(addr);
assert(v3_addr_is_canonical(addr));
return 1;
}

/*
* v2i handler for the IPAddrBlocks extension.
*/
static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
struct v3_ext_ctx *ctx,
STACK_OF(CONF_VALUE) *values)

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[openssl.org #1755] config silently ignores standard compiler search path on AIX and reverts from gcc to cc

2008-10-06T09:52:20Z

Mixing cc and gcc compiled binaries is problematic in some cases. It
tooks some time to track down this issue, but when compiling with cc
there were threading issues, and switching to gcc like everything else
fixes them.

This was broken as part of
http://rt.openssl.org/Ticket/Display.html?id=463. It's not clear what
problem he originally had to propose this config change, but making it
unconditional doesn't make any sense. The following patch switches it
from an unconditional change to one selected by an env var.

--- openssl-0.9.8h/config 2008-10-03 22:29:21.000000000 +0000
+++ openssl-0.9.8h/config 2008-10-03 22:29:40.000000000 +0000
@@ -467,8 +467,8 @@
fi
fi
-if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc
- (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
+if [ "${OPENSSL_USE_CC}" = "TRUE" ]; then # favor vendor cc over
gcc
+ CC=cc
fi
CCVER=${CCVER:-0}

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: [openssl.org #1752] DTLS drops incoming packets when they are reordered.

2008-10-06T04:39:51Z

David Woodhouse via RT wrote:
> (Was waiting for the RT to autoreply with a number before I followed up,
> but it doesn't seem to have arrived after half an hour, so I'll send
> anyway. Hopefully the References: header will associate this with the
> previous mail anyway...)
>

Mailings to rt are moderated.
The requested association was thus performed by the moderation
mechanism :-)

Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[openssl.org #1754] config with shared no-dso no-hw fails to install

2008-10-06T00:35:26Z

--- openssl-0.9.8h/Configure 2008-10-02 16:00:48.000000000 -0400
+++ openssl-0.9.8h-patched/Configure 2008-10-02 16:00:13.000000000 -0400
@@ -1386,6 +1386,7 @@
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+ s/^DIRS= crypto ssl engines apps test tools/DIRS= crypto ssl apps test tools/ if ($disabled{'hw'});
if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
{
my $sotmp = $1;

The failure messages on make install are:

make[2]: Entering directory `openssl-0.9.8h/engines'
installing 4758cca
cp: cannot stat `lib4758cca.bad': No such file or directory
installing aep
cp: cannot stat `libaep.bad': No such file or directory
installing atalla
cp: cannot stat `libatalla.bad': No such file or directory
installing cswift
cp: cannot stat `libcswift.bad': No such file or directory
installing gmp
cp: cannot stat `libgmp.bad': No such file or directory
installing chil
cp: cannot stat `libchil.bad': No such file or directory
installing nuron
cp: cannot stat `libnuron.bad': No such file or directory
installing sureware
cp: cannot stat `libsureware.bad': No such file or directory
installing ubsec
cp: cannot stat `libubsec.bad': No such file or directory
make[2]: *** [install] Error 1
make[2]: Leaving directory `openssl-0.9.8h/engines'
make[1]: *** [install_sw] Error 1
make[1]: Leaving directory `openssl-0.9.8h'

See attached patch for a fix.

The failure messages on make install are:

make[2]: Entering directory `openssl-0.9.8h/engines'
installing 4758cca
cp: cannot stat `lib4758cca.bad': No such file or directory
installing aep
cp: cannot stat `libaep.bad': No such file or directory
installing atalla
cp: cannot stat `libatalla.bad': No such file or directory
installing cswift
cp: cannot stat `libcswift.bad': No such file or directory
installing gmp
cp: cannot stat `libgmp.bad': No such file or directory
installing chil
cp: cannot stat `libchil.bad': No such file or directory
installing nuron
cp: cannot stat `libnuron.bad': No such file or directory
installing sureware
cp: cannot stat `libsureware.bad': No such file or directory
installing ubsec
cp: cannot stat `libubsec.bad': No such file or directory
make[2]: *** [install] Error 1
make[2]: Leaving directory `openssl-0.9.8h/engines'
make[1]: *** [install_sw] Error 1
make[1]: Leaving directory `openssl-0.9.8h'

See attached patch for a fix.

[openssl.org #1753] snapshot 20081003 broke mingw build

2008-10-06T00:29:28Z

Hello,

Latest snapshot broke mingw build for the following reasons:

1. ssl/kssl.c declares _XOPEN_SOURCE at source level and not at configuration level, this is invalid in some environments. Please consider moving this to Configure targets table. Also, I cannot see where strptime is used anyway... :)

2.util/domd was modified to exit on error, this is OK, but exposed a different error that was there since cross compile feature was added to build system. The domd uses gcc directly and ignores the cross compile prefix. Please make it use correct toolchain.

While we at it, one old minor issue with msys... For some strange reason perl reports that symlinks are available under msys, while it cannot create symbolic link when the to is not reachable from cwd. Attached is also a fix for this one.

Thanks,
Alon Bar-Lev.

---

diff -urNp openssl-SNAP-20081003.org/ssl/kssl.c openssl-SNAP-20081003/ssl/kssl.c
--- openssl-SNAP-20081003.org/ssl/kssl.c 2007-02-10 13:00:54.000000000 +0200
+++ openssl-SNAP-20081003/ssl/kssl.c 2008-10-04 21:30:51.000000000 +0300
@@ -68,7 +68,6 @@

#include <openssl/opensslconf.h>

-#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
#include <time.h>
#if 0 /* Experimental */
#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
diff -urNp openssl-SNAP-20081003.org/util/domd openssl-SNAP-20081003/util/domd
--- openssl-SNAP-20081003.org/util/domd 2008-09-09 23:00:21.000000000 +0300
+++ openssl-SNAP-20081003/util/domd 2008-10-04 21:29:05.000000000 +0300
@@ -22,7 +22,7 @@ if [ "$MAKEDEPEND" = "gcc" ]; then
done
sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
- gcc -Werror -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp || exit
+ gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp
else
diff -urNp openssl-SNAP-20080611.org/util/mklink.pl openssl-SNAP-20080611/util/mklink.pl
--- openssl-SNAP-20080611.org/util/mklink.pl 2006-02-09 15:00:35.000000000 +0200
+++ openssl-SNAP-20080611/util/mklink.pl 2008-06-13 12:42:06.000000000 +0300
@@ -51,6 +51,7 @@ my $to = join('/', @to_path);

my $file;
$symlink_exists=eval {symlink("",""); 1};
+if ($^O eq "msys") { $symlink_exists=0 };
foreach $file (@files) {
my $err = "";
if ($symlink_exists) {

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: [openssl.org #1752] DTLS drops incoming packets when they are reordered.

2008-10-06T00:25:14Z

(Was waiting for the RT to autoreply with a number before I followed up,
but it doesn't seem to have arrived after half an hour, so I'll send
anyway. Hopefully the References: header will associate this with the
previous mail anyway...)

On Sun, 2008-10-05 at 21:38 +0100, David Woodhouse wrote:
> That doesn't solve the question of why non-blocking I/O was returning
> crap for the offending out-of-order packets, instead of just returning
> an error with SSL_ERROR_WANT_READ as might be expected. But at least
> it'll make that bug offend me less.

This seems to fix the garbage packets.

--- ssl/d1_pkt.c~ 2008-10-02 06:43:47.000000000 +0100
+++ ssl/d1_pkt.c 2008-10-05 21:44:54.000000000 +0100
@@ -597,6 +597,7 @@ again:
/* check whether this is a repeat, or aged record */
if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
{
+ rr->length = 0;
s->packet_length=0; /* dump this record */
goto again; /* get another record */
}

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@... Intel Corporation

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[openssl.org #1752] DTLS drops incoming packets when they are reordered.

2008-10-06T00:24:06Z

If incoming data packets are received out of order, they seem to get
dropped by my test case using blocking I/O.

Worse, my real application using non-blocking I/O seems to just receive
garbage when the out-of-order packet arrives.

Even the blocking behaviour seems inappropriate for DTLS. Reordering
within reason should be fine -- it's a datagram service, after all.

It seems to occur because dtls1_record_replay_check() is rejecting the
packets. This, in turn, is because s->d1->next_bitmap.length is never
being set. This patch to dtls1_new() seems to fix it:

--- ssl/d1_lib.c~ 2008-10-02 06:43:47.000000000 +0100
+++ ssl/d1_lib.c 2008-10-05 21:31:38.000000000 +0100
@@ -106,6 +106,7 @@ int dtls1_new(SSL *s)
pq_64bit_init(&(d1->bitmap.map));
pq_64bit_init(&(d1->bitmap.max_seq_num));

+ d1->next_bitmap.length = d1->bitmap.length;
pq_64bit_init(&(d1->next_bitmap.map));
pq_64bit_init(&(d1->next_bitmap.max_seq_num));

That doesn't solve the question of why non-blocking I/O was returning
crap for the offending out-of-order packets, instead of just returning
an error with SSL_ERROR_WANT_READ as might be expected. But at least
it'll make that bug offend me less.

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@... Intel Corporation

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: Fix VIA Padlock RNG support ?

2008-10-05T13:04:11Z

Hi Geoff,

On Sun, Sep 21, 2008 at 11:20:35PM -0400, Geoff Thorpe wrote:

> Looking at this in more detail, the current s/w PRNG implementation keeps a
> running 'entropy' count and when that reaches a certain threshold, it stops
> maintaining an entropy counter because the PRNG is considered sufficiently
> seeded. Each platform (roughly speaking) has its own implementation of
> RAND_poll() which does some canonical seeding, which may be enough to get the
> PRNG off the ground, or if not, the application will need to RAND_add() (or
> RAND_seed()) some more entropy before the PRNG is ready. In any case, this
> doesn't adapt so well to a model where entropy sources live as callbacks and
> get called by the PRNG when required. It's more a model where an entropy
> source should just stuff its entropy into the PRNG as soon as it gets a
> chance, and preferably as much of the stuff as it has handy. It can always
> add more later and no harm will be done, but there's no obvious way to add a
> hook to ask for entropy automatically.

Sounds perfectly reasonable and I totally understand. It really is strange
that you have to poll for random numbers rather than somebody feeding them into
you.

> With this in mind, I'm wondering if the simplest thing to do isn't just to
> have the padlock (or any other) engine call RAND_add() with some entropy
> during the init() handler of the ENGINE itself (rather than in a
> RAND_METHOD). That doesn't solve the problem of adding more entropy as time
> goes by, but it's better than the current situation (only having a
> RAND_METHOD mechanism you can't use at all), and moreover it requires no
> interface changes, just implementation...
>
> Thoughts?

Sounds completely fine with me. I'll do some experimentation after I'm
finished with the PadLock PHE (hashing) stuff and cook up a patch. Since
I'm currently quite busy it will probably take some time.

--
- Harald Welte <laforge@...> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)

signature.asc (196 bytes) Download Attachment

VIA PadLock PHE test script / 'openssl' software engine?

2008-10-05T13:00:09Z

Hi!

As indicated before, I'm spending some time on polishing Michal Ludvig's
patches for the VIA PadLock PHE (SHA1/244/256 acceleration).

One of the remaining issues that were never addressed is to add some testing
functionality to the patch, i.e. anyone building openssl can test the
correct operation of the engine, just like test_padlock does for AES.

So what I need to do is to execue the openssl program twice, once with
software engine, another time with padlock engine.

> openssl dgst -sha1 -engine padlock

works just fine. However, since the "ENGINE_load_openssl()" statement
is disabled in eng_all.c, I cannot force the openssl program to use
the software implementation using the following commmand

> openssl dgst -sha1 -engine openssl
results in 'cannot open shared object file' error.

So what is the correct way to ascertain the use of a pure software
implementation as opposed to any hardware-accelerated engine? Just not use the
'-engine' statement? But I guess in this case the default depends on the
openssl configuration file, doesn't it?

Thanks in advance,
--
- Harald Welte <laforge@...> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: gnutls fails to verify server sertificate while openssl works

2008-10-04T19:42:32Z

Peter Volkov wrote:
> CC'ing openssl developers for their opinions, since I think this
> behavior better to have consistent or configurable. Description of the
> problem is here:

Placing this in context - connect with internet explorer or firefox to
https://metasploit.com/ and you will see that both of those independent
implementations see nothing wrong with the certificate chain and handle the
redirect to http://metasploit.com/ without and errors or warnings.

Implementations typically take the list of certificates as untrusted
certificates to add into the process of walking the certificate chain to a
trusted root certificate. There are pragmatic reasons for doing it this way.

From an interoperability point of view remember the adage - "Be strict in what
you generate, be liberal in what you accept"

Tim.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: gnutls fails to verify server sertificate while openssl works

2008-10-04T02:59:57Z

CC'ing openssl developers for their opinions, since I think this
behavior better to have consistent or configurable. Description of the
problem is here:

http://thread.gmane.org/gmane.network.gnutls.general/1383

В Птн, 03/10/2008 в 17:51 +0200, Simon Josefsson пишет:

> Peter Volkov <pva@...> writes:
> > peter@camobap ~ $ /usr/bin/gnutls-cli -V \
> --x509cafile /usr/share/ca-certificates/mozilla/ValiCert_Class_2_VA.crt \
> metasploit.com > gnutls-cli.out
>
> The certificate chain returned by that server appears to be:
>
> cert[0]
> # Subject's DN: O=metasploit.com,OU=Domain Control Validated,CN=metasploit.com
> # Issuer's DN: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure Certification Authority,serialNumber=07969287
>
> cert[1]
> # Subject's DN: C=US,O=The Go Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority
> # Issuer's DN: L=ValiCert Validation Network,O=ValiCert\, Inc.,OU=ValiCert Class 2 Policy Validation Authority,CN=http://www.valicert.com/,EMAIL=info@...
>
> cert[2]
> # Subject's DN: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certificates.godaddy.com/repository,CN=Go Daddy Secure Certification Authority,serialNumber=07969287
> # Issuer's DN: C=US,O=The Go Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority
>
> As far as I can tell, that isn't a valid certificate chain. The issuer
> of the first, end-entity, certificate isn't the subject of the middle
> certificate in the chain. It seems as if the final two certificates in
> the chain are swapped.
>
> According to RFC 4346 (earlier TLS specifications contains similar
> wording):
>
> certificate_list
> This is a sequence (chain) of X.509v3 certificates. The sender's
> certificate must come first in the list. Each following
> certificate must directly certify the one preceding it. Because
> ^^^^
> certificate validation requires that root keys be distributed
> independently, the self-signed certificate that specifies the root
> certificate authority may optionally be omitted from the chain,
> under the assumption that the remote end must already possess it
> in order to validate it in any case.
>
> So I'd say this is a server configuration error.

Simon, I agree that this is configuration issue. But since openssl does
validates this chain and people use openssl to check server
configuration, I'm not sure what should be done here. Possibly openssl
should report about this wrong certificate chain. Or may be gnutls
should have option to warn but still validate this chain? Or may be
openssl should not validate such chains at all (seems best solution as
it's always good to follow RFC's)?

P.S. since both openssl and gnutls mailing lists require subscription
here are links to subscription forms:
http://lists.gnu.org/mailman/listinfo/help-gnutls
http://www.openssl.org/support/

--
Peter.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Need to read the private key from a buffer

2008-10-02T12:51:35Z

Hi ,

if I want SSL to read the private key from a buffer , what are the things that need to be changed in the SSL code? what are the steps that are needed to be carried out?

Thanks,
Prashanth

Re: exception with purify in bn_mont.c:402 (v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);)

2008-10-02T00:28:25Z

> I am getting exception in crypto\bn\bn_mont.c:402
> (v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);) while executing with
> Rational purify.

Does it mean that you can confirm that the program works if not executed
with purify?

> I think bn_mul_add_words called as assembly code from
> crypto\bn\asm\bn_win32.asm.
>
> Please see following stacktrace
>
> [E] EXU: Unhandled exception {1 occurrence}
>
> Exception code: 0xc0000005 [Error: access violation reading from
> 0x806c001d]
>
> Exception address: ??? [ip=0x806C001D]
>
> Filter: mainCRTStartup+0x929
> [f:\vs70builds\3077\vc\crtbld\crt\src\crt0.c:270 ip=0x007E225D]
>
> Exception location
>
> RtlConvertUlongToLargeInteger+0x6a
> [C:\WINDOWS\system32\ntdll.dll ip=0x7C9032A8]
>
> RtlConvertUlongToLargeInteger+0x3c
> [C:\WINDOWS\system32\ntdll.dll ip=0x7C90327A]
>
> KiUserExceptionDispatcher+0xe [C:\WINDOWS\system32\ntdll.dll
> ip=0x7C90E46A]
>
> BN_from_montgomery+0x637
> [e:\els_code\licensing\licensing_sdk\trunk\vxcrypto\crypto\bn\bn_mont.c:402
> ip=0x007700C9]

Note that it points out the *line* with call to bn_mul_add_words, but
does not mention the latter in stack trace. But source code *line* in
question is not just call, there are handful of instructions around [to
be blamed]. So disassemble your binary and see what is the exact
instruction at ip=0x007700C9, as well as surrounding instructions. The
biggest question is how come exception address is ip=0x806C001D, which
is address in kernel space. I'm not implying that kernel code causes the
exception, question is how come it appears that way. A.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: [openssl.org #1703] Bug report for DTLS

2008-10-01T21:52:49Z

On Thu, 2008-10-02 at 05:47 +0100, David Woodhouse wrote:
> I can reproduce this failure at will. All I need to do is set up a DTLS
> connection, then somehow cause the write() call on the UDP socket to
> return an error -- a firewall is an easy way of achieving that.

The whole _point_ of DTLS is that it's a datagram service. That
datagrams go missing. So buffering them up when we fail to send them --
even if we _weren't_ then going to crap ourselves and abort() as a
result -- was a bad idea in the first place.

(I include DTLS1_BAD_VER here because of RT#1751)

--- openssl-0.9.8g/ssl/s3_pkt.c~ 2006-11-29 14:45:14.000000000 +0000
+++ openssl-0.9.8g/ssl/s3_pkt.c 2008-10-02 06:41:07.000000000 +0100
@@ -753,8 +753,15 @@ int ssl3_write_pending(SSL *s, int type,
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
- else if (i <= 0)
+ else if (i <= 0) {
+ if (s->version == DTLS1_VERSION ||
+ s->version == DTLS1_BAD_VER) {
+ /* For DTLS, just drop it. That's kind of the whole
+ point in using a datagram service */
+ s->s3->wbuf.left = 0;
+ }
return(i);
+ }
s->s3->wbuf.offset+=i;
s->s3->wbuf.left-=i;
}

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@... Intel Corporation

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[openssl.org #1703] Bug report for DTLS

2008-10-01T20:51:20Z

I can reproduce this failure at will. All I need to do is set up a DTLS
connection, then somehow cause the write() call on the UDP socket to
return an error -- a firewall is an easy way of achieving that.

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@... Intel Corporation

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

[openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

2008-10-01T12:12:48Z

This patch against the stable branch makes my AnyConnect VPN client
( http://git.infradead.org/users/dwmw2/anyconnect.git ) work.

Cisco's VPN client uses OpenSSL, and a version of the DTLS protocol
which is newer than we had in 0.9.8e, but older than the final version
defined in the RFC and implemented in 0.9.8f. The patch against 0.9.8e,
for reference, is http://david.woodhou.se/openssl-0.9.8e-ciscodtls.patch

Their server does also respond to DTLS packets bearing the 'real' DTLS
protocol version number, but has other compatibility issues which I
haven't yet completely understood. (If I hack tls1_enc() to use 0x0100
(DTLS1_BAD_VER) as the protocol when calculating the MAC, the handshake
does succeed, but then the server ignores all my data packets).

But since their own clients use the old protocol version, that's
probably the best one for us to be using anyway. It's going to be the
only one that's tested properly with their server.

The code which uses this is at
http://git.infradead.org/users/dwmw2/anyconnect.git?a=blob;f=dtls.c;hb=HEAD

Advice on better ways to do this would be welcomed.

Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.3.2.10
diff -u -p -r1.3.2.10 d1_clnt.c
--- ssl/d1_clnt.c 4 Jun 2008 18:35:25 -0000 1.3.2.10
+++ ssl/d1_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s

static SSL_METHOD *dtls1_get_client_method(int ver)
{
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
return(DTLSv1_client_method());
else
return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
{
SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.1.2.5
diff -u -p -r1.1.2.5 d1_lib.c
--- ssl/d1_lib.c 5 Oct 2007 21:05:27 -0000 1.1.2.5
+++ ssl/d1_lib.c 29 Sep 2008 08:38:49 -0000
@@ -186,7 +186,10 @@ void dtls1_free(SSL *s)
void dtls1_clear(SSL *s)
{
ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
}

/*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.12
diff -u -p -r1.4.2.12 d1_pkt.c
--- ssl/d1_pkt.c 14 Sep 2008 17:57:03 -0000 1.4.2.12
+++ ssl/d1_pkt.c 29 Sep 2008 08:27:31 -0000
@@ -986,15 +986,17 @@ start:
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
{
struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;

dtls1_get_ccs_header(rr->data, &ccs_hdr);

/* 'Change Cipher Spec' is just a single byte, so we know
* exactly what the record payload has to look like */
/* XDTLS: check that epoch is consistent */
- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
{
i=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
@@ -1310,7 +1312,7 @@ int do_dtls1_write(SSL *s, int type, con
#if 0
/* 'create_empty_fragment' is true only when this function calls itself */
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
{
/* countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt)
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.17
diff -u -p -r1.88.2.17 s3_clnt.c
--- ssl/s3_clnt.c 16 Jun 2008 16:56:41 -0000 1.88.2.17
+++ ssl/s3_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -708,7 +708,7 @@ int ssl3_get_server_hello(SSL *s)

if (!ok) return((int)n);

- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
{
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.161.2.21
diff -u -p -r1.161.2.21 ssl.h
--- ssl/ssl.h 13 Aug 2008 19:44:44 -0000 1.161.2.21
+++ ssl/ssl.h 29 Sep 2008 08:39:24 -0000
@@ -510,6 +510,8 @@ typedef struct ssl_session_st
#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
+/* Use Cisco's "speshul" version of DTLS1_BAD_VER (as client) */
+#define SSL_OP_CISCO_ANYCONNECT 0x00008000L

/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.133.2.15
diff -u -p -r1.133.2.15 ssl_lib.c
--- ssl/ssl_lib.c 16 Jun 2008 16:56:42 -0000 1.133.2.15
+++ ssl/ssl_lib.c 29 Sep 2008 08:37:16 -0000
@@ -993,7 +993,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
s->max_cert_list=larg;
return(l);
case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+ SSL_version(s) == DTLS1_BAD_VER)
{
s->d1->mtu = larg;
return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.51.2.9
diff -u -p -r1.51.2.9 ssl_sess.c
--- ssl/ssl_sess.c 4 Jun 2008 18:35:27 -0000 1.51.2.9
+++ ssl/ssl_sess.c 29 Sep 2008 08:27:31 -0000
@@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int sess
ss->ssl_version=TLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
else if (s->version == DTLS1_VERSION)
{
ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.6
diff -u -p -r1.35.2.6 t1_enc.c
--- ssl/t1_enc.c 13 Sep 2008 18:25:36 -0000 1.35.2.6
+++ ssl/t1_enc.c 29 Sep 2008 08:35:54 -0000
@@ -757,10 +757,10 @@ int tls1_mac(SSL *ssl, unsigned char *md
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);

- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+ if (ssl->version == DTLS1_BAD_VER ||
+ (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
{
unsigned char dtlsseq[8],*p=dtlsseq;
-
s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
memcpy (p,&seq[2],6);

@@ -785,7 +785,7 @@ printf("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif

- if ( SSL_version(ssl) != DTLS1_VERSION)
+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
{
for (i=7; i>=0; i--)
{

--
dwmw2

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Help needed in including debug statements in the sockets in SSL.

2008-10-01T02:44:27Z

Hi SSL experts,

I am working on the SSL decryption currently. My immediate requirement is as follows:
I need to include some debugging statements in the socket calls such as recv and send. How do I do that? What are all the changes that I need to carry out to the make file etc.? If you could be pointers to manipulate the make file , to link etc, it would be very helpfull. (My intention is not just to debug or trace the socket calls. My intention is actually to enhance the socket call functions further after including the debug statements in the socket calls.)

Regards,
Prashanth