From ashwini.vpatil at siemens.com Wed Jul 1 06:24:31 2015 From: ashwini.vpatil at siemens.com (Patil, Ashwini IN BLR STS) Date: Wed, 1 Jul 2015 11:54:31 +0530 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module Message-ID: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> Hello All, Please let me know if openssl-1.0.2c include FIPS 140-2 Object Module. Also please explain how to validate the application. Your help is appreciated. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 -------------- next part -------------- An HTML attachment was scrubbed... URL: From marquess at openssl.com Wed Jul 1 13:53:14 2015 From: marquess at openssl.com (Steve Marquess) Date: Wed, 01 Jul 2015 09:53:14 -0400 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module In-Reply-To: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> References: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> Message-ID: <5593F0CA.7070803@openssl.com> On 07/01/2015 02:24 AM, Patil, Ashwini IN BLR STS wrote: > Hello All, > > Please let me know if openssl-1.0.2c include FIPS 140-2 Object Module. > Also please explain how to validate the application. This question would be more appropriate for the openssl-users list. The -dev list is for OpenSSL development issues, not for basic usage questions. You might want to start with the OpenSSL FIPS User Guide: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc From nikolavan at tuta.io Thu Jul 2 08:34:42 2015 From: nikolavan at tuta.io (nikolavan at tuta.io) Date: Thu, 2 Jul 2015 08:34:42 +0000 (UTC) Subject: [openssl-dev] AES-GCM for ARM: what is the status of the new work published by Message-ID: Hi, What is the status of the improvements on security and performance for AES-GCM on ARM published recently by?Conrado P. L. Gouv?a, Julio L?pez ? Implementing GCM on ARMv8. Conrado P. L. Gouv?a, Julio L?pez. 2015 [1]Which details also the ARMv7 case, and was presented at the RSA Conference 2015 in the US, 2 months ago.The paper is here [2].The code is available here [3] My question goes primarily to?Andy Polyakov. Is there any plan for integrating the code into openssl ? Best regards, Niko [1] https://www.rsaconference.com/writable/presentations/file_upload/cryp-w01-secure-and-efficient-implementation-of-aes-based-cryptosystems.pdf [2] http://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf [3] https://github.com/conradoplg/authenc -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Jul 2 10:21:32 2015 From: rt at openssl.org (David von Oheimb via RT) Date: Thu, 02 Jul 2015 10:21:32 +0000 Subject: [openssl-dev] [openssl.org #3922] Bug: EVP_get_digestbynid() does not support ECDSA In-Reply-To: <55951099.5040902@siemens.com> References: <5587E336.4030209@siemens.com> <55951099.5040902@siemens.com> Message-ID: Thanks a lot Steve for your constructive comments. > That's expected behaviour. The EVP_get_digestbynid funtion expects a digest NID > whereas you are passing a signature NID instead. It does accept some signature > NIDs for historical compatibility reasons. I now understand that the code I extended for EC support was abusing EVP_get_digestbynid(), which worked just for compatibility reasons for RSA (only). Yet why not broaden this function (or better its underlying mapping) to handle ECDSA (and possibly any other types of) signatures. > The thread you mention shows you how to convert a signature NID into the digest > and public key algorithm NID. The hint you gave in that thread was to use OBJ_find_sigid_algs() and this indeed works fine and is cleaner :-) > However I suspect you shouldn't be trying to do things at that level for > signatures. If you need to sign or verify ASN.1 data you can use ASN1_item_sign > or ASN1_item_verify and key and digest handling and lookup is handled automatically. Good point that they better should have used a more high-level signature/verification function. Yet the proposed functions, as well as ASN1_sign and ASN1_verify, still require the (plain) md parameter. And for instance the more abstract function int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) uses again md = EVP_get_digestbyobj(si->digest_alg->algorithm); such that the use of OBJ_find_sigid_algs() appears indispensable. David. From rsalz at akamai.com Thu Jul 2 12:35:20 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 2 Jul 2015 12:35:20 +0000 Subject: [openssl-dev] Old "RSA_NET" key format Message-ID: <2788d77caa594922975db354ad712ab1@ustx2ex-dag1mb2.msg.corp.akamai.com> We are thinking about removing the old "RSA_NET" format for private keys. This is used by very old Netscape and IIS. This would remove the d2i/i2d RSA_NET API's, and the "nss" format flag from the openssl program. It would not remove the SPKI stuff. If this would cause a problem for you, please respond soon. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz -------------- next part -------------- An HTML attachment was scrubbed... URL: From amitshil at rocketmail.com Thu Jul 2 14:58:52 2015 From: amitshil at rocketmail.com (Amit Shil) Date: Thu, 2 Jul 2015 14:58:52 +0000 (UTC) Subject: [openssl-dev] opnssl version 1.0.2c compilation error for 32 bit Message-ID: <840220728.1218700.1435849132316.JavaMail.yahoo@mail.yahoo.com> ? Hello OpenSSL, I can compile openssl version 1.0.2c for ?64 bits successfully but getting following error while compiling for 32 bits.Could you please help me in the issue. ? ? ? ??ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\sha1-586.obj tmp32dll\sha1-586.asm?Assembling: tmp32dll\sha1-586.asmtmp32dll\sha1-586.asm(1427) : error A2070:invalid instruction operandstmp32dll\sha1-586.asm(1571) : error A2070:invalid instruction operandsNMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\ml.EXE"' : return code '0x1'Stop. Please find below my Compiling Environment: 1. Compiler VS20082.Windows 7 64 Bit SP13.?ActivePerl-5.20.2.2001 Is there any specific steps I need to follow for compiling for 32 bits. Thanks in advance!! Best RegardsAmit? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Jul 2 15:19:40 2015 From: rt at openssl.org (Amit Shil via RT) Date: Thu, 02 Jul 2015 15:19:40 +0000 Subject: [openssl-dev] [openssl.org #3928] openssl version 1.0.2c compilation error for 32 bit In-Reply-To: <534471932.1258481.1435849073970.JavaMail.yahoo@mail.yahoo.com> References: <534471932.1258481.1435849073970.JavaMail.yahoo@mail.yahoo.com> Message-ID: ? Hello OpenSSL, I can compile openssl version 1.0.2c for ?64 bits successfully but getting following error while compiling for 32 bits.Could you please help me in the issue. ? ? ? ??ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\sha1-586.obj tmp32dll\sha1-586.asm?Assembling: tmp32dll\sha1-586.asmtmp32dll\sha1-586.asm(1427) : error A2070:invalid instruction operandstmp32dll\sha1-586.asm(1571) : error A2070:invalid instruction operandsNMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\ml.EXE"' : return code '0x1'Stop. Please find below my Compiling Environment: 1. Compiler VS20082.Windows 7 64 Bit SP13.?ActivePerl-5.20.2.2001 Is there any specific steps I need to follow for compiling for 32 bits. Thanks in advance!! Best RegardsAmit? -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From kurt at x64architecture.com Thu Jul 2 16:38:03 2015 From: kurt at x64architecture.com (Kurt Cancemi) Date: Thu, 2 Jul 2015 12:38:03 -0400 Subject: [openssl-dev] [openssl.org #3928] openssl version 1.0.2c compilation error for 32 bit In-Reply-To: References: <534471932.1258481.1435849073970.JavaMail.yahoo@mail.yahoo.com> Message-ID: NASM (http://nasm.us) is the only officially supported assembler for OpenSSL on Windows. So install NASM and add it to your path and then retry. -- Kurt Cancemi https://www.x64architecture.com On Thu, Jul 2, 2015 at 11:19 AM, Amit Shil via RT wrote: > Hello OpenSSL, > I can compile openssl version 1.0.2c for 64 bits successfully but getting following error while compiling for 32 bits.Could you please help me in the issue. > ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\sha1-586.obj tmp32dll\sha1-586.asm Assembling: tmp32dll\sha1-586.asmtmp32dll\sha1-586.asm(1427) : error A2070:invalid instruction operandstmp32dll\sha1-586.asm(1571) : error A2070:invalid instruction operandsNMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\ml.EXE"' : return code '0x1'Stop. > Please find below my Compiling Environment: > > 1. Compiler VS20082.Windows 7 64 Bit SP13. ActivePerl-5.20.2.2001 > Is there any specific steps I need to follow for compiling for 32 bits. > Thanks in advance!! > Best RegardsAmit > > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > From rt at openssl.org Thu Jul 2 16:38:21 2015 From: rt at openssl.org (Kurt Cancemi via RT) Date: Thu, 02 Jul 2015 16:38:21 +0000 Subject: [openssl-dev] [openssl.org #3928] openssl version 1.0.2c compilation error for 32 bit In-Reply-To: References: <534471932.1258481.1435849073970.JavaMail.yahoo@mail.yahoo.com> Message-ID: NASM (http://nasm.us) is the only officially supported assembler for OpenSSL on Windows. So install NASM and add it to your path and then retry. -- Kurt Cancemi https://www.x64architecture.com On Thu, Jul 2, 2015 at 11:19 AM, Amit Shil via RT wrote: > Hello OpenSSL, > I can compile openssl version 1.0.2c for 64 bits successfully but getting following error while compiling for 32 bits.Could you please help me in the issue. > ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\sha1-586.obj tmp32dll\sha1-586.asm Assembling: tmp32dll\sha1-586.asmtmp32dll\sha1-586.asm(1427) : error A2070:invalid instruction operandstmp32dll\sha1-586.asm(1571) : error A2070:invalid instruction operandsNMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\ml.EXE"' : return code '0x1'Stop. > Please find below my Compiling Environment: > > 1. Compiler VS20082.Windows 7 64 Bit SP13. ActivePerl-5.20.2.2001 > Is there any specific steps I need to follow for compiling for 32 bits. > Thanks in advance!! > Best RegardsAmit > > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > From rt at openssl.org Thu Jul 2 18:18:19 2015 From: rt at openssl.org (Amit Shil via RT) Date: Thu, 02 Jul 2015 18:18:19 +0000 Subject: [openssl-dev] [openssl.org #3928] openssl version 1.0.2c compilation error for 32 bit In-Reply-To: References: Message-ID: Hello OpenSSL, Thank you for your quick response. I could compile 64 bit with VS2008 but getting error for 32 bit.I think NASM is already there with VS2008. However I will download and try with NASM once. Sent from Samsung Mobile -------- Original message -------- Subject: Re: [openssl-dev] [openssl.org #3928] openssl version 1.0.2c compilation error for 32 bit From: Kurt Cancemi via RT To: amitshil at rocketmail.com CC: openssl-dev at openssl.org NASM (http://nasm.us) is the only officially supported assembler for OpenSSL on Windows. So install NASM and add it to your path and then retry. -- Kurt Cancemi https://www.x64architecture.com On Thu, Jul 2, 2015 at 11:19 AM, Amit Shil via RT wrote: >?? Hello OpenSSL, > I can compile openssl version 1.0.2c for? 64 bits successfully but getting following error while compiling for 32 bits.Could you please help me in the issue. >???????? ml /nologo /Cp /coff /c /Cx /Zi /Fotmp32dll\sha1-586.obj tmp32dll\sha1-586.asm Assembling: tmp32dll\sha1-586.asmtmp32dll\sha1-586.asm(1427) : error A2070:invalid instruction operandstmp32dll\sha1-586.asm(1571) : error A2070:invalid instruction operandsNMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\ml.EXE"' : return code '0x1'Stop. > Please find below my Compiling Environment: > > 1. Compiler VS20082.Windows 7 64 Bit SP13. ActivePerl-5.20.2.2001 > Is there any specific steps I need to follow for compiling for 32 bits. > Thanks in advance!! > Best RegardsAmit > > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > From kannanar at cisco.com Sat Jul 4 19:02:50 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Sat, 4 Jul 2015 19:02:50 +0000 Subject: [openssl-dev] Openssl Poodle Vulnerability Clarification In-Reply-To: <558B1F66.5000609@dancingdragon.be> References: <20150611220725.GA18105@roeckx.be> <558B1F66.5000609@dancingdragon.be> Message-ID: Hi Joy, Thanks for the steps. I have tried with exclusion option(Command used: ./config no-idea no-ssl3 shared --prefix=/Openssl-1/) and getting the below error while executing the make test command. Error1: The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem Error opening certificate file ../certs/*.pem 11852:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('../certs/*.pem','r') 11852:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358: unable to load certificate Generate a set of DH parameters Error2: SSLv2, cipher SSLv2 DES-CBC3-MD5, 1024 bit RSA 1 handshakes of 256 bytes done Testing ciphersuites Testing ciphersuites for SSLv3 Error in cipher list 12621:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1223: dh test tls1 with 1024bit anonymous DH, multiple handshakes Available compression methods: NONE ERROR in CLIENT 12647:error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available:s2_clnt.c:575: ERROR in CLIENT 12647:error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available:s2_clnt.c:575: ERROR in CLIENT 12647:error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available:s2_clnt.c:575: ERROR in CLIENT 12647:error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available:s2_clnt.c:575: ERROR in CLIENT 12647:error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available:s2_clnt.c:575: ERROR in CLIENT 12647:error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available:s2_clnt.c:575: ERROR in CLIENT Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Joey Yandle Sent: Thursday, June 25, 2015 2:52 AM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Openssl Poodle Vulnerability Clarification The config script takes no-ssl2 and no-ssl3 args: ./config no-ssl2 no-ssl3 ... On 06/24/2015 11:57 AM, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi Kurt, > > Thanks for the details. Syslog process is based on Java and disabling SSLv3 is not possible with that. We have tried to compile openssl with SSLv3 disabled but it didn't help. Can you share the steps if you have to disable via openssl compilation. > > Thanks, > Kannan Narayanasamy. > > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kurt Roeckx > Sent: Friday, June 12, 2015 3:37 AM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Openssl Poodle Vulnerability Clarification > > On Thu, Jun 11, 2015 at 09:43:24PM +0000, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: >> Hi All, >> >> To resolve openSSL POODLE vulnerability we need to disable the SSLv3. In our application we have using openSSL through Apache. We have disabled using the below lines. >> >> SSLProtocol all -SSLv2 -SSLv3 >> >> We are using 443 as SSL port. The command openssl s_client -connect :443 -ssl3 shows the handshake failure message for 443 port. But for the ports 3333 and 4444 is connecting using SSLv3. The scanner as well report the high severity risk for those ports. In our application we are using those ports for syslog related tasks. If we change the port some other, then the scanner shows the new port in the list. >> >> How to disable the SSLv3 connection for those ports as well since may customers are waiting for the fix. Your suggestion is much appreciated. > > There are 2 solutions: > - Change the configuration of syslog to disable SSLv3. Not sure > it can actually be configured. > - Build your openssl with SSLv3 disabled. > > > Kurt > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From kurt at roeckx.be Sun Jul 5 10:22:14 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Sun, 5 Jul 2015 12:22:14 +0200 Subject: [openssl-dev] Openssl Poodle Vulnerability Clarification In-Reply-To: References: <20150611220725.GA18105@roeckx.be> <558B1F66.5000609@dancingdragon.be> Message-ID: <20150705102214.GA22632@roeckx.be> On Sat, Jul 04, 2015 at 07:02:50PM +0000, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi Joy, > > Thanks for the steps. I have tried with exclusion option(Command used: ./config no-idea no-ssl3 shared --prefix=/Openssl-1/) and getting the below error while executing the make test command. I don't think the combination of having SSLv2 enabled and SSLv3 disabled is ever tested, it also doesn't make much sense. Please use both no-ssl2 and no-ssl3. You might also want to consider using no-ssl3-method to be really sure SSLv3 isn't supported anymore. Kurt From ashwini.vpatil at siemens.com Mon Jul 6 06:03:57 2015 From: ashwini.vpatil at siemens.com (Patil, Ashwini IN BLR STS) Date: Mon, 6 Jul 2015 11:33:57 +0530 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module Message-ID: <8878620CF8603E45BB794422B7899E9E112E231808@INBLRK77M1MSX.in002.siemens.net> Hello All, I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . Thanks&Regards Ashwini V Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Wednesday, July 01, 2015 11:55 AM To: 'openssl-dev at openssl.org' Subject: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Please let me know if openssl-1.0.2c include FIPS 140-2 Object Module. Also please explain how to validate the application. Your help is appreciated. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpatil at siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmaheshwari24.6 at gmail.com Mon Jul 6 12:17:26 2015 From: gmaheshwari24.6 at gmail.com (gaurav maheshwari) Date: Mon, 6 Jul 2015 17:47:26 +0530 Subject: [openssl-dev] 32 bit compilation of armv8 assembly support(openssl-1.0.2a) In-Reply-To: <5582C58B.2010107@openssl.org> References: <5579455E.7070409@openssl.org> <5581DA56.80205@openssl.org> <5582A2E8.8070601@openssl.org> <5582C58B.2010107@openssl.org> Message-ID: > > > What if relocation's were not resolved correctly and > run-time switch doesn't really work as intended. > It's possible to confirm this indirectly by comparing results > for 'apps/openssl speed sha' and 'env OPENSSL_armcap=0 > apps/openssl speed sha'. Can you do that? I have done the performance checking as you have pointed out.There is a performance difference, So run time switch is working as expected. On Thu, Jun 18, 2015 at 6:50 PM, Andy Polyakov wrote: > > It is compiling successfully and all openssl test are passing for ILP32 > > abi. > > There are remaining questions. > > The fact that tests pass is definitely good sign, but there still is an > open and burning question. What if relocations were not resolved > correctly and run-time switch doesn't really work as intended. It's > possible to confirm this indirectly by comparing results for > 'apps/openssl speed sha' and 'env OPENSSL_armcap=0 apps/openssl speed > sha'. Can you do that? > > Development branch has more ARMv8 code. Can you test that too? > > And last question is not really a question. All this ought to mean that > you have put together all those not-yet-upstreamed bits together, i.e. > glibc, multilib, kernel patches, huh? For public reference I want once > again to point out that additional ABI for AArch64 is work in very > progress, and so far the only way to compile 32-bit code and target > ARMv8 was to adhere to usual 32-bit ARM support (which does utilize > ARMv8 crypto extensions), and that is currently the supported way, for > good or bad. > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From liachen at blackberry.com Mon Jul 6 17:49:30 2015 From: liachen at blackberry.com (Lianghui Chen) Date: Mon, 6 Jul 2015 17:49:30 +0000 Subject: [openssl-dev] System openssl header files are used when building openssl itself Message-ID: Hi, all I am building openssl (master/f66aad6) within my own project in Mac OS X Yosemite, and it get compile error about undefined TLS_SIGALGS, which is defined in ssl/ssl.h, but not in OS version of ssl.h (/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk/usr/include/openssl/ssl.h). And the reason the system version of ssl.h, instead of the local ssl.h, is used, is because ssl/ssl_locl.h includes , instead of just , or . I think it is wrong to use a system version of ssl.h when building my own openssl, otherwise if I need to modify ssl.h itself, the local (and modified) version will never be used. Should we move the public headers files into a folder like include/openssl so it is the same with where the system version of openssl header files reside? Or anyone else has encountered this problem and have an easier solution? Thanks & Best Regards Lyon From rsalz at akamai.com Mon Jul 6 18:20:22 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 6 Jul 2015 18:20:22 +0000 Subject: [openssl-dev] System openssl header files are used when building openssl itself In-Reply-To: References: Message-ID: <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> > I think it is wrong to use a system version of ssl.h when building my own That sounds like a bug. What version are you using? From liachen at blackberry.com Mon Jul 6 18:25:12 2015 From: liachen at blackberry.com (Lianghui Chen) Date: Mon, 6 Jul 2015 18:25:12 +0000 Subject: [openssl-dev] System openssl header files are used when building openssl itself In-Reply-To: <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> References: , <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: Hi It is from https://github.com/openssl/openssl.git, branch master and commit f66aad6. BR - Lianghui ________________________________________ From: openssl-dev [openssl-dev-bounces at openssl.org] on behalf of Salz, Rich [rsalz at akamai.com] Sent: Monday, July 06, 2015 2:20 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] System openssl header files are used when building openssl itself > I think it is wrong to use a system version of ssl.h when building my own That sounds like a bug. What version are you using? _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rsalz at akamai.com Mon Jul 6 18:41:38 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 6 Jul 2015 18:41:38 +0000 Subject: [openssl-dev] System openssl header files are used when building openssl itself In-Reply-To: References: , <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <5e131edaa54c4505a9510ade502116dc@ustx2ex-dag1mb2.msg.corp.akamai.com> > It is from https://github.com/openssl/openssl.git, branch master and commit > f66aad6. Suppose you edit ssl_err, ssl_err2, ssl_lib, and ssl_locl to replace the brackets <> with quotes. Does that fix the problem? From liachen at blackberry.com Mon Jul 6 19:04:00 2015 From: liachen at blackberry.com (Lianghui Chen) Date: Mon, 6 Jul 2015 19:04:00 +0000 Subject: [openssl-dev] System openssl header files are used when building openssl itself In-Reply-To: <5e131edaa54c4505a9510ade502116dc@ustx2ex-dag1mb2.msg.corp.akamai.com> References: , <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> , <5e131edaa54c4505a9510ade502116dc@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: No, it doesn't. And it should not, right? As there is no folder openssl which has files like ssl.h. But I did notice some files, like ssl_locl.h, are included in C files using "ssl_locl.h", instead of , already. And there are just too many header files are referred to like . BR - Lianghui ________________________________________ From: openssl-dev [openssl-dev-bounces at openssl.org] on behalf of Salz, Rich [rsalz at akamai.com] Sent: Monday, July 06, 2015 2:41 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] System openssl header files are used when building openssl itself > It is from https://github.com/openssl/openssl.git, branch master and commit > f66aad6. Suppose you edit ssl_err, ssl_err2, ssl_lib, and ssl_locl to replace the brackets <> with quotes. Does that fix the problem? _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rsalz at akamai.com Mon Jul 6 19:07:00 2015 From: rsalz at akamai.com (Salz, Rich) Date: Mon, 6 Jul 2015 19:07:00 +0000 Subject: [openssl-dev] System openssl header files are used when building openssl itself In-Reply-To: References: , <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> , <5e131edaa54c4505a9510ade502116dc@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: > No, it doesn't. And it should not, right? As there is no folder openssl which > has files like ssl.h. In master, there should be include/openssl/ssl.h > But I did notice some files, like ssl_locl.h, are included in C files using > "ssl_locl.h", instead of , already. The file ssl_locl.h is local to the ssl directory. It's a private implementation file, not used by outside of that directory. From liachen at blackberry.com Mon Jul 6 19:33:06 2015 From: liachen at blackberry.com (Lianghui Chen) Date: Mon, 6 Jul 2015 19:33:06 +0000 Subject: [openssl-dev] System openssl header files are used when building openssl itself In-Reply-To: References: , <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> , <5e131edaa54c4505a9510ade502116dc@ustx2ex-dag1mb2.msg.corp.akamai.com> , Message-ID: Thanks, Rich It seems the openssl folder is created when running "./Configure dist", let me try with that. Thanks Again! Lianghui ________________________________________ From: openssl-dev [openssl-dev-bounces at openssl.org] on behalf of Salz, Rich [rsalz at akamai.com] Sent: Monday, July 06, 2015 3:07 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] System openssl header files are used when building openssl itself > No, it doesn't. And it should not, right? As there is no folder openssl which > has files like ssl.h. In master, there should be include/openssl/ssl.h > But I did notice some files, like ssl_locl.h, are included in C files using > "ssl_locl.h", instead of , already. The file ssl_locl.h is local to the ssl directory. It's a private implementation file, not used by outside of that directory. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From richard at levitte.org Mon Jul 6 22:56:24 2015 From: richard at levitte.org (Richard Levitte) Date: Tue, 07 Jul 2015 00:56:24 +0200 (CEST) Subject: [openssl-dev] System openssl header files are used when building openssl itself In-Reply-To: References: <87ddc18bc7244e6890c904a5425da1ba@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <20150707.005624.1562203827632806066.richard@levitte.org> In message on Mon, 6 Jul 2015 18:25:12 +0000, Lianghui Chen said: liachen> Hi liachen> liachen> It is from https://github.com/openssl/openssl.git, branch master and commit f66aad6. Commit f66aad6 is this: commit f66aad60f249e90d16d585859b4dd62368ed7ccd Author: Ben Laurie Date: Mon Oct 7 12:41:43 2013 +0100 Constification. That's quite old, I'd recommend a 'git pull --rebase' In message on Mon, 6 Jul 2015 19:33:06 +0000, Lianghui Chen said: liachen> Thanks, Rich liachen> liachen> It seems the openssl folder is created when running "./Configure dist", let me try with that. In that commit, you should run './config', which will configure for your platform (I think), and should create and populate include/openssl However, in more recent revisions of the master branch, public headers have been moved into include/openssl, and the work to populate it by Configure is no longer needed (you still should run ./config ). Cheers, Richard -- Richard Levitte richard at levitte.org http://richard.levitte.org/ "Life is a tremendous celebration - and I'm invited!" -- from a friend's blog, translated from Swedish From rt at openssl.org Tue Jul 7 07:20:40 2015 From: rt at openssl.org (Praveen Kariyanahalli via RT) Date: Tue, 07 Jul 2015 07:20:40 +0000 Subject: [openssl-dev] [openssl.org #3929] Crash in EVP_PKEY_CTX_free in the client code .. In-Reply-To: References: Message-ID: Version : 1.0.1m Platform: mips64 Client code crashed while timing out the peer (Freeing the SSL ctx). We are trying to reproduce the problem, will let you know if this happens again. Is this a known issue? Please let me know if you need any more info. Thanks in Advance -Praveen Kariyanahalli Program terminated with signal 10, Bus error. #0 EVP_PKEY_CTX_free (ctx=0xffffffff00000000) at pmeth_lib.c:360 360 *if (ctx->pmeth && ctx->pmeth->cleanup)* (gdb) bt #0 EVP_PKEY_CTX_free (ctx=0xffffffff00000000) at pmeth_lib.c:360 #1 0x000000fff5f1efd8 in EVP_MD_CTX_cleanup (ctx=0xfff4be5c20) at digest.c:379 #2 0x000000fff5f1f470 in EVP_MD_CTX_destroy (ctx=0xfff4be5c20) at digest.c:356 #3 0x000000fff6061708 in ssl_clear_hash_ctx (hash=0xfff4bde4e8) at ssl_lib.c:3291 #4 0x000000fff6061a38 in SSL_free (s=0xfff4bde410) at ssl_lib.c:562 #5 0x0000000120032db0 in client_peer_delete (p_global_ctx=0x1200c9b90 , p_peerdb_hash=0xfff56dea10, p_peerdb_dll=0x1200cab50 , p_peer=0xfff47c6010, conn_flag=) at client_peer.c:1342 #6 0x0000000120033940 in peer_timer_expiry_cb (p_timer=, peer=0xfff47c6010, p_ctx=0x1200c9b90 , arg3=, arg4=) at client_peer.c:270 #7 0x0000000120079c58 in timer_exec_pri (p_mgr=0xfff3658010, p_pri=0xfff3658080, p_starttime=, msecs=) at timer.c:638 #8 0x000000012007a1e0 in timer_exec (p_mgr=0xfff3658010, pri_mask=, msecs=) at timer.c:524 #9 0x0000000120012800 in client_base_timer_cb (base_timer_fd=, what=, p_ctx=0x1200c9b90 ) at client.c:5086 #10 0x000000fff611e054 in event_process_active_single_queue (activeq=0xfff4bff0d0, base=0xfff4becc10) at /usr/src/debug/libevent/2.0.21-r1/libevent-2.0.21-stable/event.c:1350 #11 event_process_active (base=) at /usr/src/debug/libevent/2.0.21-r1/libevent-2.0.21-stable/event.c:1420 #12 event_base_loop (base=0xfff4becc10, flags=) at /usr/src/debug/libevent/2.0.21-r1/libevent-2.0.21-stable/event.c:1621 #13 0x000000012002376c in client_main (p_cfg=0xffffaca440) at client.c:5835 #14 0x0000000120023ebc in main (argc=, argv=) at client.c:6541 (gdb) -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From mark at openssl.org Mon Jul 6 15:25:02 2015 From: mark at openssl.org (Mark J Cox) Date: Mon, 6 Jul 2015 16:25:02 +0100 (BST) Subject: [openssl-dev] [openssl-announce] Forthcoming OpenSSL releases Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Forthcoming OpenSSL releases ============================ The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as "high" severity. This defect does not affect the 1.0.0 or 0.9.8 releases. Yours The OpenSSL Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVmpufAAoJEAEKUEB8TIy9yVAIALIZcV/4IW2ab7ENffcThFcz Wlgr553L2bciqRYU99EK8w+4Peg54lKoVw/5rZOQmL4fZqS9jAV+76PNz1kQX4jM 2+oe+F6Ed9A4GgwYbh69WDzSnnIdImH5aa1ui2AOqsgsT0aCZkups0hexCqKFSCW e5+OlHXA6FXNzsvRUTzcvfQBczakM7Z/7V4pOpTouzCwHQ+O1jriDRuI+8TVaF0w HpFWJ5uTGfY2lP3p1xI/A+11jfoxTd/XW7ljpqybTx7xARzH7tIuWQk+5Qd7DOZP NEdKw1YtPTXOR3MZJc4xShxv5SWFBjqUjmtVkHpF/dFmBWaMWTDYfAMhk/WOyAQ= =yVBV -----END PGP SIGNATURE----- _______________________________________________ openssl-announce mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce From mark at openssl.org Tue Jul 7 08:50:03 2015 From: mark at openssl.org (Mark J Cox) Date: Tue, 7 Jul 2015 09:50:03 +0100 (BST) Subject: [openssl-dev] Forthcoming OpenSSL releases Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Forthcoming OpenSSL releases ============================ The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as "high" severity. This defect does not affect the 1.0.0 or 0.9.8 releases. Yours The OpenSSL Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVmpufAAoJEAEKUEB8TIy9yVAIALIZcV/4IW2ab7ENffcThFcz Wlgr553L2bciqRYU99EK8w+4Peg54lKoVw/5rZOQmL4fZqS9jAV+76PNz1kQX4jM 2+oe+F6Ed9A4GgwYbh69WDzSnnIdImH5aa1ui2AOqsgsT0aCZkups0hexCqKFSCW e5+OlHXA6FXNzsvRUTzcvfQBczakM7Z/7V4pOpTouzCwHQ+O1jriDRuI+8TVaF0w HpFWJ5uTGfY2lP3p1xI/A+11jfoxTd/XW7ljpqybTx7xARzH7tIuWQk+5Qd7DOZP NEdKw1YtPTXOR3MZJc4xShxv5SWFBjqUjmtVkHpF/dFmBWaMWTDYfAMhk/WOyAQ= =yVBV -----END PGP SIGNATURE----- From hanno at hboeck.de Wed Jul 8 10:34:19 2015 From: hanno at hboeck.de (Hanno =?UTF-8?B?QsO2Y2s=?=) Date: Wed, 8 Jul 2015 12:34:19 +0200 Subject: [openssl-dev] On release pre announcements Message-ID: <20150708123419.04410f06@pc1> Hi, In light of the last "Forthcoming OpenSSL release" I have two suggestions: First would it be possible to have not only a date, but also a timeframe (maybe an hour + timezone info!) for when releases and security announcements are expected to go public? And second I wonder if OpenSSL needs another severity category. The last announcement says tere is a "high" severity security defect to be expected. If I look at the match advisory there were two "high" vulns: https://www.openssl.org/news/secadv_20150319.txt One was a server DoS (you could probably crash a server) and the other was FREAK (which only affected substandard configurations doing things nobody should've done anyway). Now judging by the gold standard of severe OpenSSL vulns (aka Heartbleed) these aren't really super-worrying issues. Sure they need to be patched and fixed. But what I really want to know in advance is whether I have to stop anything I'm doing and patch my server immediately because if I don't before the first PoCs come out I may be in trouble. So may I propose another category that includes only data exfiltration, remote code execution or severe crypto breaks on reasonable default configurations? cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From richmoore44 at gmail.com Wed Jul 8 12:46:35 2015 From: richmoore44 at gmail.com (Richard Moore) Date: Wed, 8 Jul 2015 13:46:35 +0100 Subject: [openssl-dev] On release pre announcements In-Reply-To: <20150708123419.04410f06@pc1> References: <20150708123419.04410f06@pc1> Message-ID: On 8 July 2015 at 11:34, Hanno B?ck wrote: > So may I propose another category that includes only data exfiltration, > remote code execution or severe crypto breaks on reasonable default > configurations? > ?What would be nice would be to have the CVSS Impact scores? ?that would give a clear idea of this, or even a full CVSS base vector. Rich. ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From liachen at blackberry.com Wed Jul 8 15:29:34 2015 From: liachen at blackberry.com (Lianghui Chen) Date: Wed, 8 Jul 2015 15:29:34 +0000 Subject: [openssl-dev] About macro BIGNUM (struct bignum_st) Message-ID: Hi When I tried to compile openssl inside my own project, I got numerous errors about incomplete type of struct bignum_st (from macro BIGNUM). As I see, the macro BIGNUM is defined in bn/bn_lcl.h, which is included only by files inside crypto/bn, but many codes in engines use the struct member (like d) of bignum_st, like e_chil.c. But unfortunately files like e_chil.c is not compiled (and thus exposing these compile errors) in openssl master branch by default. But anyway, isn't this a little bit strange that we access struct bignum_st member variables in engines codes, like e_chil.c, without including the file bn_lcl.h which defines bignum_st? BR - Lianghui From rsalz at akamai.com Wed Jul 8 15:55:10 2015 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 8 Jul 2015 15:55:10 +0000 Subject: [openssl-dev] About macro BIGNUM (struct bignum_st) In-Reply-To: References: Message-ID: <8c1c3ac5aa564fa19c0c5d4ca5976112@ustx2ex-dag1mb2.msg.corp.akamai.com> > But anyway, isn't this a little bit strange that we access struct bignum_st > member variables in engines codes, like e_chil.c, without including the file > bn_lcl.h which defines bignum_st? One of the major goals of the planned 1.1 release is to make "most" structures opaque. There are all sorts of benefits to doing this, even though it will require some changes to existing code. Some ENGINE code has not been updated yet, and therefore we don't compile it by default. There is a wiki page, http://wiki.openssl.org/index.php/1.1_API_Changes, where we are encouraging people to post problems. Or better yet, figure out which accessors you need and open a ticket :) From rt at openssl.org Wed Jul 8 16:07:06 2015 From: rt at openssl.org (Michal Bozon via RT) Date: Wed, 08 Jul 2015 16:07:06 +0000 Subject: [openssl-dev] [openssl.org #3930] DOCUMENTATION: dgst.pod: duplicate -hmac In-Reply-To: References: Message-ID: In dgst man page (doc/apps/dgst.pod), there's duplicate -hmac option documentation: -hmac arg set the HMAC key to "arg". ... -hmac key create a hashed MAC using "key". Michal Bozon _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From liachen at blackberry.com Wed Jul 8 16:11:22 2015 From: liachen at blackberry.com (Lianghui Chen) Date: Wed, 8 Jul 2015 16:11:22 +0000 Subject: [openssl-dev] About macro BIGNUM (struct bignum_st) In-Reply-To: <8c1c3ac5aa564fa19c0c5d4ca5976112@ustx2ex-dag1mb2.msg.corp.akamai.com> References: , <8c1c3ac5aa564fa19c0c5d4ca5976112@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: Hi, Rich > There is a wiki page, http://wiki.openssl.org/index.php/1.1_API_Changes, where we are encouraging people to post problems. Or better yet, figure out which accessors you need and open a ticket :) Thanks for the info and sorry for not having read it. BR - Lianghui _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rmayer at nerd-residenz.de Thu Jul 9 07:44:51 2015 From: rmayer at nerd-residenz.de (Ralph J.Mayer) Date: Thu, 9 Jul 2015 09:44:51 +0200 Subject: [openssl-dev] On release pre announcements In-Reply-To: <20150708123419.04410f06@pc1> References: <20150708123419.04410f06@pc1> Message-ID: <20150709074451.GA16016@soup.nrinfra.net> Hello, it would also be nice to have a bug-ID/CVE to track and organize the upgrades. Best regards, rm From henrik.eriksson at axis.com Thu Jul 9 10:27:05 2015 From: henrik.eriksson at axis.com (Henrik Eriksson) Date: Thu, 9 Jul 2015 12:27:05 +0200 Subject: [openssl-dev] On release pre announcements In-Reply-To: <20150709074451.GA16016@soup.nrinfra.net> References: <20150708123419.04410f06@pc1> <20150709074451.GA16016@soup.nrinfra.net> Message-ID: <20150709102705.GA9300@linux.se.axis.com> On Thu,?Jul?09,?2015?at?09:44:51?+0200, Ralph J.Mayer wrote: > it would also be nice to have a bug-ID/CVE to track > and organize the upgrades. The actual OpenSSL release announcement/notes usually include the CVE IDs. Though I guess it might be nice in some organizations to have them early, even if the CVE db will only show the IDs as allocated. br, -- henrik eriksson From rsalz at akamai.com Thu Jul 9 11:21:10 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 9 Jul 2015 11:21:10 +0000 Subject: [openssl-dev] On release pre announcements In-Reply-To: <20150709074451.GA16016@soup.nrinfra.net> References: <20150708123419.04410f06@pc1> <20150709074451.GA16016@soup.nrinfra.net> Message-ID: <0dea058ade9747c1b77d326ae5c08ac8@ustx2ex-dag1mb2.msg.corp.akamai.com> > it would also be nice to have a bug-ID/CVE to track and organize the > upgrades. The concern is that people would then start trying to find the CVE descriptions which aren't available yet. From richmoore44 at gmail.com Thu Jul 9 12:54:12 2015 From: richmoore44 at gmail.com (Richard Moore) Date: Thu, 9 Jul 2015 13:54:12 +0100 Subject: [openssl-dev] On release pre announcements In-Reply-To: <0dea058ade9747c1b77d326ae5c08ac8@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <20150708123419.04410f06@pc1> <20150709074451.GA16016@soup.nrinfra.net> <0dea058ade9747c1b77d326ae5c08ac8@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On 9 July 2015 at 12:21, Salz, Rich wrote: > > > it would also be nice to have a bug-ID/CVE to track and organize the > > upgrades. > > The concern is that people would then start trying to find the CVE > descriptions which aren't available yet. > > ?Given that NVD is generally quite slow to get the descriptions (usually a day or two after an advisory is released) that might not be a problem. It would make it easier to search bug trackers etc. though. If we just had the CVSS base vector then there'd be no real risk but people could make more informed decisions. Cheers Rich. ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 9 13:04:32 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 9 Jul 2015 13:04:32 +0000 Subject: [openssl-dev] OpenSSL version 1.0.1p released Message-ID: <20150709130432.GA8767@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.1p released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1p of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1p is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1p.tar.gz Size: 4560208 MD5 checksum: 7563e92327199e0067ccd0f79f436976 SHA1 checksum: 9d1977cc89242cd11471269ece2ed4650947c046 SHA256 checksum: bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 The checksums were calculated using the following commands: openssl md5 openssl-1.0.1p.tar.gz openssl sha1 openssl-1.0.1p.tar.gz openssl sha256 openssl-1.0.1p.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVnmeDAAoJENnE0m0OYESR30AIAL5Dj1V2k1/eGDxAbThI4Ics +YEozTm8q6ymBFcInczADe3qe8mXllOu5mBCdOqesdxuuaE0VnsVo0Vm241LMUee blcelAD8pqqlHPenPRPVO+bpvqdJrWGFTOpdJbaTBCslT9E6YaTfpG1xZI1x4yrM VMR57CkdksDi4mm7TuG0m1w3liUN93pdDyIyesI+nkO7NwZpQ2xeM44z4wlUaxiB oZwnB4VTysVOOM7ZZqdZkDH2BO0nDs0SnPd4byL4AdjhrTIxf0qEKTIcm7WTvnU4 FGpkVJT7/Sm15xdJQ1keZLcRJ5oTHgWuLT7rsX01T4MLWQ8qT1afDkx/O2oF07o= =1BNN -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jul 9 13:05:00 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 9 Jul 2015 13:05:00 +0000 Subject: [openssl-dev] OpenSSL version 1.0.2d released Message-ID: <20150709130500.GA8903@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.2d released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2d of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.2-notes.html OpenSSL 1.0.2d is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.2d.tar.gz Size: 5295447 MD5 checksum: 38dd619b2e77cbac69b99f52a053d25a SHA1 checksum: d01d17b44663e8ffa6a33a5a30053779d9593c3d SHA256 checksum: 671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 The checksums were calculated using the following commands: openssl md5 openssl-1.0.2d.tar.gz openssl sha1 openssl-1.0.2d.tar.gz openssl sha256 openssl-1.0.2d.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVnmMAAAoJENnE0m0OYESRszEH/RFG+H+im2svvgRoTLI/J8YH czX5u5aNqVWDPqQCZz7OQZOq8l7c9lQ8RMuB6AZWECSzn8IUaAF7dNdKC9qSM2Ax 1Sl1fwFeWHXRASvMm4SDUIQxmU8tBmiopBWM4J2a5LWO3zK6pG8pN72HIBIjuJmk 5Sp02BUMCbI5+FpZju1SOClfkZiAappAcdvJiWhv5ef3dJfdIUE3YBtLlEhzH4Ou cfX64gHcsFHWo8ZnHSwrB+blL6Eb8SnGOn+lBAUCIJhh5MY91PSjhfUVL5e2AYY7 Xqm5EFsghLrfxOZeUUNaCHlkdodR0XAabqvq8TQkSk3QQg8N8UFKxr+HnymtMGc= =ay5A -----END PGP SIGNATURE----- From openssl at openssl.org Thu Jul 9 13:10:24 2015 From: openssl at openssl.org (OpenSSL) Date: Thu, 9 Jul 2015 13:10:24 +0000 Subject: [openssl-dev] OpenSSL Security Advisory Message-ID: <20150709131024.GA9863@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL Security Advisory [9 Jul 2015] ======================================= Alternative chains certificate forgery (CVE-2015-1793) ====================================================== Severity: High During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project. Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20150709.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVnml8AAoJENnE0m0OYESRlcYH/iUe62/m2oZiuBHkKQvLBUbH VrLDp7xEXEg6ozByLyxughAFwY9XD2r9WkXehxw66af2pmNHphXH3Gbfpcebki0r HuZJ3CbGD/RSomWdAqkzRfV8MjNxmN4Pyi+sTsf7F+nKv80Ts51iUN1pPjkddAR8 ooKw0VMIENeMboWQ9SyQ3r7TYYywK+lXUG71Ekva9ByzABBwC/1CzZeSLJmuewnJ +9TjwQ4otH/mUJ/klvw+G2eTSn64AnA6UEFR+sBL4aNpIgdrtjonJRt2ko05Z92N HN/ibu5okd3iUbtkM0dTMGAr2NCrNYPr2dYLMPemwkAq1cRlhjGouRDDeb6TUYk= =oUAa -----END PGP SIGNATURE----- From rsalz at akamai.com Thu Jul 9 13:13:30 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 9 Jul 2015 13:13:30 +0000 Subject: [openssl-dev] OpenSSL Security Advisory In-Reply-To: <20150709131024.GA9863@openssl.org> References: <20150709131024.GA9863@openssl.org> Message-ID: > This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. In other words, if you are not using those specific releases -- i.e., the ones that came out less than 30 days ago -- you do not need to upgrade. From openssl-users at dukhovni.org Thu Jul 9 14:02:55 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 9 Jul 2015 14:02:55 +0000 Subject: [openssl-dev] [openssl-users] OpenSSL Security Advisory In-Reply-To: References: <20150709131024.GA9863@openssl.org> Message-ID: <20150709140254.GB21534@mournblade.imrryr.org> On Thu, Jul 09, 2015 at 01:13:30PM +0000, Salz, Rich wrote: > > This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. > > In other words, if you are not using those specific releases -- i.e., the > ones that came out less than 30 days ago -- you do not need to upgrade. More accurately, you should upgrade anyway, to address the issues resolved by those earlier releases, even though the specific issue in the most recent release applies only to its immediate predecessors. -- Viktor. From rsalz at akamai.com Thu Jul 9 19:06:22 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 9 Jul 2015 19:06:22 +0000 Subject: [openssl-dev] On release pre announcements In-Reply-To: <20150708123419.04410f06@pc1> References: <20150708123419.04410f06@pc1> Message-ID: <97af042cfb734338b89e637da4468ad7@ustx2ex-dag1mb2.msg.corp.akamai.com> Perhaps something like the CVE vectors, that others have suggested? https://nvd.nist.gov/CVSS/Vector-v2.aspx It's (a bit?) extra work while getting the release out, so it would be good to hear enthusiastic support for this :) -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz From uri at ll.mit.edu Thu Jul 9 19:08:49 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Thu, 9 Jul 2015 19:08:49 +0000 Subject: [openssl-dev] On release pre announcements In-Reply-To: <97af042cfb734338b89e637da4468ad7@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <20150708123419.04410f06@pc1> <97af042cfb734338b89e637da4468ad7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: On 7/9/15, 15:06 , "openssl-dev on behalf of Salz, Rich" wrote: >Perhaps something like the CVE vectors, that others have suggested? >https://nvd.nist.gov/CVSS/Vector-v2.aspx I?d say it makes sense, and would be useful. >It's (a bit?) extra work while getting the release out, so it would be >good to hear enthusiastic support for this :) Want me to jump up and down? OK, watch this... :-) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4308 bytes Desc: not available URL: From rt at openssl.org Thu Jul 9 21:34:26 2015 From: rt at openssl.org (Puckett, Rick via RT) Date: Thu, 09 Jul 2015 21:34:26 +0000 Subject: [openssl-dev] [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() In-Reply-To: References: Message-ID: Request: Bug Report Hello, I recently compiled OpenSSL 1.0.2(c,d) for Solaris 5.10 using GCC 4.8.2 on an UltraSPARC 45 and our group tested it on several different types of other systems (V245, T4, T3, etc...) and it runs as expected on all systems except the T3 where it hangs - even for a simple call like "openssl version". The process continues normally when sent either a SIGBUS or SIGILL. I believe I've tracked it down to the function "OPENSSL_cpuid_setup" in the file "crypto/sparcv9cap.c" after the initial sigaction calls to set the signal handlers for SIGILL and SIGBUS and before the trailing sigaction calls to reset the handlers for SIGILL and SIGBUS. There's a partial dtrace listing below, generated by my colleague Carolyn, with the last output lines showing the sigaction calls for SIGILL then SIGBUS (the trailing sigaction calls are in the reverse order in the code). The "OPENSSL_cpuid_setup" function supports reading the environment variable "OPENSSL_sparcv9cap" to skip further processing and setting this variable (to anything) prevents the process from hanging, so I'm also encouraged that the issue resides within this function, but am, obviously, hesitant to rely on this as an operational solution ... Is there any other information I can provide you and/or anything I can do on my side to investigate and resolve this. Thank you, - Rick 4503: lwp_sigmask(SIG_SETMASK, 0xFFBFF827, 0x0000FFF7) = 0xFFBFFEFF [0x0000FFFF] 4503: sigaction(SIGILL, 0xFFBFEC10, 0xFFBFECF0) = 0 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 flags = 0x0000 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 4503: sigaction(SIGBUS, 0xFFBFEC10, 0xFFBFED10) = 0 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 flags = 0x0000 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From misaki.miyashita at oracle.com Thu Jul 9 23:15:32 2015 From: misaki.miyashita at oracle.com (Misaki.Miyashita) Date: Thu, 09 Jul 2015 18:15:32 -0500 Subject: [openssl-dev] [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() In-Reply-To: References: Message-ID: <559F0094.5060908@oracle.com> Hi Rick, Can you run the truss(1) command when you run "openssl version" as follows? i.e. % truss -lf -u libcrypto:: -u libpkcs11:: -o /tmp/truss.out openssl version The output will tell you more information about the function calls made by the openssl(1) application. Thank you, -- misaki On 07/09/15 16:34, Puckett, Rick via RT wrote: > Request: Bug Report > > Hello, > > I recently compiled OpenSSL 1.0.2(c,d) for Solaris 5.10 using GCC 4.8.2 on an UltraSPARC 45 and our group tested it on several different types of other systems (V245, T4, T3, etc...) and it runs as expected on all systems except the T3 where it hangs - even for a simple call like "openssl version". The process continues normally when sent either a SIGBUS or SIGILL. > > I believe I've tracked it down to the function "OPENSSL_cpuid_setup" in the file "crypto/sparcv9cap.c" after the initial sigaction calls to set the signal handlers for SIGILL and SIGBUS and before the trailing sigaction calls to reset the handlers for SIGILL and SIGBUS. There's a partial dtrace listing below, generated by my colleague Carolyn, with the last output lines showing the sigaction calls for SIGILL then SIGBUS (the trailing sigaction calls are in the reverse order in the code). > > The "OPENSSL_cpuid_setup" function supports reading the environment variable "OPENSSL_sparcv9cap" to skip further processing and setting this variable (to anything) prevents the process from hanging, so I'm also encouraged that the issue resides within this function, but am, obviously, hesitant to rely on this as an operational solution ... > > Is there any other information I can provide you and/or anything I can do on my side to investigate and resolve this. > > Thank you, > - Rick > > > 4503: lwp_sigmask(SIG_SETMASK, 0xFFBFF827, 0x0000FFF7) = 0xFFBFFEFF [0x0000FFFF] > > 4503: sigaction(SIGILL, 0xFFBFEC10, 0xFFBFECF0) = 0 > > 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 flags = 0x0000 > > 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 > > 4503: sigaction(SIGBUS, 0xFFBFEC10, 0xFFBFED10) = 0 > > 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 flags = 0x0000 > > 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 > > > > > > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- Oracle Solaris Security - Austin, TX Principal Software Engineer From mancha1 at zoho.com Fri Jul 10 01:31:09 2015 From: mancha1 at zoho.com (mancha) Date: Fri, 10 Jul 2015 01:31:09 +0000 Subject: [openssl-dev] CVE-2015-1793 tester (alt.chain.fail) Message-ID: <20150710013109.GA11161@zoho.com> Hi. Vulnerability tester for CVE-2015-1793 (alternative chains certificate forgery) based on Matt Caswell's test now available: https://twitter.com/mancha140/status/619316033241923585 --mancha -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From hecht at hlrs.de Fri Jul 10 09:06:45 2015 From: hecht at hlrs.de (Martin Hecht) Date: Fri, 10 Jul 2015 11:06:45 +0200 Subject: [openssl-dev] On release pre announcements In-Reply-To: <97af042cfb734338b89e637da4468ad7@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <20150708123419.04410f06@pc1> <97af042cfb734338b89e637da4468ad7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <559F8B25.4080003@hlrs.de> On 07/09/2015 09:06 PM, Salz, Rich wrote: > Perhaps something like the CVE vectors, that others have suggested? > https://nvd.nist.gov/CVSS/Vector-v2.aspx > > It's (a bit?) extra work while getting the release out, so it would be good to hear enthusiastic support for this :) Yes, this would be very helpful. Also, in this particular case, the following piece of information (and especially your clarification) would have been useful if it were included in the pre-announcement (but maybe the heads-up was a bit fuzzy on purpose, with the intention not to point attackers to the exact location of the bug in the source?): Subject: Re: [openssl-users] [openssl-dev] OpenSSL Security Advisory Date: Thu, 9 Jul 2015 13:13:30 +0000 From: Salz, Rich Reply-To: openssl-users at openssl.org To: openssl-dev at openssl.org , OpenSSL User Support ML > This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. In other words, if you are not using those specific releases -- i.e., the ones that came out less than 30 days ago -- you do not need to upgrade. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Fri Jul 10 10:47:15 2015 From: rt at openssl.org (jean-christophe manciot via RT) Date: Fri, 10 Jul 2015 10:47:15 +0000 Subject: [openssl-dev] [openssl.org #3932] Compilation Bug Report In-Reply-To: References: Message-ID: *Ubuntu Server 15.04* *OpenSSL 1.0.2d sources from https://github.com/openssl/openssl * root at msi-ge60 :/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl#* ./config* Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 Configuring for linux-x86_64 no-deprecated [default] OPENSSL_NO_DEPRECATED (skip dir) no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-gmp [default] OPENSSL_NO_GMP (skip dir) no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) no-md2 [default] OPENSSL_NO_MD2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir) no-sctp [default] OPENSSL_NO_SCTP (skip dir) no-shared [default] no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) no-store [experimental] OPENSSL_NO_STORE (skip dir) no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) no-zlib [default] no-zlib-dynamic [default] IsMK1MF=0 CC =gcc CFLAG =-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -Wall -O3 -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM EX_LIBS =-ldl CPUID_OBJ =x86_64cpuid.o BN_ASM =x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o EC_ASM =ecp_nistz256.o ecp_nistz256-x86_64.o DES_ENC =des_enc.o fcrypt_b.o AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o BF_ENC =bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM =md5-x86_64.o SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o RMD160_OBJ_ASM= CMLL_ENC =cmll-x86_64.o cmll_misc.o MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o ENGINES_OBJ =e_padlock-x86_64.o PROCESSOR = RANLIB =/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl SIXTY_FOUR_BIT_LONG mode DES_UNROLL used DES_INT used RC4_CHUNK is unsigned long Configured for linux-x86_64. root at msi-ge60:/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl# *make* making all in crypto... ... ake[2]: Entering directory '/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl/apps' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -Wall -O3 -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o asn1pars.o ca.o ciphers.o cms.o crl.o crl2p7.o dgst.o dhparam.o dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o errstr.o gendsa.o genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o pkcs7.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o rsautl.o s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o srp.o ts.o verify.o version.o x509.o apps.o opt.o s_cb.o s_socket.o app_rand.o ${LIBDEPS} ) speed.o: In function `speed_main': *speed.c:(.text+0x980): undefined reference to `RC4_set_key'* *speed.c:(.text+0x15d3): undefined reference to `RC4'* *speed.c:(.text+0x4f80): undefined reference to `RC4_options'* version.o: In function `version_main': version.c:(.text+0x228): undefined reference to `RC4_options' ../libcrypto.a(e_rc4.o): In function `rc4_cipher': e_rc4.c:(.text+0x12): undefined reference to `RC4' ../libcrypto.a(e_rc4.o): In function `rc4_init_key': e_rc4.c:(.text+0x3b): undefined reference to `RC4_set_key' ../libcrypto.a(e_rc4_hmac_md5.o): In function `rc4_hmac_md5_cipher': e_rc4_hmac_md5.c:(.text+0x1eb): undefined reference to `RC4' e_rc4_hmac_md5.c:(.text+0x273): undefined reference to `RC4' e_rc4_hmac_md5.c:(.text+0x3fd): undefined reference to `RC4' e_rc4_hmac_md5.c:(.text+0x41e): undefined reference to `rc4_md5_enc' e_rc4_hmac_md5.c:(.text+0x4be): undefined reference to `RC4' e_rc4_hmac_md5.c:(.text+0x4ed): undefined reference to `rc4_md5_enc' e_rc4_hmac_md5.c:(.text+0x54a): undefined reference to `RC4' ../libcrypto.a(e_rc4_hmac_md5.o): In function `rc4_hmac_md5_init_key': e_rc4_hmac_md5.c:(.text+0x58f): undefined reference to `RC4_set_key' collect2: error: ld returned 1 exit status ../Makefile.shared:164: recipe for target 'link_app.' failed make[2]: *** [link_app.] Error 1 make[2]: Leaving directory '/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl/apps' Makefile:148: recipe for target 'openssl' failed make[1]: *** [openssl] Error 2 make[1]: Leaving directory '/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl/apps' Makefile:290: recipe for target 'build_apps' failed make: *** [build_apps] Error 1 Regards. -- Jean-Christophe Manciot -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Jul 10 10:47:31 2015 From: rt at openssl.org (beat.bolli@isc-ejpd.admin.ch via RT) Date: Fri, 10 Jul 2015 10:47:31 +0000 Subject: [openssl-dev] [openssl.org #3933] [PATCH] 1.0.2d engines/e_capi: enable the SHA-2 message digests In-Reply-To: <97BC6CBC9E7318469CA3C1DB0C06D05BA9DA0287@SB00110A.adb.intra.admin.ch> References: <97BC6CBC9E7318469CA3C1DB0C06D05BA9DA0287@SB00110A.adb.intra.admin.ch> Message-ID: Hi This patch is needed to support the modern TLSv1.2 cipher suites with the Windows CryptoAPI. In ticket #3366, it has been submitted earlier as part of someone else's patch but abandoned by its author. I have tested it with 1.0.2d, but it should apply to all branches. Thanks, Beat Bolli -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-engines-e_capi-enable-the-SHA-2-message-digests.patch Type: text/x-patch Size: 1424 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Jul 10 10:47:55 2015 From: rt at openssl.org (Mike Frysinger via RT) Date: Fri, 10 Jul 2015 10:47:55 +0000 Subject: [openssl-dev] [openssl.org #3934] [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions In-Reply-To: <1436507746-2476-1-git-send-email-vapier@gentoo.org> References: <1436507746-2476-1-git-send-email-vapier@gentoo.org> Message-ID: The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using just the former with newer versions leads to a build time warning, so make sure to use the new macro too. --- test/ssltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/test/ssltest.c b/test/ssltest.c index 26cf96c..b36f667 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -141,6 +141,7 @@ */ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ +#define _DEFAULT_SOURCE 1 #define _BSD_SOURCE 1 #include -- 2.4.4 _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Jul 10 11:13:00 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Fri, 10 Jul 2015 11:13:00 +0000 Subject: [openssl-dev] [openssl.org #3934] [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions In-Reply-To: <22f75d4c63c14b40a421ed06ef8d9cd6@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <1436507746-2476-1-git-send-email-vapier@gentoo.org> <22f75d4c63c14b40a421ed06ef8d9cd6@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: This is strange, since OpenSSL doesn't use "gethostname" which the comments mention. Can you add the exact error message? And why only that one file? More strangeness. From rt at openssl.org Fri Jul 10 20:36:39 2015 From: rt at openssl.org (William Freeman via RT) Date: Fri, 10 Jul 2015 20:36:39 +0000 Subject: [openssl-dev] [openssl.org #3935] TTY echo flag not correctly restored after reading pass phrase In-Reply-To: <0525DE5B0D26F54C8D514CE0EFA18F6FA172740C@NHPDAG005.dt.inc> References: <0525DE5B0D26F54C8D514CE0EFA18F6FA172740C@NHPDAG005.dt.inc> Message-ID: I use openssl inside an emacs shell window. Emacs runs the tty with echo off, collects the line I'm typing (letting me edit it with emacs commands), then sends the whole line when I hit enter. Since the line as I typed it is already on the screen, I don't need the tty to echo it, or I'll see two copies. When openssl reads a pass phrase, it turns off echo. That's a good thing, in general. (Emacs recognizes the password prompt, and collects the password in a separate window, masking by echoing asterisk for each character, and sends the pass phrase to the tty when collected.) But then, since, without, apparently, checking, it believes that it turned echo off, openssl unconditionally turns echo on. This means my subsequent commands (or inputs) appear twice, until I run "stty -echo". A user of a half duplex terminal (if one can still find any) would be similarly offended. What is needed is for openssl to record the state of the echo flag before turning it off, and then, after the pass phrase is read, only turn it back on if it was on before. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Jul 10 21:02:24 2015 From: rt at openssl.org (William Freeman via RT) Date: Fri, 10 Jul 2015 21:02:24 +0000 Subject: [openssl-dev] [openssl.org #3936] Bug (maybe) report In-Reply-To: <0525DE5B0D26F54C8D514CE0EFA18F6FA17273EE@NHPDAG005.dt.inc> References: <0525DE5B0D26F54C8D514CE0EFA18F6FA17273EE@NHPDAG005.dt.inc> Message-ID: This could be a real bug, a doc bug, or I'm just not getting it. I'm using "-config" with "openssl req" and "openssl ca" to use an alternate openssl.cnf file. The command bombs because (being run as non-root) it can't read the default /etc/pki/tls/openssl.cnf file, since it is owned by root and mode 600 (CentOS 6.2, openssl 1.0.1e from RPM), and the command is not being run as root. My alternate openssl.cnf file is in the current working directory, and I have tried making the -config argument each of "openssl.cnf", "./openssl.cnf", and the full absolute path to the file. My file is mode 600 and owned by the user running the command and has mode 600. In no case does it complain of not being able to read my file (but maybe it never gets that far). It complains of not being able to read the default file. So, does -config *NOT* suppress reading of the default file (the man page implies that it does)? Have I missed an option for suppressing it? Is this a bug, a local installation problem, or could the documentation use improvement. Here's an example of a failing command: (imposter)[ imposter at imposter_bill ~/imposter/non-git/CA ] $ openssl req -config /home/imposter/imposter/non-git/CA/openssl.cnf -newkey rsa -nodes -keyout localhost.key -out localhost.csr 140615126005576:error:0200100D:system library:fopen:Permission denied:bss_file.c:169:fopen('/etc/pki/tls/openssl.cnf','rb') 140615126005576:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:174: 140615126005576:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199: (imposter)[ imposter at imposter_bill ~/imposter/non-git/CA ] $ -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Sat Jul 11 02:08:34 2015 From: rt at openssl.org (noloader@gmail.com via RT) Date: Sat, 11 Jul 2015 02:08:34 +0000 Subject: [openssl-dev] [openssl.org #3937] OpenSSL and s_client behavior when default CA certificates are available In-Reply-To: References: Message-ID: When s_client is well configured, meaning the library user has placed something like cacerts.cpem (http://curl.haxx.se/docs/caextract.html) in the proper place so s_client has them available by default, then... The following produces unexpected results: #!/bin/bash wget -O Google-CA.der --no-check-certificate https://pki.google.com/GIAG2.crt openssl x509 -in Google-CA.der -inform DER -out Google-CA.pem -outform PEM # Intuitively, this should fail, but it does not. openssl s_client -connect www.microsoft.com:443 -tls1 -servername www.microsoft.com -CAfile Google-CA.pem The oddity above is it appears Google is certifying Microsoft sites. ********** This also does not produce a failure: openssl s_client -connect www.microsoft.com:443 -tls1 -servername www.microsoft.com -CAfile Google-CA.pem -CApath /dev/null ********** I like the default behavior of "use a list of CAs in the absence of -CAfile and -CApath". But I'm not sure the strategy taken is the best one. In fact, the strategy kind on nullifies s_client's usefulness as a debug tool. *If* the user specifies -CAfile or -CApath, then I would expect either: (1) disable all default, available certificates (2) disable the self-signed Root CAs (so only intermediates are available) In either case, I can use s_client as a debug tool to verify a server configuration. _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From openssl-users at dukhovni.org Sat Jul 11 02:22:20 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Sat, 11 Jul 2015 02:22:20 +0000 Subject: [openssl-dev] [openssl.org #3937] OpenSSL and s_client behavior when default CA certificates are available In-Reply-To: References: Message-ID: <20150711022220.GF28047@mournblade.imrryr.org> On Sat, Jul 11, 2015 at 02:08:34AM +0000, noloader at gmail.com via RT wrote: > # Intuitively, this should fail, but it does not. > openssl s_client -connect www.microsoft.com:443 -tls1 -servername www.microsoft.com -CAfile Google-CA.pem Your timing is impeccable, the fact that "-CAfile" does not suppress the default store locations, but merely adds to them is under discussion on the OpenSSL team internal mailing list. > I like the default behavior of "use a list of CAs in the absence of > -CAfile and -CApath". Good so far. > But I'm not sure the strategy taken is the best one. In fact, the > strategy kind on nullifies s_client's usefulness as a debug tool. But you want to be able specify a set of CAs that preempts the default locations. And yet it is also useful to be able to augment them. The verify(1) command, has a recently (1.0.2d) documented "-trusted" option, whose new documentation is wrong (hence the discussion on the team list). That option suppresses the default CAs. It clearly useful to provide both the "augment" and "replace" features. The key question is with what combination of flags. Perhaps: * A new "-nodefCAs" (or similar) boolean option to optionally suppress the default locations. * An extended -CAfile option that can be specified more than once to use multiple files * An extended -CApath option that can be specified more than once to use multiple directories * Remove the "-trusted" option which combines -CAfile with the "no defaults" boolean. An alternative is to go with what we've got and add "-trusted" to all the CLI apps, not just verify(1). I don't thin that after all these years "-CAfile" should be changed incompatibly in s_client(1) and verify(1) to suppress the default CAs. However, the story is messy, because it does do that in smime(1), cms(1) and ocsp(1). So we need to fix this is master first, and I'm not sure what to do in existing releases. Likely just leave them as-is is best. -- Viktor. From dthompson at cardconnect.com Sat Jul 11 06:48:18 2015 From: dthompson at cardconnect.com (David Thompson) Date: Sat, 11 Jul 2015 06:48:18 +0000 Subject: [openssl-dev] [openssl.org #3934] [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions In-Reply-To: References: <1436507746-2476-1-git-send-email-vapier@gentoo.org> <22f75d4c63c14b40a421ed06ef8d9cd6@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <7C7B83BD5B04E744A206B6F55159E444B07FCB87@MSG1.ftservice.local> > From: openssl-dev On Behalf Of Salz, Rich via RT > Sent: Friday, July 10, 2015 07:13 > Subject: Re: [openssl-dev] [openssl.org #3934] [PATCH] test: use > _DEFAULT_SOURCE with newer glibc versions > > This is strange, since OpenSSL doesn't use "gethostname" which the > comments mention. Can you add the exact error message? > And why only that one file? More strangeness. > The file indicated, ssl/ssltest.c also linked as test/ssltest.c, DOES use gethostname (for Kerberos). It is the only source file that uses it, ________________________________ THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information protected from disclosure and intended only for the use of the recipient(s) named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message or any attachments is strictly prohibited. If you have received this communication in error, please notify CardConnect immediately by replying to this message and then delete this message and any attachments from your computer. From rt at openssl.org Sat Jul 11 06:54:03 2015 From: rt at openssl.org (David Thompson via RT) Date: Sat, 11 Jul 2015 06:54:03 +0000 Subject: [openssl-dev] [openssl.org #3934] [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions In-Reply-To: <7C7B83BD5B04E744A206B6F55159E444B07FCB87@MSG1.ftservice.local> References: <1436507746-2476-1-git-send-email-vapier@gentoo.org> <22f75d4c63c14b40a421ed06ef8d9cd6@ustx2ex-dag1mb2.msg.corp.akamai.com> <7C7B83BD5B04E744A206B6F55159E444B07FCB87@MSG1.ftservice.local> Message-ID: > From: openssl-dev On Behalf Of Salz, Rich via RT > Sent: Friday, July 10, 2015 07:13 > Subject: Re: [openssl-dev] [openssl.org #3934] [PATCH] test: use > _DEFAULT_SOURCE with newer glibc versions > > This is strange, since OpenSSL doesn't use "gethostname" which the > comments mention. Can you add the exact error message? > And why only that one file? More strangeness. > The file indicated, ssl/ssltest.c also linked as test/ssltest.c, DOES use gethostname (for Kerberos). It is the only source file that uses it, ________________________________ THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information protected from disclosure and intended only for the use of the recipient(s) named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message or any attachments is strictly prohibited. If you have received this communication in error, please notify CardConnect immediately by replying to this message and then delete this message and any attachments from your computer. From rt at openssl.org Sat Jul 11 12:47:44 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Sat, 11 Jul 2015 12:47:44 +0000 Subject: [openssl-dev] [openssl.org #3934] [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions In-Reply-To: References: <1436507746-2476-1-git-send-email-vapier@gentoo.org> <22f75d4c63c14b40a421ed06ef8d9cd6@ustx2ex-dag1mb2.msg.corp.akamai.com> <7C7B83BD5B04E744A206B6F55159E444B07FCB87@MSG1.ftservice.local> Message-ID: Ah, that explains my confusion; I was looking at master. So we need to make this fix for 1.0.x Thanks. From e.soliz24 at yahoo.com Sat Jul 11 15:40:49 2015 From: e.soliz24 at yahoo.com (choliz) Date: Sat, 11 Jul 2015 08:40:49 -0700 (MST) Subject: [openssl-dev] Entropy FIPS key generation Message-ID: <1436629249653-59110.post@n7.nabble.com> Hello, I currently have a FIPS module where I'm trying to add entropy to RSA key generation pair. I've overwritten the callbacks within my application but I'm not seeing them being executed when I generate an RSA key. When I call RSA_generate_key_ex shouldn't my entropy callback function be invoked that I set in FIPS_drbg_set_callbacks? The only way I can get the callback to be invoked is if I call FIPS_drbg_instantiate. Can someone please explain how RSA_generate_key_ex can use my specific get_entropy callback? Thanks! -- View this message in context: http://openssl.6102.n7.nabble.com/Entropy-FIPS-key-generation-tp59110.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. From phpdev at ehrhardt.nl Sat Jul 11 16:08:58 2015 From: phpdev at ehrhardt.nl (Jan Ehrhardt) Date: Sat, 11 Jul 2015 18:08:58 +0200 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module References: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> <5593F0CA.7070803@openssl.com> Message-ID: Steve Marquess in gmane.comp.encryption.openssl.devel (Wed, 01 Jul 2015 09:53:14 -0400): >On 07/01/2015 02:24 AM, Patil, Ashwini IN BLR STS wrote: >> Hello All, >> >> Please let me know if openssl-1.0.2c include FIPS 140-2 Object Module. >> Also please explain how to validate the application. > >This question would be more appropriate for the openssl-users list. The >-dev list is for OpenSSL development issues, not for basic usage questions. Patil has a point, because FIPS 140-2 building on Windows is broken since the introduction of applink.c. The generated fips_premain_dso.exe fails during the building process: link /nologo /subsystem:console /opt:ref /debug /dll /fixed /map /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @D:\Temp\nmB1D5.tmp Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll OPENSSL_Uplink(00CBB000,08): no OPENSSL_Applink Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Outside of the building script the error is the same C:\openssl>out32dll\fips_premain_dso.exe out32dll\libeay32.dll OPENSSL_Uplink(010CB000,08): no OPENSSL_Applink Solution: fips/fips_premain.c in the FIPS sources should include applink.c on Windows I managed to build a fips_premain_dso.exe with Applink and use that to create Openssl 1.0.2d fips, but this was certainly not without breaking the FIPS rules. It is time for openssl-fips-2.0.10 -- Jan From rt at openssl.org Sat Jul 11 21:18:56 2015 From: rt at openssl.org (James A. T. Rice via RT) Date: Sat, 11 Jul 2015 21:18:56 +0000 Subject: [openssl-dev] [openssl.org #3938] Website ciphers.html specifies DHE-RSA-DES-CBC3-SHA, OpenSSL needs EDH-RSA-DES-CBC3-SHA In-Reply-To: References: Message-ID: >From https://www.ietf.org/rfc/rfc4346.txt CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; >From https://www.openssl.org/docs/apps/ciphers.html TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA >From ?openssl ciphers -V | grep 0x16? 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-DES-CBC3-SHA (on the website) vs EDH-RSA-DES-CBC3-SHA (actually usuable) Thanks James -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From phpdev at ehrhardt.nl Sat Jul 11 22:24:44 2015 From: phpdev at ehrhardt.nl (Jan Ehrhardt) Date: Sun, 12 Jul 2015 00:24:44 +0200 Subject: [openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module References: <8878620CF8603E45BB794422B7899E9E112DF77932@INBLRK77M1MSX.in002.siemens.net> <5593F0CA.7070803@openssl.com> Message-ID: Jan Ehrhardt in gmane.comp.encryption.openssl.devel (Sat, 11 Jul 2015 18:08:58 +0200): >OPENSSL_Uplink(00CBB000,08): no OPENSSL_Applink >Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. >NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' >It is time for openssl-fips-2.0.10 The two changes to fix the broken build on Windows are here: https://github.com/Jan-E/openssl-fips/commits/master Please pass this on to the maintainers of Openssl FIPS. -- Jan From rt at openssl.org Sun Jul 12 15:12:56 2015 From: rt at openssl.org (Dmitry Belyavsky via RT) Date: Sun, 12 Jul 2015 15:12:56 +0000 Subject: [openssl-dev] [openssl.org #3940] Missing CRL checks in cms/smime cmdline utilities In-Reply-To: References: Message-ID: Hello, There is a missing CRL check on encrypting the messages using the 'cms/smime -encrypt' commands. Encrypting the message for the owner of a compromised key is dangerous, so CRL check in these utilities will be useful enough. Thank you! -- SY, Dmitry Belyavsky -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From naynjain at in.ibm.com Mon Jul 13 06:55:40 2015 From: naynjain at in.ibm.com (Nayna Jain) Date: Mon, 13 Jul 2015 12:25:40 +0530 Subject: [openssl-dev] Not Before and Not After Date format for openssl API X509_gmtime_adj Message-ID: Hi all, I am programmatically generating the self signed certificate and need to specify the "Not Before" and "Not After" date, Wanted to understand what all formats are acceptable by this API ? Also, similarly while using API , what exactly is the time format expected by X509_cmp_time(X509_get_notAfter(iv_pX509), .......); Thanks & Regards, Nayna Jain -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Mon Jul 13 13:02:00 2015 From: rt at openssl.org (Dmitry Belyavsky via RT) Date: Mon, 13 Jul 2015 13:02:00 +0000 Subject: [openssl-dev] [openssl.org #3941] Site: deprecated page In-Reply-To: References: Message-ID: Hello! Content of the page at https://www.openssl.org/news/state.html seems to be deprecated. -- SY, Dmitry Belyavsky -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From appro at openssl.org Mon Jul 13 15:16:10 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 13 Jul 2015 17:16:10 +0200 Subject: [openssl-dev] AES-GCM for ARM: what is the status of the new work published by In-Reply-To: References: Message-ID: <55A3D63A.5000503@openssl.org> Hi, > What is the status of the improvements on security and performance for > AES-GCM on ARM published recently by Conrado P. L. Gouv?a, Julio L?pez ? > > Implementing GCM on ARMv8. Conrado P. L. Gouv?a, Julio L?pez. 2015 [1] > Which details also the ARMv7 case, and was presented at the RSA > Conference 2015 in the US, 2 months ago. > The paper is here [2]. > The code is available here [3] > > My question goes primarily to Andy Polyakov. > > Is there any plan for integrating the code into openssl ? I don't quite understand... On one hand you effectively imply that OpenSSL doesn't have support for ARMv8 crypto extensions, which would mean that you didn't do your homework. On the other hand you explicitly call on me by name, which would mean that you did some homework... But in either case. OpenSSL does have support for ARMv8 crypto extensions, and there are no "holes" in it in sense that it utilizes all available extensions. And both 64- and 32-bit modes of operations are supported. Or to be more specific in context of the question ARMv8 AES instructions are used to implement AES-CTR and PMULL ones to implement GHASH, the GCM components. But unlike referred code OpenSSL code is endian-neutral (in sense that can be compiled for either endiannnes) and supports all AES key lengths and more encryption modes including decrypt. Looking at performance metrics, cycles per processed byte, for referred code vs. OpenSSL: AES-128-CTR GHASH Cortex A53 1.88/1.46 1.21/1.01 Cortex A57 1.84/0.93 0.95/1.17 Apple A7 1.21/1.20 0.51/0.92 OpenSSL code is organized so that AES-CTR and GHASH performance are basically additive, so that you would have to add corresponding numbers to obtain GCM result. As it can be seen OpenSSL GHASH is slower on Cortex A57 (but not sum of CTR and GHASH) and Apple A7. There is explanation for that. One of GHASH implementations parameters is "aggregate factor" that denotes amount of multiplications that are performed prior reduction. OpenSSL uses factor of 4, while referred code - 8. Higher aggregate factor is on to-do list and there is no reason to believe that performance would be worse than reported in referred paper. The paper also discusses non-crypto-extension code. It is a valid question, because not all ARMv8 processors implement crypto extensions. For example APM X-Gene doesn't, nor does Qualcomm Snapdragon 810. What's going to happen there? As for AES. There was open question about which NEON implementation would provide best all-round performance, i.e. across range of processors. There were three contenders: a) straight-forward vtbl-based implementation that can be found in Linux kernel source tree; b) vector-permutation AES; c) bit-sliced AES. As it turned out it's combination of b) and c) that provides best performance. Vector-permutation code is already committed to source tree and existing bit-sliced ARMv7 code will be adapted for 64-bit mode. On side note, unlike original, OpenSSL bit-sliced AES module supports all key lengths and more encryption modes, including decrypt. Performance metrics for vector-permutation and bit-slices are collected in vpaes-armv8 module (comparison to referred paper is left as exercise for reader). As for non-crypto-extension GHASH, options are to be carefully examined and course of action is to be determined. [On side note one also have to keep in mind that even NEON support is specified to be optional.] > [1] > https://www.rsaconference.com/writable/presentations/file_upload/cryp-w01-secure-and-efficient-implementation-of-aes-based-cryptosystems.pdf > > [2] http://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf > > [3] https://github.com/conradoplg/authenc From appro at openssl.org Mon Jul 13 15:36:13 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 13 Jul 2015 17:36:13 +0200 Subject: [openssl-dev] AES-GCM for ARM: what is the status of the new work published by In-Reply-To: <55A3D63A.5000503@openssl.org> References: <55A3D63A.5000503@openssl.org> Message-ID: <55A3DAED.6090305@openssl.org> > As it can be seen OpenSSL GHASH is slower on Cortex A57 (but not sum of > CTR and GHASH) and Apple A7. There is explanation for that. One of GHASH > implementations parameters is "aggregate factor" that denotes amount of > multiplications that are performed prior reduction. OpenSSL uses factor > of 4, while referred code - 8. Higher aggregate factor is on to-do list > and there is no reason to believe that performance would be worse than > reported in referred paper. Correction. Currently implemented aggregate factor in OpenSSL is 2, not 4. From trev at larock.ca Mon Jul 13 15:57:57 2015 From: trev at larock.ca (Trevor Larock) Date: Mon, 13 Jul 2015 08:57:57 -0700 Subject: [openssl-dev] connection memory usage Message-ID: <7906f369$69744979$4c189c78$@larock.ca> Hi, Regarding per connection memory usage, the 1.0.1 release stream appears to utilize slightly more memory when compared to 0.9.8. The design has evolved (ameth_lib, pmeth_lib etc) so likely working as designed, but is there any measurements/observations published in this area (or tips beyond SSL_OP_NO_COMPRESSION)? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From nikolavan at tuta.io Mon Jul 13 17:45:32 2015 From: nikolavan at tuta.io (nikolavan at tuta.io) Date: Mon, 13 Jul 2015 17:45:32 +0000 (UTC) Subject: [openssl-dev] AES-GCM for ARM: what is the status of the new work published by In-Reply-To: <55A3D63A.5000503@openssl.org> References: <> <55A3D63A.5000503@openssl.org> Message-ID: Hi Andy, I am very happy that my email caught your attention, and I thank you very much for the detailed answers!I will come back to you in 1 day or 2 on the technical questions, I will try to do more home works, as you said ;)In the meanwhile, I can just say that of course, I saw the code in OpenSSL for ARMv8, I went over it but I don't have the skills to understand it. You have been the main contributor to the whole ARM part of AES and GCM crypto in OpenSSL, so this is why I mentioned you. If I could contribute, I would do it, but I am afraid my skills in ASM programming for crypto algorithms are close to zero, and the OpenSSL community will keep depending on your excellent work for a while. Anyway, I am still learning and I will probably make some mistakes of understanding, please be patient with me, and let me know if there is some nonsense in what i write. I noticed that you integrated the bit-sliced version of AES in 2012 for ARMv7, probably following the work of Bernstein. And that for ARMv8, the code in OpenSSL is using the special AES instructions. It is also good to learn that you have been using all the hardware acceleration available in each platform (VMULL.P8, VMULL.P64 and PMULL) and that the vector permutation (following Gueron's intel contribution, i guess) technic is present in the code. I have questions about this vector permutation code, specially on the security aspect of it, but I need to do more home works before I can ask.? I know that some new cortices based on?ARMv8 don't have crypto extensions, but the risk of not having NEON is very low. I just want to point out that the paper and code published by the 2 Brazilian cryptographers (what i referred to in my previous message), contain improvements on both performance and security (they prevent some side channel attacks), and both for ARMv7 and ARMv8. While performance matters (a lot!), security matters even more, and this is my main concern. My question, as you understood, relates to ARMv8 32 and 64 bit, but also to ARMv7. In fact,?I am personally interested only in the ARMv7 code, and only for 128bit keys (but who cares about what I need. the community would need, i guess, both v7 and v8, and the 3 key lengths of AES). When I asked about what is the "status", I meant, how much of Gouvea and Lopez 's technics are present in OpenSSL code. You answered me on most of the technical details, and i need time to process all the information, and you also gave good details on the performances. But in fact, my question was more about the security aspect of Gouvea and Lopez's work, the way they prevent timing attacks. Can you tell us more about what is the situation of the code in OpenSSL on that matter? Thank you for your answers!All the best,Niko 13. Jul 2015 18:16 by appro at openssl.org: > Hi, > >> What is the status of the improvements on security and performance for >> AES-GCM on ARM published recently by Conrado P. L. Gouv?a, Julio L?pez ? >> >> Implementing GCM on ARMv8. Conrado P. L. Gouv?a, Julio L?pez. 2015 [1] >> Which details also the ARMv7 case, and was presented at the RSA >> Conference 2015 in the US, 2 months ago. >> The paper is here [2]. >> The code is available here [3] >> >> My question goes primarily to Andy Polyakov. >> >> Is there any plan for integrating the code into openssl ? > > I don't quite understand... On one hand you effectively imply that > OpenSSL doesn't have support for ARMv8 crypto extensions, which would > mean that you didn't do your homework. On the other hand you explicitly > call on me by name, which would mean that you did some homework... > > But in either case. OpenSSL does have support for ARMv8 crypto > extensions, and there are no "holes" in it in sense that it utilizes all > available extensions. And both 64- and 32-bit modes of operations are > supported. Or to be more specific in context of the question ARMv8 AES > instructions are used to implement AES-CTR and PMULL ones to implement > GHASH, the GCM components. But unlike referred code OpenSSL code is > endian-neutral (in sense that can be compiled for either endiannnes) and > supports all AES key lengths and more encryption modes including > decrypt. Looking at performance metrics, cycles per processed byte, for > referred code vs. OpenSSL: > > AES-128-CTR GHASH > Cortex A53 1.88/1.46 1.21/1.01 > Cortex A57 1.84/0.93 0.95/1.17 > Apple A7 1.21/1.20 0.51/0.92 > > OpenSSL code is organized so that AES-CTR and GHASH performance are > basically additive, so that you would have to add corresponding numbers > to obtain GCM result. > > As it can be seen OpenSSL GHASH is slower on Cortex A57 (but not sum of > CTR and GHASH) and Apple A7. There is explanation for that. One of GHASH > implementations parameters is "aggregate factor" that denotes amount of > multiplications that are performed prior reduction. OpenSSL uses factor > of 4, while referred code - 8. Higher aggregate factor is on to-do list > and there is no reason to believe that performance would be worse than > reported in referred paper. > > The paper also discusses non-crypto-extension code. It is a valid > question, because not all ARMv8 processors implement crypto extensions. > For example APM X-Gene doesn't, nor does Qualcomm Snapdragon 810. What's > going to happen there? As for AES. There was open question about which > NEON implementation would provide best all-round performance, i.e. > across range of processors. There were three contenders: a) > straight-forward vtbl-based implementation that can be found in Linux > kernel source tree; b) vector-permutation AES; c) bit-sliced AES. As it > turned out it's combination of b) and c) that provides best performance. > Vector-permutation code is already committed to source tree and existing > bit-sliced ARMv7 code will be adapted for 64-bit mode. On side note, > unlike original, OpenSSL bit-sliced AES module supports all key lengths > and more encryption modes, including decrypt. Performance metrics for > vector-permutation and bit-slices are collected in vpaes-armv8 module > (comparison to referred paper is left as exercise for reader). As for > non-crypto-extension GHASH, options are to be carefully examined and > course of action is to be determined. [On side note one also have to > keep in mind that even NEON support is specified to be optional.] > >> [1] >> https://www.rsaconference.com/writable/presentations/file_upload/cryp-w01-secure-and-efficient-implementation-of-aes-based-cryptosystems.pdf >> >> [2] >> http://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf >> >> [3] >> https://github.com/conradoplg/authenc -------------- next part -------------- An HTML attachment was scrubbed... URL: From appro at openssl.org Mon Jul 13 18:52:16 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 13 Jul 2015 20:52:16 +0200 Subject: [openssl-dev] AES-GCM for ARM: what is the status of the new work published by In-Reply-To: References: <> <55A3D63A.5000503@openssl.org> Message-ID: <55A408E0.2020401@openssl.org> > I noticed that you integrated the bit-sliced version of AES in 2012 for > ARMv7, probably following the work of Bernstein. Quoting bsaes-armv7 commentary section: # This implementation is direct adaptation of bsaes-x86_64 module for # ARM NEON. Then bsaes-x86_64: ### AES-128 [originally in CTR mode] ### ### bitsliced implementation for Intel Core 2 processors ### ### requires support of SSE extensions up to SSSE3 ### ### Author: Emilia K?sper and Peter Schwabe ### But as already mentioned unlike the original, OpenSSL module supports all key lengths and more modes including decrypt [and on ARM it's endian-neutral]. It's also optimized more aggressively than original. Code referred to in original message appears to be qhasm adaptation of one used as base for OpenSSL bsaes-x86_64 and as such shares original's limitations, 128-bit key and encrypt only (no idea about endian neutrality). > vector permutation (following Gueron's intel contribution, i guess) > technic is present in the code. Quoting vpaes-* commentary sections: ## Constant-time SSSE3 AES core implementation. ## version 0.1 ## ## By Mike Hamburg (Stanford University), 2009 ## Public domain. ## ## For details see http://shiftleft.org/papers/vector_aes/ and ## http://crypto.stanford.edu/vpaes/. > I just want to point out that the paper and code published by the 2 > Brazilian cryptographers (what i referred to in my previous message), > contain improvements on both performance and security (they prevent some > side channel attacks), and both for ARMv7 and ARMv8. While performance > matters (a lot!), security matters even more, and this is my main concern. Do your homework. If implied question is if different performance in OpenSSL means that it's achieved at cost of security properties such as resistance to side channel attacks, then answer would be no, all security properties are preserved. If that's what you want to figure out that is. > My question, as you understood, relates to ARMv8 32 and 64 bit, but also > to ARMv7. In fact, I am personally interested only in the ARMv7 code, > and only for 128bit keys (but who cares about what I need. the community > would need, i guess, both v7 and v8, and the 3 key lengths of AES). As far as NEON ARMv7 goes there is bit-sliced AES-CTR and GHASH that utilizes polynomial multiplication. Latter does use referred authors' ideas, quoting ghash-armv4 commentary section: # Switch to multiplication algorithm suggested in paper referred # below and combine it with reduction algorithm from x86 module. # Performance improvement over previous version varies from 65% on # Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8 # processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63, # Snapdragon S4 - in 9.33. # # C?mara, D.; Gouv?a, C. P. L.; L?pez, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. If you compare results to ones reported in this paper, you'll notice that OpenSSL results are significantly better. But not at the cost of security properties, as already mentioned. Just in case, "switch" means that there was NEON-based code, and it was too constant-time, but it was slower. Note that there is no vpaes-armv7, but you're probably less interested in it, because if it was present, it wouldn't be used for CTR and by extension for GCM anyway. From rt at openssl.org Mon Jul 13 18:58:07 2015 From: rt at openssl.org (Rich Salz via RT) Date: Mon, 13 Jul 2015 18:58:07 +0000 Subject: [openssl-dev] [openssl.org #3941] Site: deprecated page In-Reply-To: References: Message-ID: updated, thanks. changes will propagate to website in an hour or so. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From doctor at doctor.nl2k.ab.ca Tue Jul 14 07:41:45 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue, 14 Jul 2015 01:41:45 -0600 Subject: [openssl-dev] Issue with openssl 1.0.2 20150713 SNAP Message-ID: <20150714073648.GA5624@doctor.nl2k.ab.ca> Script started on Mon Jul 13 09:31:31 2015 doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150713$ make test testing... (cd ..; make build_libcrypto) making all in crypto... ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o mem_clr.o test -z "" || ar r ../libcrypto.a fipscanister.o /usr/bin/ranlib ../libcrypto.a || echo Never mind. making all in crypto/objects... ------snip ---- B->A s2 Alice's key = B068AC36CDC90250641AF4606E0048DF3A0561553C08B83C99C789BB39B939A684107038372C535A0705643C3F2851F566479DEF3C793D73051940EC874CD99524B381D048E165AD8F7BEF0A319C02C2CA573BB677CEC4ADAAAC20D3572953446879ACC3D7AFBCDA30CE5D763513C1341E4140D6F0943532C200D930EA11670 Bob's key = 9EA673E21E39CE73EBEA90F05BA0D27E98AEC0656F7965BC53288161B0650EC39DB113A9B9934C09F992F510B30213D78FA9CDC060EDAC89DEAFD0567A9DC96AF16DA36EED7E2C3260452EDBB9FFB865604468214A2585356AAAF8DA6DB692A5462EE70130B33815E99CB2EDE1869228D6B412A052B723105B0967BF7D3B1634 A->B s3a Bob fails to process Alice's step 3a 134523940:error:3106706A:lib(49):JPAKE_STEP3A_process:hash of hash of key mismatch:jpake.c:468: Test SRP ../util/shlib_wrap.sh ./srptest ls: error initializing month strings N = EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3 g = 2 Salt = CA7A12BF214AD8B48AFFA57DCF53C7C0C61A54 Verifier = 7066AEA8AB18B0821E5D3CD00F7F98CB94C78DB253AA06575FBC03E7520F88A467E99EA465C3C8A097088EDE96B29C736352E99BCE732873AFFAB3598E7AE1D257B9AD904D962352CF6342FEB3327BC1E502AB3D74BF45DB2AA861881BFCDCC8F51C70B4630D540C13E87907C9E23444FFE343839A871B87407B47F9EEFF2403 b = 3F3EED693B0D07C9634D5F85D892973F35D06EF19FE3271AD01DC28955487B2F B = DF16088E6D7FC3EB530D871CC409C8540E574E67C37E2C14CDE8E9FB438F0B0CCAF4C828B20FA3120DD480E9055274293A222CCBEDDE81C4933644C26FB37CC40576A5D8FF79819692D387D5BA93C30EAE81DD17CDFC27EFB09B3EFA6756715553173CC10F95F87A4589A1B4EFD5352A11399F30D5CED778C21AE3D86BB98F14 a = 2A4108A36B01C8AC1AC717476D07F7252C6363CA496067FEA674EEA26C5BDA7C A = E7BB81797A777379FE47D5DFDBE4068F428D62C995A8B807C3169AEB50BE9C26D2CEA69B1629C7BBE8F32832D789E75FEEE4ED58168BF2705C81654D1CC49C2F7C89EA2C60485CA8423C1805C0C9777DE435A80C3EDD68BC88330AA56ACF31BE11197D49DFB535B0A8B49A8A00BBFF28B5E4CE1F1E415A1DBB4D31572F2207E2 Client's key = B78BA41033BAE5A590D21D8FBE32123D3A83E74B0133B93A197471A5F7326222114683CED5462D37C815B786929C477E4AF9B38B43B319E7010ACE79257CCC878391AF7FB3F31AB91135206C51DFAB660B15A9ADAFB4DE68C9B36A69B07088551F54110D7C850908778B8722CD1D2AB6EEA4D86EC964CB9417201F6363864CF0 Server's key = 18C1C2AB1FDC019A6A1232D757067112351DB1595E2CA72482A99B8C10EA7143CB5902C5EE54032FBBB74E24DF82D494D64D0A770EE5DFB1A7E5DCC254D95A3355627CC89EE5068BA27742BB7D7161F96F4168B7D11CF096FD58B98952BCB951A4370795BAA3DF0B50E42D3A6E5292ED6ABA90823D3E443E19ECFAC2A20BCE87 Keys mismatch N = EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3 g = 2 Salt = 2A2BF6FB6389674026167D5FF7B927BBD064C7B9 Verifier = 180623D9BD188CC0F1894A3904E1104A40ED12C04971E9F490963FEDAD1AB2C7321BA3BE917647EB3F1C1DD37B31C8E042C87A107CA365548F74D8F7CED9B69EABDCF431EEC3A31683C707D3D03FC50AF7B8ADEABE8EBB79B5804C4AC5E4CE25D170412C7C4C5A5C647374DC87B8477144409192850785847CC33CFC6C6829BE b = 6EFC82296DC581D66CE1215E92880C1488CC8D3D119C2B6E9D75404B44FA4485 B = 1A522B755B2109D112BA6C021A909A981A9EC97A0D9D8CCDAAC56DCDD12D6279240DC49660347A4D5C32B04D186D27E8B7986DDF5228E2063D48CD82AC3A6E871EDFE6D7F1A630D8255A793A2603A7FF499A0A82E2D786CE7CC11800EE330EF545278C3A5990282590682D054DBADC56CD21432C661D1B2E67DFD1E631343E00 a = 1C38E9768B7C774C5FD19B7DF566D245741525FDEBA8D97C2C6B3FE08EC9391C A = DBE7BD72650C98D39F9F17842E7EA989D8F795B870E4F72D6A36A5A17C8E7A1DE5D1F372405EF46A51641F91B678E563D042B12E22D1BE65299B79EF725DCD7FF2AFD51D560D1A82190781D8AACC411A64C6DF2934BD88B81E567AFC801F6DDA3CEE7D37D170A6A7878EBBC2F71716612364CCD53BAFB98B6D6BDDB99D163B7A Client's key = B2B40F4E998845AC21E57FBD0446DF0E7B44CDAA903C8027E143C891482B93D7DB51C7AD52587679F2A72BCB2848DF1BE5327C4337332292EC436C335795813E21F607A803FCF31703B6C7BF3FBD58F3310055D8D8D9FDF39C574A30A283AD3BD713DE86DDE1BCF0A97A160FC9693AE9C9700332BBD3030D5F01BDF390A12F28 Server's key = B2B40F4E998845AC21E57FBD0446DF0E7B44CDAA903C8027E143C891482B93D7DB51C7AD52587679F2A72BCB2848DF1BE5327C4337332292EC436C335795813E21F607A803FCF31703B6C7BF3FBD58F3310055D8D8D9FDF39C574A30A283AD3BD713DE86DDE1BCF0A97A160FC9693AE9C9700332BBD3030D5F01BDF390A12F28 CMS consistency test /root/bin/perl5 cms-test.pl ls: error initializing month strings ls: error initializing month strings ls: error initializing month strings ls: error initializing month strings CMS => PKCS#7 compatibility tests signed content DER format, RSA key: OK signed detached content DER format, RSA key: OK signed content test streaming BER format, RSA: OK signed content DER format, DSA key: OK signed detached content DER format, DSA key: OK signed detached content DER format, add RSA signer: OK signed content test streaming BER format, DSA key: OK signed content test streaming BER format, 2 DSA and 2 RSA keys: OK signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes: OK signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: verify error *** Error code 1 Stop. *** Error code 1 Stop. doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150713$ x sh: x: command not found doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20150713$ exit exit Script done on Mon Jul 13 09:52:44 2015 Please fix -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Abuse a man unjustly, and you will make friends for him. -Edgar Watson Howe From dthompson at cardconnect.com Tue Jul 14 08:36:30 2015 From: dthompson at cardconnect.com (David Thompson) Date: Tue, 14 Jul 2015 08:36:30 +0000 Subject: [openssl-dev] [openssl.org #3938] Website ciphers.html specifies DHE-RSA-DES-CBC3-SHA, OpenSSL needs EDH-RSA-DES-CBC3-SHA In-Reply-To: References: Message-ID: <7C7B83BD5B04E744A206B6F55159E444B07FCF31@MSG1.ftservice.local> > From: openssl-dev On Behalf Of James A. T. Rice via RT > Sent: Saturday, July 11, 2015 17:19 > From https://www.ietf.org/rfc/rfc4346.txt > CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; > > From https://www.openssl.org/docs/apps/ciphers.html > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA > > From ?openssl ciphers -V | grep 0x16? > 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA > Enc=3DES(168) Mac=SHA1 > > DHE-RSA-DES-CBC3-SHA (on the website) vs > EDH-RSA-DES-CBC3-SHA (actually usuable) > OpenSSL used nonstandard spelling EDH for 6 old suites; 1.0.2 (post-beta) added "correct" spelling DHE as an alias. Website doc is for current (development) version; doc for older versions is included in the tarballs for those versions. ________________________________ THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information protected from disclosure and intended only for the use of the recipient(s) named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message or any attachments is strictly prohibited. If you have received this communication in error, please notify CardConnect immediately by replying to this message and then delete this message and any attachments from your computer. From rt at openssl.org Tue Jul 14 08:36:51 2015 From: rt at openssl.org (David Thompson via RT) Date: Tue, 14 Jul 2015 08:36:51 +0000 Subject: [openssl-dev] [openssl.org #3938] Website ciphers.html specifies DHE-RSA-DES-CBC3-SHA, OpenSSL needs EDH-RSA-DES-CBC3-SHA In-Reply-To: <7C7B83BD5B04E744A206B6F55159E444B07FCF31@MSG1.ftservice.local> References: <7C7B83BD5B04E744A206B6F55159E444B07FCF31@MSG1.ftservice.local> Message-ID: > From: openssl-dev On Behalf Of James A. T. Rice via RT > Sent: Saturday, July 11, 2015 17:19 > From https://www.ietf.org/rfc/rfc4346.txt > CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; > > From https://www.openssl.org/docs/apps/ciphers.html > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA > > From ?openssl ciphers -V | grep 0x16? > 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA > Enc=3DES(168) Mac=SHA1 > > DHE-RSA-DES-CBC3-SHA (on the website) vs > EDH-RSA-DES-CBC3-SHA (actually usuable) > OpenSSL used nonstandard spelling EDH for 6 old suites; 1.0.2 (post-beta) added "correct" spelling DHE as an alias. Website doc is for current (development) version; doc for older versions is included in the tarballs for those versions. ________________________________ THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information protected from disclosure and intended only for the use of the recipient(s) named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message or any attachments is strictly prohibited. If you have received this communication in error, please notify CardConnect immediately by replying to this message and then delete this message and any attachments from your computer. From rt at openssl.org Tue Jul 14 17:14:08 2015 From: rt at openssl.org (Matthew A. Brannigan via RT) Date: Tue, 14 Jul 2015 17:14:08 +0000 Subject: [openssl-dev] [openssl.org #3942] Patch to fix issue with HMAC_init_ex in 1.0.1 In-Reply-To: <55A52AE6.5030809@cisco.com> References: <55A52AE6.5030809@cisco.com> Message-ID: During testing with strongswan 5.1.3, an issue with openssl 1.0.1o was found. Openssl 1.0.1o has added code in HMAC_Init_ex() to detect changing of message digest function. But that does not work when the context has just been initialized with HMAC_CTX_init(). In this case, ctx->md will be NULL after initialization and will not equal to the function returned by EVP_sha256() and passed to HMAC_Init_ex(). Enclosed is a patch and test case. -------------- next part -------------- diff -urN openssl-1.0.1p.orig/crypto/hmac/hmac.c openssl-1.0.1p/crypto/hmac/hmac.c --- openssl-1.0.1p.orig/crypto/hmac/hmac.c 2015-07-09 08:21:24.000000000 -0400 +++ openssl-1.0.1p/crypto/hmac/hmac.c 2015-07-14 11:15:21.754743504 -0400 @@ -88,7 +88,7 @@ } #endif /* If we are changing MD then we must have a key */ - if (md != NULL && md != ctx->md && (key == NULL || len < 0)) + if (md != NULL && md != ctx->md && ctx->md != NULL && (key == NULL || len < 0)) return 0; if (md != NULL) { -------------- next part -------------- #include #include #include #include int main(int argc, char ** argv) { HMAC_CTX ctx; int ret; HMAC_CTX_init(&ctx); ret = HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL); if (ret == 0) { printf("Failed\n"); return 1; } printf("Success\n"); return 0; } -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Jul 14 18:05:17 2015 From: rt at openssl.org (Mahender Singh via RT) Date: Tue, 14 Jul 2015 18:05:17 +0000 Subject: [openssl-dev] [openssl.org #3943] Vulnerability Report In-Reply-To: References: Message-ID: Dear Sir / Madam , This is* Mahender Singh* *Security Researcher* from *India*, i have found bug that i would like to share with your security team, this bug is related server file discloser, i have explain deeply as follows, *Vulnerability* : GIT Config *Vulnerable link *: www.openssl.org *Payload =* .git/config *then final url *= http://www.openssl.org/.git/config I have Attached POC as follow *Refer URL* http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability-with-git-config.aspx https://blog.netspi.com/dumping-git-data-from-misconfigured-web-servers/ https://www.owasp.org/index.php/Top_10_2013-A5 I have given enough details of Vulnerability if you need anything else you can contact me at my mail id mahendersingh2706 at gmail .com Hope you will patch this as soon as. Thank You Regarding *Mahender Singh* *Cyber Security Researcher* -------------- next part -------------- A non-text attachment was scrubbed... Name: git_config.png Type: image/png Size: 28255 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Jul 14 19:10:58 2015 From: rt at openssl.org (Richard Levitte via RT) Date: Tue, 14 Jul 2015 19:10:58 +0000 Subject: [openssl-dev] [openssl.org #3943] Vulnerability Report In-Reply-To: References: Message-ID: Problem fixed. Thanks. Vid Tue, 14 Jul 2015 kl. 18.05.17, skrev mahendersingh2706 at gmail.com: > Dear Sir / Madam , > > > This is* Mahender Singh* *Security Researcher* from *India*, > i have found bug that i would like to share with your security team, > this > bug is related server file discloser, i have explain deeply as > follows, > > *Vulnerability* : GIT Config > > *Vulnerable link *: www.openssl.org > > *Payload =* .git/config > > *then final url *= http://www.openssl.org/.git/config > > > I have Attached POC as follow > > > *Refer URL* > > http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability- > with-git-config.aspx > > https://blog.netspi.com/dumping-git-data-from-misconfigured-web- > servers/ > > https://www.owasp.org/index.php/Top_10_2013-A5 > > > I have given enough details of Vulnerability if you need anything else > you > can contact me at my mail id mahendersingh2706 at gmail > .com > > Hope you will patch this as soon as. > > Thank You > > Regarding > *Mahender Singh* > *Cyber Security Researcher* -- Richard Levitte levitte at openssl.org From rt at openssl.org Tue Jul 14 19:21:25 2015 From: rt at openssl.org (Mahender Singh via RT) Date: Tue, 14 Jul 2015 19:21:25 +0000 Subject: [openssl-dev] [openssl.org #3943] Vulnerability Report In-Reply-To: References: Message-ID: Dear Sir Glad for your quick and fast response and implementation. I have heard about your bounty program over Hackerone. As I did ethical work I am hoping some bounty in good faith from your end. Thank you Regarding Mahender Singh On Wed, Jul 15, 2015 at 12:40 AM, Richard Levitte via RT wrote: > Problem fixed. > > Thanks. > > Vid Tue, 14 Jul 2015 kl. 18.05.17, skrev mahendersingh2706 at gmail.com: > > Dear Sir / Madam , > > > > > > This is* Mahender Singh* *Security Researcher* from *India*, > > i have found bug that i would like to share with your security team, > > this > > bug is related server file discloser, i have explain deeply as > > follows, > > > > *Vulnerability* : GIT Config > > > > *Vulnerable link *: www.openssl.org > > > > *Payload =* .git/config > > > > *then final url *= http://www.openssl.org/.git/config > > > > > > I have Attached POC as follow > > > > > > *Refer URL* > > > > http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability- > > with-git-config.aspx > > > > https://blog.netspi.com/dumping-git-data-from-misconfigured-web- > > servers/ > > > > https://www.owasp.org/index.php/Top_10_2013-A5 > > > > > > I have given enough details of Vulnerability if you need anything else > > you > > can contact me at my mail id mahendersingh2706 at gmail > > .com > > > > Hope you will patch this as soon as. > > > > Thank You > > > > Regarding > > *Mahender Singh* > > *Cyber Security Researcher* > > > -- > Richard Levitte > levitte at openssl.org > > From openssl-users at dukhovni.org Tue Jul 14 19:31:06 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Tue, 14 Jul 2015 19:31:06 +0000 Subject: [openssl-dev] [openssl.org #3943] Vulnerability Report In-Reply-To: References: Message-ID: <20150714193106.GD28047@mournblade.imrryr.org> On Tue, Jul 14, 2015 at 07:21:25PM +0000, Mahender Singh via RT wrote: > Glad for your quick and fast response and implementation. I have heard > about your bounty program over Hackerone. As I did ethical work I am hoping > some bounty in good faith from your end. OpenSSL is an open-source project distributed to users at no cost. We appreciate all contributions to the OpenSSL project. Thank you for your contribution. If you feel your findings qualify for a bounty per the conditions at: https://hackerone.com/openssl you can follow up with the contacts listed on that page. My best guess is that a minor misconfiguration of the OpenSSL project website is not a compromise of the OpenSSL software and does not qualify. -- Viktor. From rt at openssl.org Tue Jul 14 20:13:08 2015 From: rt at openssl.org (Andy Polyakov via RT) Date: Tue, 14 Jul 2015 20:13:08 +0000 Subject: [openssl-dev] [openssl.org #3932] Compilation Bug Report In-Reply-To: <55A56D52.5000009@openssl.org> References: <55A56D52.5000009@openssl.org> Message-ID: jean-christophe manciot via RT wrote: > *Ubuntu Server 15.04* > *OpenSSL 1.0.2d sources from https://github.com/openssl/openssl > * > > root at msi-ge60 > :/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl#* ./config* > Operating system: x86_64-whatever-linux2 > Configuring for linux-x86_64 > Configuring for linux-x86_64 > no-deprecated [default] OPENSSL_NO_DEPRECATED (skip dir) > no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip > dir) > no-gmp [default] OPENSSL_NO_GMP (skip dir) > no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) > no-md2 [default] OPENSSL_NO_MD2 (skip dir) > no-rc5 [default] OPENSSL_NO_RC5 (skip dir) > no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir) > no-sctp [default] OPENSSL_NO_SCTP (skip dir) > no-shared [default] > no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) > no-store [experimental] OPENSSL_NO_STORE (skip dir) > no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) > no-zlib [default] > no-zlib-dynamic [default] > IsMK1MF=0 > CC =gcc > CFLAG =-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H > -Wa,--noexecstack -m64 -DL_ENDIAN -Wall -O3 -DOPENSSL_IA32_SSE2 > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM > -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM > EX_LIBS =-ldl > CPUID_OBJ =x86_64cpuid.o > BN_ASM =x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o > rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o > EC_ASM =ecp_nistz256.o ecp_nistz256-x86_64.o > DES_ENC =des_enc.o fcrypt_b.o > AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o > aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o > BF_ENC =bf_enc.o > CAST_ENC =c_enc.o > RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o > RC5_ENC =rc5_enc.o > MD5_OBJ_ASM =md5-x86_64.o > SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o > sha1-mb-x86_64.o sha256-mb-x86_64.o > RMD160_OBJ_ASM= > CMLL_ENC =cmll-x86_64.o cmll_misc.o > MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o > ENGINES_OBJ =e_padlock-x86_64.o > PROCESSOR = > RANLIB =/usr/bin/ranlib > ARFLAGS = > PERL =/usr/bin/perl > SIXTY_FOUR_BIT_LONG mode > DES_UNROLL used > DES_INT used > RC4_CHUNK is unsigned long > > Configured for linux-x86_64. First of all I'd like to point out that this doesn't look like 1.0.2, rather master branch. 1.0.2 would have a lot of additional lines between last two lines. This is just to ensure that expectations are correct. > root at msi-ge60:/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl# > *make* > making all in crypto... > ... > ake[2]: Entering directory > '/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl/apps' > ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; > LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT > -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -Wall -O3 > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM > -DECP_NISTZ256_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e > 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; > LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o > ${APPNAME:=openssl} openssl.o asn1pars.o ca.o ciphers.o cms.o crl.o > crl2p7.o dgst.o dhparam.o dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o > errstr.o gendsa.o genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o > pkcs7.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o > rsautl.o s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o > srp.o ts.o verify.o version.o x509.o apps.o opt.o s_cb.o s_socket.o > app_rand.o ${LIBDEPS} ) > speed.o: In function `speed_main': > *speed.c:(.text+0x980): undefined reference to `RC4_set_key'* > *speed.c:(.text+0x15d3): undefined reference to `RC4'* I can't reproduce the problem. Is it possible that you used the directory for another config and didn't 'make clean' in between? What does '(cd crypto/rc4; make)' print? I'd suggest to download openssl-1.0.2d.tar.gz from ftp.openssl.org and try to build from scratch. From rt at openssl.org Tue Jul 14 21:43:20 2015 From: rt at openssl.org (Andy Polyakov via RT) Date: Tue, 14 Jul 2015 21:43:20 +0000 Subject: [openssl-dev] [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() In-Reply-To: <55A58276.7030303@openssl.org> References: <559F0094.5060908@oracle.com> <55A58276.7030303@openssl.org> Message-ID: Hi, Misaki.Miyashita wrote: > Hi Rick, > > Can you run the truss(1) command when you run "openssl version" as follows? > > i.e. > % truss -lf -u libcrypto:: -u libpkcs11:: -o /tmp/truss.out openssl version > > The output will tell you more information about the function calls made > by the openssl(1) application. > > Thank you, > > -- misaki Misaki, There were couple of private reports that make me think that there is what can be classified as kernel bug. When processor hits unimplemented instruction an exception is risen and it's either handled by in-kernel emulator or passed down to application as SIGILL. Consider http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3caeef94bd045608af03b061643992e3afd9c445. Problem there was that emulator was failing to handle 16-bit load in delay slot. This was on T1 (as commit message suggests) where 16-bit load is emulated. Another example (not reflected in history) is T4 detection that had to be guarded by VIS3 flag. Trouble there is that rd %asr26,%o0 sends application into endless uninterruptible loop. "Uninterruptible" means that you can't terminate application with ctrl-c or even suspend it with ctrl-z. The only thing that works is to kill -KILL from another window (never tried to kill -ILL or -BUG as OP suggested). Note that all these probes was developed and verified to work on Linux, which handles both cases gracefully. Which is basically why one can argue that it's Solaris kernel bug. Rick, You are likely to suffer from second part of above problem description. At least it's coherent with private report, and the fact that T3 is first processor to implement VIS3, when T4 detection probe (above mentioned rd %asr26,%o0) is guarded by VIS3 capability. If you can confirm that neither ctrl-c or ctrl-z work with hung program, then that's more than likely it. As for what to do. If running with OPENSSL_sparcv9cap set system-wide to appropriate value (0x20 would be right for T3) is not an option, then you'd have to modify OPENSSL_cpuid_setup. If your Solaris version running on T3 is new enough attached patch should do the trick. Can you verify it? > On 07/09/15 16:34, Puckett, Rick via RT wrote: >> Request: Bug Report >> >> Hello, >> >> I recently compiled OpenSSL 1.0.2(c,d) for Solaris 5.10 using GCC >> 4.8.2 on an UltraSPARC 45 and our group tested it on several different >> types of other systems (V245, T4, T3, etc...) and it runs as expected >> on all systems except the T3 where it hangs - even for a simple call >> like "openssl version". The process continues normally when sent >> either a SIGBUS or SIGILL. >> >> I believe I've tracked it down to the function "OPENSSL_cpuid_setup" >> in the file "crypto/sparcv9cap.c" after the initial sigaction calls to >> set the signal handlers for SIGILL and SIGBUS and before the trailing >> sigaction calls to reset the handlers for SIGILL and SIGBUS. There's >> a partial dtrace listing below, generated by my colleague Carolyn, >> with the last output lines showing the sigaction calls for SIGILL then >> SIGBUS (the trailing sigaction calls are in the reverse order in the >> code). >> >> The "OPENSSL_cpuid_setup" function supports reading the environment >> variable "OPENSSL_sparcv9cap" to skip further processing and setting >> this variable (to anything) prevents the process from hanging, so I'm >> also encouraged that the issue resides within this function, but am, >> obviously, hesitant to rely on this as an operational solution ... >> >> Is there any other information I can provide you and/or anything I can >> do on my side to investigate and resolve this. >> >> Thank you, >> - Rick >> >> >> 4503: lwp_sigmask(SIG_SETMASK, 0xFFBFF827, 0x0000FFF7) = 0xFFBFFEFF >> [0x0000FFFF] >> >> 4503: sigaction(SIGILL, 0xFFBFEC10, 0xFFBFECF0) = 0 >> >> 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 >> flags = 0x0000 >> >> 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 >> >> 4503: sigaction(SIGBUS, 0xFFBFEC10, 0xFFBFED10) = 0 >> >> 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 >> flags = 0x0000 >> >> 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 >> >> >> >> >> >> _______________________________________________ >> openssl-bugs-mod mailing list >> openssl-bugs-mod at openssl.org >> https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod >> >> >> _______________________________________________ >> openssl-dev mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -------------- next part -------------- diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index 8bf2846..a36e461 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -237,6 +237,17 @@ static void common_handler(int sig) siglongjmp(common_jmp, sig); } +#if defined(__sun) && defined(__SVR4) +# if defined(__GNUC__) && __GNUC__>=2 +extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak)); +# elif defined(__SUNPRO_C) +#pragma weak getisax +extern unsigned int getisax(unsigned int vec[], unsigned int sz); +# else +static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL; +# endif +#endif + void OPENSSL_cpuid_setup(void) { char *e; @@ -255,6 +266,42 @@ void OPENSSL_cpuid_setup(void) return; } +#if defined(__sun) && defined(__SVR4) + if (getisax != NULL) { + unsigned int vec[1]; + + if (getisax (vec,1)) { + if (vec[0]&0x0020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1; + if (vec[0]&0x0040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; + if (vec[0]&0x0080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK; + if (vec[0]&0x0100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; + if (vec[0]&0x0400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; + + /* reconstruct %cfr copy */ + OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff; + OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1; + if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C; + + /* Some heuristics */ + /* all known VIS2-capable CPUs have unprivileged tick counter */ + if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2) + OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + + OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; + + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) && + _sparcv9_vis1_instrument() >= 12) + OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); + } + + if (sizeof(size_t) == 8) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; + + return; + } +#endif + /* Initial value, fits UltraSPARC-I&II... */ OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; From rt at openssl.org Tue Jul 14 22:12:17 2015 From: rt at openssl.org (P Holder via RT) Date: Tue, 14 Jul 2015 22:12:17 +0000 Subject: [openssl-dev] [openssl.org #3944] OpenSSL command line tool feature request In-Reply-To: References: Message-ID: Right now, if I do add randomness from a file I get, for example: OpenSSL> rand -rand r:\temp\randgen.bytes 0 Loading 'screen' into random state - done 10 semi-random bytes loaded I'd like the option to remove the step the causes "Loading 'screen' into random state - done" if I supply my own file. I have a true random number generating HSM and I don't need the screen input and in the case I am have, I can't guarantee the "quality" of the screen, so want it excluded. Thanks for any consideration. Paul _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Jul 14 23:29:36 2015 From: rt at openssl.org (Puckett, Rick via RT) Date: Tue, 14 Jul 2015 23:29:36 +0000 Subject: [openssl-dev] EXT :Re: [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() In-Reply-To: <6c3b4e24ea0e450bb184117107dfe749@XCGVAG22.northgrum.com> References: <559F0094.5060908@oracle.com> <55A58276.7030303@openssl.org> <6c3b4e24ea0e450bb184117107dfe749@XCGVAG22.northgrum.com> Message-ID: Misaki, Andy, I ran the truss command line you specified on the Sun T-3 and had to kill -9 the process as Ctrl-C and Ctrl-Z did not work. Attached is the truss.log output and below are the last few lines of that file where the process was hung up. Setting OPENSSL_sparcv9cap to "0x20" (or even "0") allowed the program to complete (the code looks like it bypasses the probes if this is set to anything), though I don't know the operational ramifications of any value. If this helps, I noted that sending the process a "kill -BUS" or "kill -ILL" causes the process to complete normally, even if generating useful output, though I don't know the state of "OPENSSL_sparcv9cap_P" array or the correctness of any results under those circumstances, but the output of the "version" command is correct :-) I applied the patch you sent and configured/compiled using "solaris-sparcv9-gcc" and the program completes normally. As I am unable to use patched/unofficial code for our operational needs, what I did last week is use the following option to the OpenSSL Configure script "solaris-sparcv7-gcc" or "solaris-sparcv7-cc" (we use both GCC and Sun C) and that seemed to fix/bypass the problem on the T-3. Thank you again and please let me know if I can be of further assistance. - Rick 2783/1: sigaction(SIGILL, 0xFFBFF448, 0xFFBFF528) = 0 2783/1: sigaction(SIGBUS, 0xFFBFF448, 0xFFBFF548) = 0 2783/1 at 1: -> libcrypto:_sparcv9_rdtick(0x0, 0x1, 0x0, 0xa) 2783/1 at 1: <- libcrypto:_sparcv9_rdtick() = 0x99367288 2783/1 at 1: -> libcrypto:_sparcv9_vis1_probe(0x0, 0x1, 0x0, 0xa) 2783/1 at 1: <- libcrypto:_sparcv9_vis1_probe() = 0 2783/1 at 1: -> libcrypto:_sparcv9_vis1_instrument(0x0, 0xffbff48a, 0x0, 0xa) 2783/1 at 1: <- libcrypto:_sparcv9_vis1_instrument() = 19 2783/1 at 1: -> libcrypto:_sparcv9_fmadd_probe(0x0, 0x1, 0x0, 0x13) 2783/1 at 1: <- libcrypto:_sparcv9_fmadd_probe() = 0 2783/1 at 1: -> libcrypto:_sparcv9_vis3_probe(0x0, 0x1, 0x0, 0x13) 2783/1 at 1: <- libcrypto:_sparcv9_vis3_probe() = 0 2783/1 at 1: -> libcrypto:_sparcv9_rdcfr(0x0, 0xffbff548, 0x0, 0x13) -----Original Message----- From: Andy Polyakov via RT [mailto:rt at openssl.org] Sent: Tuesday, July 14, 2015 5:43 PM To: Puckett, Rick (IS) Cc: openssl-dev at openssl.org Subject: EXT :Re: [openssl-dev] [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() Hi, Misaki.Miyashita wrote: > Hi Rick, > > Can you run the truss(1) command when you run "openssl version" as follows? > > i.e. > % truss -lf -u libcrypto:: -u libpkcs11:: -o /tmp/truss.out openssl > version > > The output will tell you more information about the function calls > made by the openssl(1) application. > > Thank you, > > -- misaki Misaki, There were couple of private reports that make me think that there is what can be classified as kernel bug. When processor hits unimplemented instruction an exception is risen and it's either handled by in-kernel emulator or passed down to application as SIGILL. Consider http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3caeef94bd045608af03b061643992e3afd9c445. Problem there was that emulator was failing to handle 16-bit load in delay slot. This was on T1 (as commit message suggests) where 16-bit load is emulated. Another example (not reflected in history) is T4 detection that had to be guarded by VIS3 flag. Trouble there is that rd %asr26,%o0 sends application into endless uninterruptible loop. "Uninterruptible" means that you can't terminate application with ctrl-c or even suspend it with ctrl-z. The only thing that works is to kill -KILL from another window (never tried to kill -ILL or -BUG as OP suggested). Note that all these probes was developed and verified to work on Linux, which handles both cases gracefully. Which is basically why one can argue that it's Solaris kernel bug. Rick, You are likely to suffer from second part of above problem description. At least it's coherent with private report, and the fact that T3 is first processor to implement VIS3, when T4 detection probe (above mentioned rd %asr26,%o0) is guarded by VIS3 capability. If you can confirm that neither ctrl-c or ctrl-z work with hung program, then that's more than likely it. As for what to do. If running with OPENSSL_sparcv9cap set system-wide to appropriate value (0x20 would be right for T3) is not an option, then you'd have to modify OPENSSL_cpuid_setup. If your Solaris version running on T3 is new enough attached patch should do the trick. Can you verify it? > On 07/09/15 16:34, Puckett, Rick via RT wrote: >> Request: Bug Report >> >> Hello, >> >> I recently compiled OpenSSL 1.0.2(c,d) for Solaris 5.10 using GCC >> 4.8.2 on an UltraSPARC 45 and our group tested it on several >> different types of other systems (V245, T4, T3, etc...) and it runs >> as expected on all systems except the T3 where it hangs - even for a >> simple call like "openssl version". The process continues normally >> when sent either a SIGBUS or SIGILL. >> >> I believe I've tracked it down to the function "OPENSSL_cpuid_setup" >> in the file "crypto/sparcv9cap.c" after the initial sigaction calls >> to set the signal handlers for SIGILL and SIGBUS and before the >> trailing sigaction calls to reset the handlers for SIGILL and SIGBUS. >> There's a partial dtrace listing below, generated by my colleague >> Carolyn, with the last output lines showing the sigaction calls for >> SIGILL then SIGBUS (the trailing sigaction calls are in the reverse >> order in the code). >> >> The "OPENSSL_cpuid_setup" function supports reading the environment >> variable "OPENSSL_sparcv9cap" to skip further processing and setting >> this variable (to anything) prevents the process from hanging, so I'm >> also encouraged that the issue resides within this function, but am, >> obviously, hesitant to rely on this as an operational solution ... >> >> Is there any other information I can provide you and/or anything I >> can do on my side to investigate and resolve this. >> >> Thank you, >> - Rick >> >> >> 4503: lwp_sigmask(SIG_SETMASK, 0xFFBFF827, 0x0000FFF7) = 0xFFBFFEFF >> [0x0000FFFF] >> >> 4503: sigaction(SIGILL, 0xFFBFEC10, 0xFFBFECF0) = 0 >> >> 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 >> flags = 0x0000 >> >> 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 >> >> 4503: sigaction(SIGBUS, 0xFFBFEC10, 0xFFBFED10) = 0 >> >> 4503: new: hand = 0xFEF4F824 mask = 0xFFBFFEFF 0x0000FFFF 0 0 >> flags = 0x0000 >> >> 4503: old: hand = 0x00000000 mask = 0 0 0 0 flags = 0x0000 >> >> >> >> >> >> _______________________________________________ >> openssl-bugs-mod mailing list >> openssl-bugs-mod at openssl.org >> https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod >> >> >> _______________________________________________ >> openssl-dev mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -------------- next part -------------- A non-text attachment was scrubbed... Name: truss.log Type: application/octet-stream Size: 10874 bytes Desc: not available URL: From rt at openssl.org Wed Jul 15 10:43:46 2015 From: rt at openssl.org (Maxim Gorbachyov via RT) Date: Wed, 15 Jul 2015 10:43:46 +0000 Subject: [openssl-dev] [openssl.org #3945] broken cross-compilation for BSD-x86_64 In-Reply-To: References: Message-ID: Hello. I'm trying to cross-build OpenSSL 1.0.2d for BSD-x86_64 (on linux host): ./Configure -no-idea -no-mdc2 -no-rc5 -D_GNU_SOURCE --cross-compile-prefix=x86_64-pc-freebsd8- BSD-x86_64 -no-asm && make depend ... Configured for BSD-x86_64. making depend in crypto... make[1]: Entering directory '.../openssl-1.0.2d/crypto' ../util/domd: 30: ../util/domd: makedepend: not found Indeed, configured for BSD-x86_64 openssl-1.0.2d/Makefile wants something strange: MAKEDEPPROG=makedepend For example, same thing when configured for BSD-x86: MAKEDEPPROG= $(CROSS_COMPILE)gcc I think the issue was introduced by this commit: === commit f877da9cedb95df94105d7292f8e0963175e58dc Author: Ben Laurie Date: Fri May 1 15:53:46 2015 +0100 Use cc instead of gcc so either clang or gcc is used as appropriate. Add clang flags needed to keep it happy. Reviewed-by: Richard Levitte === Among other changes it has: -"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", But Configure uses that "gcc" to get MAKEDEPPROG: s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; I'm not sure what is the best way to fix it. I'm able to cross-build for BSD-x86_64 with this line in Configure: "BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", , but "cc" is there for a reason, I guess. Could you please suggest how to fix it? _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From jochma at web.de Wed Jul 15 21:11:17 2015 From: jochma at web.de (jochma at web.de) Date: Wed, 15 Jul 2015 23:11:17 +0200 Subject: [openssl-dev] (no subject) Message-ID: An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Jul 16 00:49:48 2015 From: rt at openssl.org (jean-christophe manciot via RT) Date: Thu, 16 Jul 2015 00:49:48 +0000 Subject: [openssl-dev] [openssl.org #3932] Compilation Bug Report In-Reply-To: References: <55A56D52.5000009@openssl.org> Message-ID: "I can't reproduce the problem" It's because my report is already 1 week old and in the meantime, some commits have been made to solve this compilation issue. I'm now also able to build and install the current version. "First of all I'd like to point out that this doesn't look like 1.0.2, rather master branch. 1.0.2 would have a lot of additional lines between last two lines. This is just to ensure that expectations are correct." Yes, I've realized after installation that it is version 1.1.0-dev. I thought the master would be the stable version. On Tue, Jul 14, 2015 at 10:13 PM, Andy Polyakov via RT wrote: > jean-christophe manciot via RT wrote: > > *Ubuntu Server 15.04* > > *OpenSSL 1.0.2d sources from https://github.com/openssl/openssl > > * > > > > root at msi-ge60 > > :/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl#* > ./config* > > Operating system: x86_64-whatever-linux2 > > Configuring for linux-x86_64 > > Configuring for linux-x86_64 > > no-deprecated [default] OPENSSL_NO_DEPRECATED (skip dir) > > no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 > (skip > > dir) > > no-gmp [default] OPENSSL_NO_GMP (skip dir) > > no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) > > no-md2 [default] OPENSSL_NO_MD2 (skip dir) > > no-rc5 [default] OPENSSL_NO_RC5 (skip dir) > > no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir) > > no-sctp [default] OPENSSL_NO_SCTP (skip dir) > > no-shared [default] > > no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) > > no-store [experimental] OPENSSL_NO_STORE (skip dir) > > no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) > > no-zlib [default] > > no-zlib-dynamic [default] > > IsMK1MF=0 > > CC =gcc > > CFLAG =-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H > > -Wa,--noexecstack -m64 -DL_ENDIAN -Wall -O3 -DOPENSSL_IA32_SSE2 > > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m > > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM > > -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM > > EX_LIBS =-ldl > > CPUID_OBJ =x86_64cpuid.o > > BN_ASM =x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o > > rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o > > EC_ASM =ecp_nistz256.o ecp_nistz256-x86_64.o > > DES_ENC =des_enc.o fcrypt_b.o > > AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o > > aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o > > BF_ENC =bf_enc.o > > CAST_ENC =c_enc.o > > RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o > > RC5_ENC =rc5_enc.o > > MD5_OBJ_ASM =md5-x86_64.o > > SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o > > sha1-mb-x86_64.o sha256-mb-x86_64.o > > RMD160_OBJ_ASM= > > CMLL_ENC =cmll-x86_64.o cmll_misc.o > > MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o > > ENGINES_OBJ =e_padlock-x86_64.o > > PROCESSOR = > > RANLIB =/usr/bin/ranlib > > ARFLAGS = > > PERL =/usr/bin/perl > > SIXTY_FOUR_BIT_LONG mode > > DES_UNROLL used > > DES_INT used > > RC4_CHUNK is unsigned long > > > > Configured for linux-x86_64. > > First of all I'd like to point out that this doesn't look like 1.0.2, > rather master branch. 1.0.2 would have a lot of additional lines between > last two lines. This is just to ensure that expectations are correct. > > > root at msi-ge60 > :/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl# > > *make* > > making all in crypto... > > ... > > ake[2]: Entering directory > > '/home/actionmystique/Program-Files/Ubuntu/OpenSSL/git-open-ssl/apps' > > ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; > > LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT > > -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -Wall -O3 > > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 > > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > > -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM > > -DECP_NISTZ256_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed > -e > > 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; > > LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o > > ${APPNAME:=openssl} openssl.o asn1pars.o ca.o ciphers.o cms.o crl.o > > crl2p7.o dgst.o dhparam.o dsa.o dsaparam.o ec.o ecparam.o enc.o engine.o > > errstr.o gendsa.o genpkey.o genrsa.o nseq.o ocsp.o passwd.o pkcs12.o > > pkcs7.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o prime.o rand.o req.o rsa.o > > rsautl.o s_client.o s_server.o s_time.o sess_id.o smime.o speed.o spkac.o > > srp.o ts.o verify.o version.o x509.o apps.o opt.o s_cb.o s_socket.o > > app_rand.o ${LIBDEPS} ) > > speed.o: In function `speed_main': > > *speed.c:(.text+0x980): undefined reference to `RC4_set_key'* > > *speed.c:(.text+0x15d3): undefined reference to `RC4'* > > I can't reproduce the problem. Is it possible that you used the > directory for another config and didn't 'make clean' in between? What > does '(cd crypto/rc4; make)' print? I'd suggest to download > openssl-1.0.2d.tar.gz from ftp.openssl.org and try to build from scratch. > > > -- Jean-Christophe From rt at openssl.org Thu Jul 16 01:14:19 2015 From: rt at openssl.org (Rick Andrews via RT) Date: Thu, 16 Jul 2015 01:14:19 +0000 Subject: [openssl-dev] [openssl.org #3946] Enhancement request: Add support for RFC 5816 In-Reply-To: <544B0DD62A64C1448B2DA253C011414619231811EB@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> References: <544B0DD62A64C1448B2DA253C011414619231811EB@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> Message-ID: The OpenSSL time stamp code (crypto/ts_asn1.c) only supports RFC 3161. There is no support for any of the data structures such as signingcertificateV2 or ESSCertIDv2 defined in RFC 5816. Please consider adding support for the newer RFC. Thanks, -Rick Andrews -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5749 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Jul 16 21:41:21 2015 From: rt at openssl.org (Dmitry Belyavsky via RT) Date: Thu, 16 Jul 2015 21:41:21 +0000 Subject: [openssl-dev] [openssl.org #3947] Printing out X.509 extensions In-Reply-To: References: Message-ID: Hello, there is a problem to print out X.509 extensions correctly using the cmdline utility. There is no way to pass the flags specified by the "-nameopt" cmdline option to printing callbacks so non-ASCII strings are always print like "\xD0\x97\xD0\xB0\xD1...". It concerns, for example, X509_NAME structs in both X509v3 Subject Alternative Name and X509v3 Authority Key Identifier fields. Thank you! -- SY, Dmitry Belyavsky -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Jul 17 13:03:49 2015 From: rt at openssl.org (Nicholas Cooper via RT) Date: Fri, 17 Jul 2015 13:03:49 +0000 Subject: [openssl-dev] [openssl.org #3948] typos in openssl-1.0.2d In-Reply-To: <55A8FC4A.50905@gmail.com> References: <55A8FC4A.50905@gmail.com> Message-ID: The patch is for openssl-1.0.2d.tar.gz of which file the MD5 is 38dd619b2e77cbac69b99f52a053d25a -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl-1.0.2d.diff Type: text/x-patch Size: 2328 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From doctor at doctor.nl2k.ab.ca Sun Jul 19 12:05:26 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sun, 19 Jul 2015 06:05:26 -0600 Subject: [openssl-dev] Localised Error Message-ID: <20150719120526.GA26708@doctor.nl2k.ab.ca> What should I be looking at when signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: verify error occurs? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Abuse a man unjustly, and you will make friends for him. -Edgar Watson Howe From doctor at doctor.nl2k.ab.ca Sun Jul 19 13:26:11 2015 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Sun, 19 Jul 2015 07:26:11 -0600 Subject: [openssl-dev] Localised Error In-Reply-To: <20150719120526.GA26708@doctor.nl2k.ab.ca> References: <20150719120526.GA26708@doctor.nl2k.ab.ca> Message-ID: <20150719132611.GA13485@doctor.nl2k.ab.ca> On Sun, Jul 19, 2015 at 06:05:26AM -0600, The Doctor wrote: > What should I be looking at when > > signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: verify error > > occurs? > Further from the code i = X509_verify_cert(&cert_ctx); if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); X509_STORE_CTX_cleanup(&cert_ctx); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CERTIFICATE_VERIFY_ERROR); ERR_add_error_data(2, "Verify error:", X509_verify_cert_error_string(j)); sk_X509_free(signers); return 0; } I wonder what could cause such an error? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Abuse a man unjustly, and you will make friends for him. -Edgar Watson Howe From rt at openssl.org Mon Jul 20 05:21:00 2015 From: rt at openssl.org (Rich Salz via RT) Date: Mon, 20 Jul 2015 05:21:00 +0000 Subject: [openssl-dev] [openssl.org #3710] New EX_DATA indices should start at 1 In-Reply-To: References: Message-ID: This is fixed in master with 7e5363abe3c00d9db037f464f3c121e194bb5bb6. Not planning on backporting. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Mon Jul 20 13:03:05 2015 From: rt at openssl.org (Andy Polyakov via RT) Date: Mon, 20 Jul 2015 13:03:05 +0000 Subject: [openssl-dev] EXT :Re: [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() In-Reply-To: <55ACEFED.9050205@openssl.org> References: <559F0094.5060908@oracle.com> <55A58276.7030303@openssl.org> <6c3b4e24ea0e450bb184117107dfe749@XCGVAG22.northgrum.com> <55ACEFED.9050205@openssl.org> Message-ID: > I ran the truss command line you specified on the Sun T-3 and had to kill -9 the process as Ctrl-C and Ctrl-Z did not work. Attached is the truss.log output and below are the last few lines of that file where the process was hung up. truss.log also effectively confirms the hypotheses. > Setting OPENSSL_sparcv9cap to "0x20" (or even "0") allowed the program to complete (the code looks like it bypasses the probes if this is set to anything), though I don't know the operational ramifications of any value. You're correct that variable in question bypasses capability detection. Whole idea behind capability detection is to provide best performance. But setting wrong value can also cause crashes [because you'd be effectively forcing CPU to execute instructions it doesn't support]. For reference 0x20 is value that would normally have been set on T3 and means "use VIS3 extensions". The referred extensions are used for GHASH (~4.5x improvement) and BN (~2x improvement for RSA2048). Improvement coefficients are for T3 and relative to OPENSSL_sparcv9cap being set to 0. > I applied the patch you sent and configured/compiled using "solaris-sparcv9-gcc" and the program completes normally. > > As I am unable to use patched/unofficial code for our operational needs, What is criteria for being "official"? Explicitly released as tar-ball or just commit to repository? > what I did last week is use the following option to the OpenSSL Configure script "solaris-sparcv7-gcc" or "solaris-sparcv7-cc" (we use both GCC and Sun C) and that seemed to fix/bypass the problem on the T-3. That would do the trick, but under the circumstances you would be better off configuring with no-asm. This way you at least tell compiler to target SPARCv9. From steve at openssl.org Mon Jul 20 13:16:10 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 20 Jul 2015 13:16:10 +0000 Subject: [openssl-dev] Localised Error In-Reply-To: <20150719132611.GA13485@doctor.nl2k.ab.ca> References: <20150719120526.GA26708@doctor.nl2k.ab.ca> <20150719132611.GA13485@doctor.nl2k.ab.ca> Message-ID: <20150720131610.GA1661@openssl.org> On Sun, Jul 19, 2015, The Doctor wrote: > On Sun, Jul 19, 2015 at 06:05:26AM -0600, The Doctor wrote: > > What should I be looking at when > > > > signed content test streaming S/MIME format, 2 DSA and 2 RSA keys: verify error > > > > occurs? > > > > Further from the code > > i = X509_verify_cert(&cert_ctx); > if (i <= 0) > j = X509_STORE_CTX_get_error(&cert_ctx); > X509_STORE_CTX_cleanup(&cert_ctx); > if (i <= 0) { > PKCS7err(PKCS7_F_PKCS7_VERIFY, > PKCS7_R_CERTIFICATE_VERIFY_ERROR); > ERR_add_error_data(2, "Verify error:", > X509_verify_cert_error_string(j)); > sk_X509_free(signers); > return 0; > } > > I wonder what could cause such an error? > There should be two files cms.out and cms.err in the test directory if a CMS test fails. What is in them? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From vadim at mbdsys.com Mon Jul 20 14:09:50 2015 From: vadim at mbdsys.com (Vadiim Lebedev) Date: Mon, 20 Jul 2015 14:09:50 +0000 (UTC) Subject: [openssl-dev] PRNG function Message-ID: Hello, I'am attaching patch for crypto/rand/rnd_lcl.h which configures openssl to use SHA256 as hash function for PRNG.... This is a requirement form french "Agence nationale de securit? de services d'informtion" (ANSSI. I hope it will be accepted. ============================================================= --- /home/vadim/Downloads/openssl-1.0.1h/crypto/rand/rand_lcl.h 2014-06-05 11:41:30.000000000 +0200 +++ /tmp/new/rand_lcl.h 2015-07-20 16:07:58.513282954 +0200 @@ -115,7 +115,9 @@ #define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ -#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) +#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) && !defined(USE_SHA256_RAND) +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) +#define USE_SHA256_RAND #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) #define USE_SHA1_RAND #elif !defined(OPENSSL_NO_MD5) @@ -142,6 +144,11 @@ #define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH #define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) +#elif defined(USE_SHA256_RAND) +#include +#define MD_DIGEST_LENGTH SHA256_DIGEST_LENGTH +#define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha256(), NULL) +#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha256(), NULL) #elif defined(USE_MDC2_RAND) #include #define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH From agostrer at gmail.com Mon Jul 20 15:14:53 2015 From: agostrer at gmail.com (Alexander Gostrer) Date: Mon, 20 Jul 2015 08:14:53 -0700 Subject: [openssl-dev] Using keys from a hardware accelerator Message-ID: Hi All, I am working on an OpenSSL modification for a hardware accelerator who generates and uses private keys internally without a way to export/import them. The standard OpenSSL approach is to use keys from files. Is there any preferred way to point to keys in the hardware? There is more and more hardware on the market that people want to use directly from the OpenSSL. Thank you, Alex Gostrer -------------- next part -------------- An HTML attachment was scrubbed... URL: From erwann.abalea at opentrust.com Mon Jul 20 15:28:54 2015 From: erwann.abalea at opentrust.com (Erwann Abalea) Date: Mon, 20 Jul 2015 17:28:54 +0200 Subject: [openssl-dev] Using keys from a hardware accelerator In-Reply-To: References: Message-ID: <69630F31-496E-4A98-9F55-D8F9FD559CB1@opentrust.com> You?re looking for ENGINE objects. There?s maybe already an ENGINE directly supporting your hardware module. If your hardware thing has a PKCS#11 library, a PKCS#11 ENGINE exists. Cordialement, Erwann Abalea > Le 20 juil. 2015 ? 17:14, Alexander Gostrer a ?crit : > > Hi All, > > I am working on an OpenSSL modification for a hardware accelerator who generates and uses private keys internally without a way to export/import them. The standard OpenSSL approach is to use keys from files. Is there any preferred way to point to keys in the hardware? There is more and more hardware on the market that people want to use directly from the OpenSSL. > > Thank you, > Alex Gostrer > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From agostrer at gmail.com Mon Jul 20 15:48:48 2015 From: agostrer at gmail.com (Alexander Gostrer) Date: Mon, 20 Jul 2015 08:48:48 -0700 Subject: [openssl-dev] Using keys from a hardware accelerator In-Reply-To: <69630F31-496E-4A98-9F55-D8F9FD559CB1@opentrust.com> References: <69630F31-496E-4A98-9F55-D8F9FD559CB1@opentrust.com> Message-ID: Thank you, Erwann. I'll look into. Regards, Alex. On Mon, Jul 20, 2015 at 8:28 AM, Erwann Abalea wrote: > You?re looking for ENGINE objects. > There?s maybe already an ENGINE directly supporting your hardware module. > If your hardware thing has a PKCS#11 library, a PKCS#11 ENGINE exists. > > Cordialement, > Erwann Abalea > > > > > Le 20 juil. 2015 ? 17:14, Alexander Gostrer a > ?crit : > > > > Hi All, > > > > I am working on an OpenSSL modification for a hardware accelerator who > generates and uses private keys internally without a way to export/import > them. The standard OpenSSL approach is to use keys from files. Is there any > preferred way to point to keys in the hardware? There is more and more > hardware on the market that people want to use directly from the OpenSSL. > > > > Thank you, > > Alex Gostrer > > _______________________________________________ > > openssl-dev mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From janjust at nikhef.nl Mon Jul 20 15:21:30 2015 From: janjust at nikhef.nl (Jan Just Keijser) Date: Mon, 20 Jul 2015 17:21:30 +0200 Subject: [openssl-dev] Using keys from a hardware accelerator In-Reply-To: References: Message-ID: <55AD11FA.60009@nikhef.nl> Hi Alexander, Alexander Gostrer wrote: > Hi All, > > I am working on an OpenSSL modification for a hardware accelerator who > generates and uses private keys internally without a way to > export/import them. The standard OpenSSL approach is to use keys from > files. Is there any preferred way to point to keys in the hardware? > There is more and more hardware on the market that people want to use > directly from the OpenSSL. > There is a standard for this, PKCS#11, that is fairly well supported by OpenSSL. Numerous hardware tokens and smartcards exist that can interact with OpenSSL (via engine_pkcs11). I have personal experience with various usb hardware tokens from Feitian and Aladdin/SafeNet. The main feature of such tokens is that indeed the private key cannot be exported from the device. hope this helps, JJK / Jan Just Keijser From rt at openssl.org Mon Jul 20 16:16:31 2015 From: rt at openssl.org (Puckett, Rick via RT) Date: Mon, 20 Jul 2015 16:16:31 +0000 Subject: [openssl-dev] EXT :Re: [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() In-Reply-To: <391abb9b5bf5456db193f6e54586d43e@XCGVAG22.northgrum.com> References: <559F0094.5060908@oracle.com> <6c3b4e24ea0e450bb184117107dfe749@XCGVAG22.northgrum.com> <55ACEFED.9050205@openssl.org> <391abb9b5bf5456db193f6e54586d43e@XCGVAG22.northgrum.com> Message-ID: Andy, Thank you for the information and feedback. As for using the patch, I can only use officially released versions (tar archives) downloaded from the OpenSSL website. If the patch is incorporated in the next release, like 1.0.2e -- which should be any day now :-) -- then I'll get to use it. Until then I'll configure using "sparcv7" or try the "no-asm" option you mentioned next time I build. I greatly appreciate you and the OpenSSL team looking into this and am happy I could, in some small way, help out. If there's something else I can do, please let me know. - Rick -----Original Message----- From: Andy Polyakov via RT [mailto:rt at openssl.org] Sent: Monday, July 20, 2015 9:03 AM To: Puckett, Rick (IS) Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] EXT :Re: [openssl.org #3931] OpenSSL 1.0.2(c, d) hangs on Sun T3 in OPENSSL_cpuid_setup() > I ran the truss command line you specified on the Sun T-3 and had to kill -9 the process as Ctrl-C and Ctrl-Z did not work. Attached is the truss.log output and below are the last few lines of that file where the process was hung up. truss.log also effectively confirms the hypotheses. > Setting OPENSSL_sparcv9cap to "0x20" (or even "0") allowed the program to complete (the code looks like it bypasses the probes if this is set to anything), though I don't know the operational ramifications of any value. You're correct that variable in question bypasses capability detection. Whole idea behind capability detection is to provide best performance. But setting wrong value can also cause crashes [because you'd be effectively forcing CPU to execute instructions it doesn't support]. For reference 0x20 is value that would normally have been set on T3 and means "use VIS3 extensions". The referred extensions are used for GHASH (~4.5x improvement) and BN (~2x improvement for RSA2048). Improvement coefficients are for T3 and relative to OPENSSL_sparcv9cap being set to 0. > I applied the patch you sent and configured/compiled using "solaris-sparcv9-gcc" and the program completes normally. > > As I am unable to use patched/unofficial code for our operational > needs, What is criteria for being "official"? Explicitly released as tar-ball or just commit to repository? > what I did last week is use the following option to the OpenSSL Configure script "solaris-sparcv7-gcc" or "solaris-sparcv7-cc" (we use both GCC and Sun C) and that seemed to fix/bypass the problem on the T-3. That would do the trick, but under the circumstances you would be better off configuring with no-asm. This way you at least tell compiler to target SPARCv9. From agostrer at gmail.com Mon Jul 20 16:51:20 2015 From: agostrer at gmail.com (Alexander Gostrer) Date: Mon, 20 Jul 2015 09:51:20 -0700 Subject: [openssl-dev] Using keys from a hardware accelerator In-Reply-To: <55AD11FA.60009@nikhef.nl> References: <55AD11FA.60009@nikhef.nl> Message-ID: Hi Jan, It definitely helps. I am already looking into this standard. Thank you, Alex. On Mon, Jul 20, 2015 at 8:21 AM, Jan Just Keijser wrote: > Hi Alexander, > > > Alexander Gostrer wrote: > >> Hi All, >> >> I am working on an OpenSSL modification for a hardware accelerator who >> generates and uses private keys internally without a way to export/import >> them. The standard OpenSSL approach is to use keys from files. Is there any >> preferred way to point to keys in the hardware? There is more and more >> hardware on the market that people want to use directly from the OpenSSL. >> >> There is a standard for this, PKCS#11, that is fairly well supported by > OpenSSL. Numerous hardware tokens and smartcards exist that can interact > with OpenSSL (via engine_pkcs11). I have personal experience with various > usb hardware tokens from Feitian and Aladdin/SafeNet. The main feature of > such tokens is that indeed the private key cannot be exported from the > device. > > > hope this helps, > > JJK / Jan Just Keijser > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From martin at winscp.net Mon Jul 20 17:54:00 2015 From: martin at winscp.net (Martin Prikryl) Date: Mon, 20 Jul 2015 19:54:00 +0200 Subject: [openssl-dev] WinSCP 5.7.5 will support the RFC 4419 revision to Diffie-Hellman group exchange Message-ID: <55AD35B8.8010900@winscp.net> Hello, I'd like to inform you that the next release of WinSCP SFTP client (version 5.7.5) will support Diffie-Hellman group exchange as specified by RFC 4419. http://winscp.net/tracker/show_bug.cgi?id=1345 So I'd like to ask you to kindly update the check in compat_datafellows() to WinSCP_release_4* WinSCP_release_5.0* WinSCP_release_5.1* WinSCP_release_5.2* WinSCP_release_5.5* WinSCP_release_5.6* WinSCP_release_5.7 WinSCP_release_5.7.1 WinSCP_release_5.7.2 WinSCP_release_5.7.3 WinSCP_release_5.7.4 If you want to test this, please use: http://winscp.net/public/winscp20150720ropenssl.zip Thanks. Martin Prikryl https://winscp.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From martin at winscp.net Mon Jul 20 18:09:57 2015 From: martin at winscp.net (Martin Prikryl) Date: Mon, 20 Jul 2015 20:09:57 +0200 Subject: [openssl-dev] WinSCP 5.7.5 will support the RFC 4419 revision to Diffie-Hellman group exchange In-Reply-To: <55AD35B8.8010900@winscp.net> References: <55AD35B8.8010900@winscp.net> Message-ID: <55AD3975.6000209@winscp.net> Please disregard. This was supposed to OpenSSH, not OpenSSL. M. On 20. 7. 2015 19:54, Martin Prikryl wrote: > Hello, > > I'd like to inform you that the next release of WinSCP SFTP client (version 5.7.5) will support Diffie-Hellman group exchange as specified by RFC 4419. > http://winscp.net/tracker/show_bug.cgi?id=1345 > > So I'd like to ask you to kindly update the check in > compat_datafellows() to > > WinSCP_release_4* > WinSCP_release_5.0* > WinSCP_release_5.1* > WinSCP_release_5.2* > WinSCP_release_5.5* > WinSCP_release_5.6* > WinSCP_release_5.7 > WinSCP_release_5.7.1 > WinSCP_release_5.7.2 > WinSCP_release_5.7.3 > WinSCP_release_5.7.4 > > If you want to test this, please use: > http://winscp.net/public/winscp20150720ropenssl.zip > > Thanks. > > Martin Prikryl > https://winscp.net/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vmaury at denyall.com Tue Jul 21 09:55:54 2015 From: vmaury at denyall.com (Vincent Maury) Date: Tue, 21 Jul 2015 09:55:54 +0000 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 Message-ID: Hi, You announced (https://www.openssl.org/about/releasestrat.html) that 0.9.8* versions of OpenSSL will be EOL on 31 Dec 2015. Although I do understand this generation is getting old and support needs to be ceased at some point, could we (0.9.8 users!) expect patch suggestions from the community on potential vulnerabilities found in 2016, in a best effort approach of course, without any official release? This would let us patch, build on our OS, test and potentially keep fixing security issues on historical users... Thanks a lot in advance for your answer, Regards, Vincent MAURY CTO - Chief Technology Officer Mobile : +33 6 27 00 39 02 Direct: +33 1 46 20 96 14 vmaury at denyall.com [DenyAll Security Solutions] Nouvelle Adresse - New Address : 6 Avenue de la Cristallerie, 92310 S?vres, France Main: +33 1 46 20 96 00 - Fax: +33 1 46 20 96 02 - www.denyall.com [Linkedin] [Twitter] [Youtube] [Facebook] [Google+] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: application/gif Size: 4059 bytes Desc: image001.gif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image012.png Type: application/png Size: 776 bytes Desc: image012.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image013.png Type: application/png Size: 777 bytes Desc: image013.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image014.png Type: application/png Size: 1124 bytes Desc: image014.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image015.png Type: application/png Size: 800 bytes Desc: image015.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image016.png Type: application/png Size: 1126 bytes Desc: image016.png URL: From rsalz at akamai.com Tue Jul 21 11:04:20 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 21 Jul 2015 11:04:20 +0000 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: References: Message-ID: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> > could we (0.9.8 users!) expect patch suggestions from the community on potential vulnerabilities found in 2016, in a best effort approach of course, without any official release? The best thing to do will probably be to fork the branch into a new repository on github and work there. We will not be checking anything into the "official" stable branch. From vmaury at denyall.com Tue Jul 21 11:11:44 2015 From: vmaury at denyall.com (Vincent Maury) Date: Tue, 21 Jul 2015 11:11:44 +0000 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: Yes of course. But will the dev team suggest backports on this unofficial branch? Can I reasonably expect fixes? -----Message d'origine----- De?: openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Salz, Rich Envoy??: mardi 21 juillet 2015 13:04 ??: openssl-dev at openssl.org Objet?: Re: [openssl-dev] 0.9.8 support after 31 Dec 2015 > could we (0.9.8 users!) expect patch suggestions from the community on potential vulnerabilities found in 2016, in a best effort approach of course, without any official release? The best thing to do will probably be to fork the branch into a new repository on github and work there. We will not be checking anything into the "official" stable branch. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From kurt at x64architecture.com Tue Jul 21 11:12:38 2015 From: kurt at x64architecture.com (Kurt Cancemi) Date: Tue, 21 Jul 2015 07:12:38 -0400 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <0F7E2331-DBDB-4192-9A02-D52B7F55DF97@x64architecture.com> Rich, I think he was asking if the OpenSSL team would say if a new vulnerability affected 0.9.8 after support has ended. > On Jul 21, 2015, at 7:04 AM, Salz, Rich wrote: > >> could we (0.9.8 users!) expect patch suggestions from the community on potential vulnerabilities found in 2016, in a best effort approach of course, without any official release? > > The best thing to do will probably be to fork the branch into a new repository on github and work there. We will not be checking anything into the "official" stable branch. > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rsalz at akamai.com Tue Jul 21 11:17:23 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 21 Jul 2015 11:17:23 +0000 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <9a761157c5f94841bd21827e670ccdf2@ustx2ex-dag1mb2.msg.corp.akamai.com> > But will the dev team suggest backports on this unofficial branch? Can I > reasonably expect fixes? Anything is possible, but I would be very surprised. From erwann.abalea at opentrust.com Tue Jul 21 11:18:28 2015 From: erwann.abalea at opentrust.com (Erwann Abalea) Date: Tue, 21 Jul 2015 13:18:28 +0200 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: Bonjour, > Le 21 juil. 2015 ? 13:11, Vincent Maury a ?crit : > > Yes of course. > But will the dev team suggest backports on this unofficial branch? Can I reasonably expect fixes? *Suggest* backports, that may or may not be reasonable, depending on growing difference between 0.9.8 and head version at the time of vulnerability detection. *Expect* fixes, this seems incompatible with an EOL decision. > -----Message d'origine----- > De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Salz, Rich > Envoy? : mardi 21 juillet 2015 13:04 > ? : openssl-dev at openssl.org > Objet : Re: [openssl-dev] 0.9.8 support after 31 Dec 2015 > >> could we (0.9.8 users!) expect patch suggestions from the community on potential vulnerabilities found in 2016, in a best effort approach of course, without any official release? > > The best thing to do will probably be to fork the branch into a new repository on github and work there. We will not be checking anything into the "official" stable branch. > Cordialement, Erwann Abalea From rsalz at akamai.com Tue Jul 21 11:19:58 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 21 Jul 2015 11:19:58 +0000 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: <0F7E2331-DBDB-4192-9A02-D52B7F55DF97@x64architecture.com> References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> <0F7E2331-DBDB-4192-9A02-D52B7F55DF97@x64architecture.com> Message-ID: > I think he was asking if the OpenSSL team would say if a new vulnerability > affected 0.9.8 after support has ended. No. From vmaury at denyall.com Tue Jul 21 11:22:23 2015 From: vmaury at denyall.com (Vincent Maury) Date: Tue, 21 Jul 2015 11:22:23 +0000 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: That's a pretty clear answer. Thank you very much for your reactiveness. Vincent -----Message d'origine----- De?: openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Erwann Abalea Envoy??: mardi 21 juillet 2015 13:18 ??: openssl-dev at openssl.org Objet?: Re: [openssl-dev] 0.9.8 support after 31 Dec 2015 Bonjour, > Le 21 juil. 2015 ? 13:11, Vincent Maury a ?crit : > > Yes of course. > But will the dev team suggest backports on this unofficial branch? Can I reasonably expect fixes? *Suggest* backports, that may or may not be reasonable, depending on growing difference between 0.9.8 and head version at the time of vulnerability detection. *Expect* fixes, this seems incompatible with an EOL decision. > -----Message d'origine----- > De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part > de Salz, Rich Envoy? : mardi 21 juillet 2015 13:04 ? : > openssl-dev at openssl.org Objet : Re: [openssl-dev] 0.9.8 support after > 31 Dec 2015 > >> could we (0.9.8 users!) expect patch suggestions from the community on potential vulnerabilities found in 2016, in a best effort approach of course, without any official release? > > The best thing to do will probably be to fork the branch into a new repository on github and work there. We will not be checking anything into the "official" stable branch. > Cordialement, Erwann Abalea _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From brad at monetra.com Tue Jul 21 11:16:12 2015 From: brad at monetra.com (Brad House) Date: Tue, 21 Jul 2015 07:16:12 -0400 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <55AE29FC.605@monetra.com> >> could we (0.9.8 users!) expect patch suggestions from the community on potential vulnerabilities found in 2016, in a best effort approach of course, without any official release? > > The best thing to do will probably be to fork the branch into a new repository on github and work there. We will not be checking anything into the "official" stable branch. I'm sure you're not the only one that will be needing to support 0.9.8 after the official EOL. RedHat Enterprise Linux 5 comes to mind (supported until 3/2017), so there will definitely be others providing security related patches. From rt at openssl.org Tue Jul 21 12:00:51 2015 From: rt at openssl.org (Hubert Kario via RT) Date: Tue, 21 Jul 2015 12:00:51 +0000 Subject: [openssl-dev] [openssl.org #3938] Website ciphers.html specifies DHE-RSA-DES-CBC3-SHA, OpenSSL needs EDH-RSA-DES-CBC3-SHA In-Reply-To: <1738697.4EonQm6hq7@pintsize.usersys.redhat.com> References: <7C7B83BD5B04E744A206B6F55159E444B07FCF31@MSG1.ftservice.local> <1738697.4EonQm6hq7@pintsize.usersys.redhat.com> Message-ID: On Tuesday 14 July 2015 08:36:51 David Thompson via RT wrote: > > From: openssl-dev On Behalf Of James A. T. Rice via RT > > Sent: Saturday, July 11, 2015 17:19 > > > > From https://www.ietf.org/rfc/rfc4346.txt > > > > CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; > > > > From https://www.openssl.org/docs/apps/ciphers.html > > > > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA > > > > From ?openssl ciphers -V | grep 0x16? > > > > 0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA > > > > Enc=3DES(168) Mac=SHA1 > > > > DHE-RSA-DES-CBC3-SHA (on the website) vs > > EDH-RSA-DES-CBC3-SHA (actually usuable) > > OpenSSL used nonstandard spelling EDH for 6 old suites; > 1.0.2 (post-beta) added "correct" spelling DHE as an alias. > Website doc is for current (development) version; doc for > older versions is included in the tarballs for those versions. given that situations like this come up relatively often, maybe publishing man pages for all supported versions with a drop down to switch between them[1] would be a good idea... 1 - python docs style: https://docs.python.org/2/library/subprocess.html see top left -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From agostrer at gmail.com Tue Jul 21 13:55:31 2015 From: agostrer at gmail.com (Alexander Gostrer) Date: Tue, 21 Jul 2015 06:55:31 -0700 Subject: [openssl-dev] Using keys from a hardware accelerator In-Reply-To: References: <55AD11FA.60009@nikhef.nl> Message-ID: Hi Jan, Erwann, I didn't find any reference to pkcs11 or engine_pkcs11 or cryptoki in the code. The closest thing I see on the master branch are openssl/engines/vendor_defns/hwcryptohook.h, sureware.h, and so on. Is there a special branch for pkcs11? Or I just need to use hwcryptohook.h/sureware.h as a reference code and make my own implementation? Thank you, Alex. On Mon, Jul 20, 2015 at 9:51 AM, Alexander Gostrer wrote: > Hi Jan, > > It definitely helps. I am already looking into this standard. > > Thank you, > Alex. > > On Mon, Jul 20, 2015 at 8:21 AM, Jan Just Keijser > wrote: > >> Hi Alexander, >> >> >> Alexander Gostrer wrote: >> >>> Hi All, >>> >>> I am working on an OpenSSL modification for a hardware accelerator who >>> generates and uses private keys internally without a way to export/import >>> them. The standard OpenSSL approach is to use keys from files. Is there any >>> preferred way to point to keys in the hardware? There is more and more >>> hardware on the market that people want to use directly from the OpenSSL. >>> >>> There is a standard for this, PKCS#11, that is fairly well supported by >> OpenSSL. Numerous hardware tokens and smartcards exist that can interact >> with OpenSSL (via engine_pkcs11). I have personal experience with various >> usb hardware tokens from Feitian and Aladdin/SafeNet. The main feature of >> such tokens is that indeed the private key cannot be exported from the >> device. >> >> >> hope this helps, >> >> JJK / Jan Just Keijser >> >> _______________________________________________ >> openssl-dev mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dwmw2 at infradead.org Tue Jul 21 14:32:38 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Tue, 21 Jul 2015 15:32:38 +0100 Subject: [openssl-dev] Using keys from a hardware accelerator In-Reply-To: References: <55AD11FA.60009@nikhef.nl> Message-ID: <1437489158.3905.27.camel@infradead.org> On Tue, 2015-07-21 at 06:55 -0700, Alexander Gostrer wrote: > > I didn't find any reference to pkcs11 or engine_pkcs11 or cryptoki in > the code. The closest thing I see on the master branch are > openssl/engines/vendor_defns/hwcryptohook.h, sureware.h, and so on. > Is there a special branch for pkcs11? Or I just need to use > hwcryptohook.h/sureware.h as a reference code and make my own > implementation? Unfortunately, PKCS#11 support isn't a part of OpenSSL directly (although it would be really good to fix that). The PKCS#11 engine is at https://github.com/OpenSC/engine_pkcs11 A new release is imminent, which allows you to specify certificates and keys by a PKCS#11 URI (RFC7512) instead of the old format. On systems where p11-kit exists, it also automatically loads the appropriate PKCS#11 modules according to the system configuration. So using it really is as simple as providing the correct PKCS#11 URI for the cert/key you want. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Tue Jul 21 14:38:36 2015 From: rt at openssl.org (Steffen Nurpmeso via RT) Date: Tue, 21 Jul 2015 14:38:36 +0000 Subject: [openssl-dev] [openssl.org #3949] Bug: PKCS_final.7 not installed In-Reply-To: <20150721142323.sXk4lrxX-lEA%sdaoden@yandex.com> References: <20150721142323.sXk4lrxX-lEA%sdaoden@yandex.com> Message-ID: And on [1] (at least) the link "Please see the list of new or open bugs and requests." leads to nowhere. Ciao, [1] http://openssl.org/support/rt.html --steffen _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From agostrer at gmail.com Tue Jul 21 14:39:08 2015 From: agostrer at gmail.com (Alexander Gostrer) Date: Tue, 21 Jul 2015 07:39:08 -0700 Subject: [openssl-dev] Using keys from a hardware accelerator In-Reply-To: <1437489158.3905.27.camel@infradead.org> References: <55AD11FA.60009@nikhef.nl> <1437489158.3905.27.camel@infradead.org> Message-ID: Thank you, David. It wasn't obvious :) Let me look into. Regards, Alex. On Tue, Jul 21, 2015 at 7:32 AM, David Woodhouse wrote: > On Tue, 2015-07-21 at 06:55 -0700, Alexander Gostrer wrote: > > > > I didn't find any reference to pkcs11 or engine_pkcs11 or cryptoki in > > the code. The closest thing I see on the master branch are > > openssl/engines/vendor_defns/hwcryptohook.h, sureware.h, and so on. > > Is there a special branch for pkcs11? Or I just need to use > > hwcryptohook.h/sureware.h as a reference code and make my own > > implementation? > > Unfortunately, PKCS#11 support isn't a part of OpenSSL directly > (although it would be really good to fix that). > > The PKCS#11 engine is at https://github.com/OpenSC/engine_pkcs11 > > A new release is imminent, which allows you to specify certificates and > keys by a PKCS#11 URI (RFC7512) instead of the old format. > > On systems where p11-kit exists, it also automatically loads the > appropriate PKCS#11 modules according to the system configuration. So > using it really is as simple as providing the correct PKCS#11 URI for > the cert/key you want. > > -- > David Woodhouse Open Source Technology Centre > David.Woodhouse at intel.com Intel Corporation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tytso at mit.edu Tue Jul 21 15:41:51 2015 From: tytso at mit.edu (Theodore Ts'o) Date: Tue, 21 Jul 2015 11:41:51 -0400 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <20150721154151.GB2944@thunk.org> Perhaps a good model to take would be how the Linux kernel hands ancient stable kernels. After a while, Greg K-H stops supporting a long-term stable kernel. In some cases, a volunteer will step up and continue supporting some ancient kernel. Those ancient kernels don't get all bug fixes, and not even all security fixes. What they get is up to the volunteer. In the Linux kernel case, those ancient stable kernels are listed on the front page of www.kernel.org. I sometimes fear that some people believe that all security fixes make it into, say, 2.6.32, or 3.2 or 3.4. In fact, I'm pretty sure there are cases when they don't, and one could make the case that the fact those ancient kernels are listed on the front page is a bad thing since it reduces the pressure on vendors to upgrade to something more recent and more secure. Given that OpenSSL is a security-focused product, that might be a reason why it might not be a good idea to have such kernels advertised on the front page. But certainly having a single community-supported ancient release is probably better than multiple independent release engineers trying to support an ancient release. Much better of course would be to get everyone to upgrade. :-) - Ted From rt at openssl.org Wed Jul 22 10:23:40 2015 From: rt at openssl.org (Pascal Cuoq via RT) Date: Wed, 22 Jul 2015 10:23:40 +0000 Subject: [openssl-dev] [openssl.org #3950] Standard mem* functions called with length 0 and invalid pointer arguments In-Reply-To: References: Message-ID: Recently, GCC began to assume for optimization purposes that p and q are non-null pointers when memcpy(p, q, n); is invoked. This means that the if is eliminated completely when compiling the following sequence of instructions: memcpy(p, q, n); if (!p) printf("good\n"); And this causes a problem for any programmer that would expect ?good? to be printed by the following program: #include void f(void *p, void *q, size_t n) { memcpy(p, q, n); if (!p) printf("good\n"); } int main(void) { f(0, 0, 0); } The clauses in the standard that allow GCC to ?optimize? the program in this way are, in C11, 7.24.1:2 and 7.1.4. Clause 7.24.1:2 says: ?Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4? Clause 7.1.4 also allows compilers to assume that p and q are not pointers ?one past? the end of an object: http://stackoverflow.com/questions/25390577/is-memcpya-1-b-1-0-defined-in-c11 Since you can expect GCC developers to take as much responsibility for the vulnerabilities introduced in previously working code when they add the optimization of assuming that p and q are not pointers ?one past? than they did when they added the optimization of assuming that p and q are not null (i.e. none at all), it would be prudent never to call any standard function with pointers ?one past?, even when these are functions that also take a length and the length is always 0 in these cases. OpenSSL's bignum implementation contains two invocations of standard functions that fail this property: https://github.com/openssl/openssl/blob/b39fc560612984e65ec30d7f37487303bf514fb3/crypto/bn/bn_add.c#L225 https://github.com/openssl/openssl/blob/b39fc560612984e65ec30d7f37487303bf514fb3/crypto/bn/bn_mont.c#L199 These two lines are actually reached with pointers ?one past? and sizes of 0 during real executions. The prudent thing to do would be to guard these lines so that the standard function is not called with a pointer ?one past?, which can be done as simply as: if (max - r->top) memset(&rp[r->top], 0, sizeof(*rp) * (max - r->top)); if (dif) memcpy(rp, ap, sizeof(*rp) * dif); _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From kannanar at cisco.com Wed Jul 22 11:24:26 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Wed, 22 Jul 2015 11:24:26 +0000 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Message-ID: Hi, To disable SSLv2 and SSLv3 while compilation used no-ssl2 and no-ssl3 option for windows platform. But getting the below link error. Without option "no-ssl2 no-ssl3" I can compile successfully. Any pointers to resolve this issue? Thanks in advance. LINK : warning LNK4001: no object files specified; libraries used LINK : warning LNK4068: /MACHINE not specified; defaulting to IX86 LINK : warning LNK4001: no object files specified; libraries used SSLEAY32.def : error LNK2001: unresolved external symbol BIO_f_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_buffer_ssl_connec SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl_connect SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_copy_session_id SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_shutdown SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_client_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_server_method SSLEAY32.def : error LNK2001: unresolved external symbol ERR_load_SSL_strings SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_description SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_bits SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_version SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_add_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_client_CA SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_session SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_callback_ctrl SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_check_private_key Openssl Version: openssl-0.9.8zc Commands used: VCVARS32.BAT perl Configure VC-WIN32 no-idea shared no-ssl2 no-ssl3 --prefix=e:/openssl ms\do_masm nmake -f ms\ntdll.mak Thanks, Kannan Narayanasamy. From rt at openssl.org Wed Jul 22 11:42:36 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Wed, 22 Jul 2015 11:42:36 +0000 Subject: [openssl-dev] [openssl.org #3674] Bug report - cannot compile 1.0.2 with no-cms In-Reply-To: <1437564218.3905.60.camel@infradead.org> References: <1437564218.3905.60.camel@infradead.org> Message-ID: From: David Bar Subject: [PATCH] RT3674: Fix no-cms build failure This fixes multiple problems with CMS-related code, including the RFC2631 DH key derivation which depends on CMS, not being correctly protected by #ifndef OPENSSL_NO_CMS. --- Updated version of David Bar's patch, against OpenSSL git HEAD. I have introduced a couple of switch statements for key derivation types, as David suggested. And also I leave EVP_PKEY_DH_KDF_X9_42 defined in the header file, but just returning failure when you try to *use* it. ( This fix is also required for building OpenSSL in the UEFI environment. We are starting to work on fixing up the patch which currently lives in https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/Openssl Lib so that we can get the useful parts merged upstream. To start with, we've just broken it down into individual changes, which are (not cleaned up for submission yet) at http://git.infradead.org/users/dwmw2/openssl.git/shortlog/refs/heads/OpenSSL_1_0_2-stable ) crypto/dh/dh_kdf.c | 3 +++ crypto/dh/dh_pmeth.c | 30 +++++++++++++++++++++++------- crypto/ec/ec_ameth.c | 2 ++ crypto/rsa/rsa_ameth.c | 8 ++++++++ include/openssl/dh.h | 2 ++ 5 files changed, 38 insertions(+), 7 deletions(-) diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index b812d82..3035d0b 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -51,6 +51,8 @@ * ==================================================================== */ +#include +#ifndef OPENSSL_NO_CMS #include #include #include @@ -184,3 +186,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, EVP_MD_CTX_cleanup(&mctx); return rv; } +#endif /* !OPENSSL_NO_CMS */ diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 763e42f..b070246 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -203,12 +203,20 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_DH_KDF_TYPE: - if (p1 == -2) + switch (p1) { + case -2: return dctx->kdf_type; - if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) + +#ifndef OPENSSL_NO_CMS + case EVP_PKEY_DH_KDF_X9_42: +#endif + case EVP_PKEY_DH_KDF_NONE: + dctx->kdf_type = p1; + return 1; + + default: return -2; - dctx->kdf_type = p1; - return 1; + } case EVP_PKEY_CTRL_DH_KDF_MD: dctx->kdf_md = p2; @@ -437,7 +445,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, } dh = ctx->pkey->pkey.dh; dhpub = ctx->peerkey->pkey.dh->pub_key; - if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) { + + switch (dctx->kdf_type) { + case EVP_PKEY_DH_KDF_NONE: if (key == NULL) { *keylen = DH_size(dh); return 1; @@ -447,7 +457,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return ret; *keylen = ret; return 1; - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + +#ifndef OPENSSL_NO_CMS + case EVP_PKEY_DH_KDF_X9_42: { unsigned char *Z = NULL; size_t Zlen = 0; if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -475,7 +487,11 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, OPENSSL_clear_free(Z, Zlen); return ret; } - return 1; +#endif /* !OPENSSL_NO_CMS */ + + default: + return 0; + } } const EVP_PKEY_METHOD dh_pkey_meth = { diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index edb68d1..e2f3287 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -67,8 +67,10 @@ #include #include "internal/asn1_int.h" +#ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); +#endif static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) { diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index d409631..254b553 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -68,10 +68,12 @@ #endif #include "internal/asn1_int.h" +#ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); static int rsa_cms_verify(CMS_SignerInfo *si); static int rsa_cms_decrypt(CMS_RecipientInfo *ri); static int rsa_cms_encrypt(CMS_RecipientInfo *ri); +#endif static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { @@ -653,6 +655,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, return rv; } +#ifndef OPENSSL_NO_CMS static int rsa_cms_verify(CMS_SignerInfo *si) { int nid, nid2; @@ -671,6 +674,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si) } return 0; } +#endif /* * Customised RSA item verification routine. This is called when a signature @@ -693,6 +697,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return -1; } +#ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si) { int pad_mode = RSA_PKCS1_PADDING; @@ -717,6 +722,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si) X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); return 1; } +#endif static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, @@ -768,6 +774,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, return pss; } +#ifndef OPENSSL_NO_CMS static int rsa_cms_decrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pkctx; @@ -900,6 +907,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) ASN1_STRING_free(os); return rv; } +#endif const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { diff --git a/include/openssl/dh.h b/include/openssl/dh.h index e0f4b57..882d4f1 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -239,11 +239,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ -- 2.4.3 -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Wed Jul 22 13:09:48 2015 From: rt at openssl.org (Woodhouse, David via RT) Date: Wed, 22 Jul 2015 13:09:48 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437569859.3905.87.camel@intel.com> References: <1437569859.3905.87.camel@intel.com> Message-ID: There are various circumstances in which it makes no sense to be checking the start and end times of a certificate's validity. When validating OS kernel drivers, or indeed when validating the OS kernel itself when the firmware loads it, we *really* don't want to have a built-in obsolescence date after which the system will no longer function. That would be a bad thing even if we *could* reliably trust the system's real time clock at this stage in the boot sequence. This patch gives us a way to disable the time checks entirely, by using X509_VERIFY_PARAM_set_time() with a time of -1. There is a slight risk here ? if anyone was genuinely using the value of -1 to check if a certificate chain was indeed valid in the last second of 1969. I judge that risk to be negligible. And it certainly shouldn't be externally triggerable ? if an attacker could influence the value passed to X509_VERIFY_PARAM_set_time() then all bets were off w.r.t. time-based checks anyway. If there are serious concerns, however, I can provide an alternative patch which adds an X509_V_FLAG_NO_CHECK_TIME flag for this purpose instead. I'm happy with anything except the existing version in the UEFI source tree that everyone is shipping, which just disables the time check if OPENSSL_SYS_UEFI is set?. That one I *don't* like. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation ? http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/2fb12afc2ceb -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Allow-certificate-time-checks-to-be-disabled.patch Type: text/x-patch Size: 2332 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3437 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From vitus at wagner.pp.ru Wed Jul 22 14:49:10 2015 From: vitus at wagner.pp.ru (Victor Wagner) Date: Wed, 22 Jul 2015 17:49:10 +0300 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> Message-ID: <20150722174910.57dcc520@arkturus.local> On Wed, 22 Jul 2015 13:09:48 +0000 "Woodhouse, David via RT" wrote: > There are various circumstances in which it makes no sense to be > checking the start and end times of a certificate's validity. > > When validating OS kernel drivers, or indeed when validating the OS > kernel itself when the firmware loads it, we *really* don't want to > have a built-in obsolescence date after which the system will no > longer function. That would be a bad thing even if we *could* > reliably trust the system's real time clock at this stage in the boot > sequence. Isn't it better to check if certificate was valid at the time of signing? Typically compiler somehow puts compilation timestamp into compiled binaries. So, I think, this time should be used as argument to X509_VERIFY_PARAM_set_time instead of wall clock time. Or, may be there is something like CMS signing attributes with signing time. s From rt at openssl.org Wed Jul 22 14:58:07 2015 From: rt at openssl.org (Victor Wagner via RT) Date: Wed, 22 Jul 2015 14:58:07 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150722174910.57dcc520@arkturus.local> References: <1437569859.3905.87.camel@intel.com> <20150722174910.57dcc520@arkturus.local> Message-ID: On Wed, 22 Jul 2015 13:09:48 +0000 "Woodhouse, David via RT" wrote: > There are various circumstances in which it makes no sense to be > checking the start and end times of a certificate's validity. > > When validating OS kernel drivers, or indeed when validating the OS > kernel itself when the firmware loads it, we *really* don't want to > have a built-in obsolescence date after which the system will no > longer function. That would be a bad thing even if we *could* > reliably trust the system's real time clock at this stage in the boot > sequence. Isn't it better to check if certificate was valid at the time of signing? Typically compiler somehow puts compilation timestamp into compiled binaries. So, I think, this time should be used as argument to X509_VERIFY_PARAM_set_time instead of wall clock time. Or, may be there is something like CMS signing attributes with signing time. s From agostrer at gmail.com Wed Jul 22 15:02:46 2015 From: agostrer at gmail.com (Alexander Gostrer) Date: Wed, 22 Jul 2015 08:02:46 -0700 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> Message-ID: Hi David, I think that both your proposals will add vulnerabilities. With your proposal I anticipate that many careless application developers will disable the date checking forever. As a result, consumers will be blaming openssl, not these developers. Current solution for kernels and other firmware without a reliable RTC is to issue certificates that are valid from 1969 to 2037. We will have a Y2037 problem similar to Y2000 but this is a wide problem, much wider than openssl can solve at the moment. Regards, Alex Gostrer On Wed, Jul 22, 2015 at 6:09 AM, Woodhouse, David via RT wrote: > There are various circumstances in which it makes no sense to be > checking the start and end times of a certificate's validity. > > When validating OS kernel drivers, or indeed when validating the OS > kernel itself when the firmware loads it, we *really* don't want to > have a built-in obsolescence date after which the system will no longer > function. That would be a bad thing even if we *could* reliably trust > the system's real time clock at this stage in the boot sequence. > > This patch gives us a way to disable the time checks entirely, by using > X509_VERIFY_PARAM_set_time() with a time of -1. > > There is a slight risk here ? if anyone was genuinely using the value > of -1 to check if a certificate chain was indeed valid in the last > second of 1969. I judge that risk to be negligible. And it certainly > shouldn't be externally triggerable ? if an attacker could influence > the value passed to X509_VERIFY_PARAM_set_time() then all bets were off > w.r.t. time-based checks anyway. > > If there are serious concerns, however, I can provide an alternative > patch which adds an X509_V_FLAG_NO_CHECK_TIME flag for this purpose > instead. > > I'm happy with anything except the existing version in the UEFI source > tree that everyone is shipping, which just disables the time check if > OPENSSL_SYS_UEFI is set?. That one I *don't* like. > > -- > David Woodhouse Open Source Technology Centre > David.Woodhouse at intel.com Intel Corporation > > ? http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/2fb12afc2ceb > > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Wed Jul 22 15:03:06 2015 From: rt at openssl.org (Alexander Gostrer via RT) Date: Wed, 22 Jul 2015 15:03:06 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> Message-ID: Hi David, I think that both your proposals will add vulnerabilities. With your proposal I anticipate that many careless application developers will disable the date checking forever. As a result, consumers will be blaming openssl, not these developers. Current solution for kernels and other firmware without a reliable RTC is to issue certificates that are valid from 1969 to 2037. We will have a Y2037 problem similar to Y2000 but this is a wide problem, much wider than openssl can solve at the moment. Regards, Alex Gostrer On Wed, Jul 22, 2015 at 6:09 AM, Woodhouse, David via RT wrote: > There are various circumstances in which it makes no sense to be > checking the start and end times of a certificate's validity. > > When validating OS kernel drivers, or indeed when validating the OS > kernel itself when the firmware loads it, we *really* don't want to > have a built-in obsolescence date after which the system will no longer > function. That would be a bad thing even if we *could* reliably trust > the system's real time clock at this stage in the boot sequence. > > This patch gives us a way to disable the time checks entirely, by using > X509_VERIFY_PARAM_set_time() with a time of -1. > > There is a slight risk here ? if anyone was genuinely using the value > of -1 to check if a certificate chain was indeed valid in the last > second of 1969. I judge that risk to be negligible. And it certainly > shouldn't be externally triggerable ? if an attacker could influence > the value passed to X509_VERIFY_PARAM_set_time() then all bets were off > w.r.t. time-based checks anyway. > > If there are serious concerns, however, I can provide an alternative > patch which adds an X509_V_FLAG_NO_CHECK_TIME flag for this purpose > instead. > > I'm happy with anything except the existing version in the UEFI source > tree that everyone is shipping, which just disables the time check if > OPENSSL_SYS_UEFI is set?. That one I *don't* like. > > -- > David Woodhouse Open Source Technology Centre > David.Woodhouse at intel.com Intel Corporation > > ? http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/2fb12afc2ceb > > _______________________________________________ > openssl-bugs-mod mailing list > openssl-bugs-mod at openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > From THollebeek at trustwave.com Wed Jul 22 14:52:30 2015 From: THollebeek at trustwave.com (Tim Hollebeek) Date: Wed, 22 Jul 2015 14:52:30 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> Message-ID: The way this is supposed to work is by using a timestamp from a trusted timestamp server to show the certificate was valid at the time the code was signed. See the following text from the draft code signing baseline requirements from the CA/Browser forum: 8.2.1: "... With the exception of revocation checking for time-stamped and expired Certificates, Platforms are expected to validate Code Signatures in accordance with RFC 5280 when first encountered. Subsequent signature validation MAY ignore revocation, especially if rejecting the Code will cause the device to fail to boot. When a Platform encounters a Certificate that fails to validate due to revocation, the Platform should not permit the Code to execute. When a Platform encounters a Certificate that fails to validate for reasons other than revocation, the Platform should treat the Code as unsigned. Ordinarily, a Code Signature created by a Subscriber is only considered valid until expiration of the Certificate. However, the ?Timestamp? method and the ?Signing Service? methods permit Code to remain valid for longer periods of time. 1. Timestamp Method: In this method, the Subscriber signs the Code, appends its Code Signing Certificate and submits it to a Timestamp Authority to be time-stamped. The resulting package can be considered valid after expiration of the Code Signing Certificate and expiration of the Timestamp Authority certificate if the timestamp is dated prior to the Certificate?s expiration date and any applicable revocation date. (See Section 13.2.) 2. Signing Service Method: In this method, the Subscriber uses the service to sign compiled code, binary, file, app, or similar object. Alternatively, the service MAY sign a digest of the preceding objects. The resulting Code Signature is valid up to the expiration time of the Signing Service?s Code Signing Certificate and any applicable revocation date, whichever comes first. Signing Services MAY also timestamp signed objects." This is much better than simply ignoring all date validation. -Tim -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Woodhouse, David via RT Sent: Wednesday, July 22, 2015 9:10 AM Cc: openssl-dev at openssl.org Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled There are various circumstances in which it makes no sense to be checking the start and end times of a certificate's validity. When validating OS kernel drivers, or indeed when validating the OS kernel itself when the firmware loads it, we *really* don't want to have a built-in obsolescence date after which the system will no longer function. That would be a bad thing even if we *could* reliably trust the system's real time clock at this stage in the boot sequence. This patch gives us a way to disable the time checks entirely, by using X509_VERIFY_PARAM_set_time() with a time of -1. There is a slight risk here ? if anyone was genuinely using the value of -1 to check if a certificate chain was indeed valid in the last second of 1969. I judge that risk to be negligible. And it certainly shouldn't be externally triggerable ? if an attacker could influence the value passed to X509_VERIFY_PARAM_set_time() then all bets were off w.r.t. time-based checks anyway. If there are serious concerns, however, I can provide an alternative patch which adds an X509_V_FLAG_NO_CHECK_TIME flag for this purpose instead. I'm happy with anything except the existing version in the UEFI source tree that everyone is shipping, which just disables the time check if OPENSSL_SYS_UEFI is set?. That one I *don't* like. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation ? http://scanmail.trustwave.com/?c=4062&d=w5av1VNIDJq7CuEBC-sOxIBHFHbcisoH_n4fAJKpMg&s=5&u=http%3a%2f%2fgit%2einfradead%2eorg%2fusers%2fdwmw2%2fopenssl%2egit%2fcommitdiff%2f2fb12afc2ceb ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. From rt at openssl.org Wed Jul 22 15:07:55 2015 From: rt at openssl.org (Tim Hollebeek via RT) Date: Wed, 22 Jul 2015 15:07:55 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> Message-ID: The way this is supposed to work is by using a timestamp from a trusted timestamp server to show the certificate was valid at the time the code was signed. See the following text from the draft code signing baseline requirements from the CA/Browser forum: 8.2.1: "... With the exception of revocation checking for time-stamped and expired Certificates, Platforms are expected to validate Code Signatures in accordance with RFC 5280 when first encountered. Subsequent signature validation MAY ignore revocation, especially if rejecting the Code will cause the device to fail to boot. When a Platform encounters a Certificate that fails to validate due to revocation, the Platform should not permit the Code to execute. When a Platform encounters a Certificate that fails to validate for reasons other than revocation, the Platform should treat the Code as unsigned. Ordinarily, a Code Signature created by a Subscriber is only considered valid until expiration of the Certificate. However, the ?Timestamp? method and the ?Signing Service? methods permit Code to remain valid for longer periods of time. 1. Timestamp Method: In this method, the Subscriber signs the Code, appends its Code Signing Certificate and submits it to a Timestamp Authority to be time-stamped. The resulting package can be considered valid after expiration of the Code Signing Certificate and expiration of the Timestamp Authority certificate if the timestamp is dated prior to the Certificate?s expiration date and any applicable revocation date. (See Section 13.2.) 2. Signing Service Method: In this method, the Subscriber uses the service to sign compiled code, binary, file, app, or similar object. Alternatively, the service MAY sign a digest of the preceding objects. The resulting Code Signature is valid up to the expiration time of the Signing Service?s Code Signing Certificate and any applicable revocation date, whichever comes first. Signing Services MAY also timestamp signed objects." This is much better than simply ignoring all date validation. -Tim -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Woodhouse, David via RT Sent: Wednesday, July 22, 2015 9:10 AM Cc: openssl-dev at openssl.org Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled There are various circumstances in which it makes no sense to be checking the start and end times of a certificate's validity. When validating OS kernel drivers, or indeed when validating the OS kernel itself when the firmware loads it, we *really* don't want to have a built-in obsolescence date after which the system will no longer function. That would be a bad thing even if we *could* reliably trust the system's real time clock at this stage in the boot sequence. This patch gives us a way to disable the time checks entirely, by using X509_VERIFY_PARAM_set_time() with a time of -1. There is a slight risk here ? if anyone was genuinely using the value of -1 to check if a certificate chain was indeed valid in the last second of 1969. I judge that risk to be negligible. And it certainly shouldn't be externally triggerable ? if an attacker could influence the value passed to X509_VERIFY_PARAM_set_time() then all bets were off w.r.t. time-based checks anyway. If there are serious concerns, however, I can provide an alternative patch which adds an X509_V_FLAG_NO_CHECK_TIME flag for this purpose instead. I'm happy with anything except the existing version in the UEFI source tree that everyone is shipping, which just disables the time check if OPENSSL_SYS_UEFI is set?. That one I *don't* like. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation ? http://scanmail.trustwave.com/?c=4062&d=w5av1VNIDJq7CuEBC-sOxIBHFHbcisoH_n4fAJKpMg&s=5&u=http%3a%2f%2fgit%2einfradead%2eorg%2fusers%2fdwmw2%2fopenssl%2egit%2fcommitdiff%2f2fb12afc2ceb ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. From dwmw2 at infradead.org Wed Jul 22 15:09:48 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 16:09:48 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <20150722174910.57dcc520@arkturus.local> Message-ID: <1437577788.3905.94.camel@infradead.org> On Wed, 2015-07-22 at 14:58 +0000, Victor Wagner via RT wrote: > Isn't it better to check if certificate was valid at the time of > signing? Is there a benefit to that which would make it worth the additional complexity? > Typically compiler somehow puts compilation timestamp into compiled > binaries. So, I think, this time should be used as argument to > X509_VERIFY_PARAM_set_time instead of wall clock time. For the UEFI build we try to avoid all non-repeatable things like that being included in the binaries. I'm still worrying about how to approach the patch at the end of the list? which removes all those instances of __FILE__ and __LINE__... I have a vague recollection of there being a discussion on this list about that, fairly recently, and I need to go back and find it. > Or, may be there is something like CMS signing attributes with > signing time. Did I not send the patch which fixes the OPENSSL_NO_CMS build yet? :) -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation ? http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/b599f07d -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Wed Jul 22 15:10:09 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Wed, 22 Jul 2015 15:10:09 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437577788.3905.94.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <20150722174910.57dcc520@arkturus.local> <1437577788.3905.94.camel@infradead.org> Message-ID: On Wed, 2015-07-22 at 14:58 +0000, Victor Wagner via RT wrote: > Isn't it better to check if certificate was valid at the time of > signing? Is there a benefit to that which would make it worth the additional complexity? > Typically compiler somehow puts compilation timestamp into compiled > binaries. So, I think, this time should be used as argument to > X509_VERIFY_PARAM_set_time instead of wall clock time. For the UEFI build we try to avoid all non-repeatable things like that being included in the binaries. I'm still worrying about how to approach the patch at the end of the list? which removes all those instances of __FILE__ and __LINE__... I have a vague recollection of there being a discussion on this list about that, fairly recently, and I need to go back and find it. > Or, may be there is something like CMS signing attributes with > signing time. Did I not send the patch which fixes the OPENSSL_NO_CMS build yet? :) -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation ? http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/b599f07d -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From dwmw2 at infradead.org Wed Jul 22 15:36:27 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 16:36:27 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> Message-ID: <1437579387.3905.104.camel@infradead.org> On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote: > The way this is supposed to work is by using a timestamp from a > trusted timestamp server to show the certificate was valid at the > time the code was signed. That would be great. Unfortunately, if the UEFI firmware were suddenly to start insisting upon that then a lot of operating systems would no longer boot. I don't think it's practical to add this requirement for secure boot at this stage; the UEFI firmware will probably continue to just disable the time check ? even if it's a local patch as it is at the moment. But I'm *trying* to eliminate those local patches, to make it easier to keep OpenSSL up to date. It occurs to me that UEFI firmware might be the *largest* deployment of OpenSSL, so it's unfortunate that the patches it needs are out-of-tree :) FWIW the Linux kernel also specifically avoids checking timestamps altogether when validating signed modules. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Wed Jul 22 15:36:40 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Wed, 22 Jul 2015 15:36:40 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437579387.3905.104.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> Message-ID: On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote: > The way this is supposed to work is by using a timestamp from a > trusted timestamp server to show the certificate was valid at the > time the code was signed. That would be great. Unfortunately, if the UEFI firmware were suddenly to start insisting upon that then a lot of operating systems would no longer boot. I don't think it's practical to add this requirement for secure boot at this stage; the UEFI firmware will probably continue to just disable the time check ? even if it's a local patch as it is at the moment. But I'm *trying* to eliminate those local patches, to make it easier to keep OpenSSL up to date. It occurs to me that UEFI firmware might be the *largest* deployment of OpenSSL, so it's unfortunate that the patches it needs are out-of-tree :) FWIW the Linux kernel also specifically avoids checking timestamps altogether when validating signed modules. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From dwmw2 at infradead.org Wed Jul 22 15:55:27 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 16:55:27 +0100 Subject: [openssl-dev] [RFC][PATCH] Fixing OPENSSL_NO_STDIO Message-ID: <1437580527.3905.112.camel@infradead.org> To what extent is the OPENSSL_NO_STDIO build expected to actually work? It seems fairly unloved. The UEFI build (currently on 1.0.2) has a minimal patch? which fixes up OPENSSL_NO_FP for their use case, which obviously it would be nice to eliminate by merging upstream. But since OPENSSL_NO_FP_API got subsumed into OPENSSL_NO_STDIO in commit 4b618848f, the problem has got a lot more interesting. A preliminary patch is below. There are a number of issues. - Lots of places still need 'FILE' to be defined. - Various (mis)uses of BUFSIZ - GOST engine using printf() - Don't even look at crypto/cryptlib.c - Missing DECLARE_PEM_write_fp_const() macro for OPENSSL_NO_STDIO - SRP_VBASE_init() requires file access Is this the way it's supposed to be? Surely we can have file access without a FILE *? Should BIO_new_file() be using a filedescriptor-based method of opening the file, instead of just being unavailable for the OPENSSL_NO_STDIO build? There are a number of users of it, which is why I #defined it to "return" NULL instead of just failing. Obviously I *can* just submit patches to fix it minimally so that the UEFI build works. That doesn't seem like the correct thing to do though. diff --git a/Configure b/Configure index 6cc05bd..6cc0e20 100755 --- a/Configure +++ b/Configure @@ -1088,7 +1088,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) - || defined($disabled{"dh"})) + || defined($disabled{"dh"}) || defined($disabled{"stdio"})) { $disabled{"gost"} = "forced"; } diff --git a/apps/passwd.c b/apps/passwd.c index dbae620..ce5c402 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -112,6 +112,10 @@ OPTIONS passwd_options[] = { {NULL} }; +#ifndef BUFSIZ +#define BUFSIZ 256 +#endif + int passwd_main(int argc, char **argv) { BIO *in = NULL; diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 6d050ff..dc99d11 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -116,7 +116,7 @@ #include "internal/cryptlib.h" #include - +#include #if defined(OPENSSL_SYS_WIN32) static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ #endif diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c index 01e275f..7633139 100644 --- a/crypto/des/read2pwd.c +++ b/crypto/des/read2pwd.c @@ -114,6 +114,10 @@ #include #include +#ifndef BUFSIZ +#define BUFSIZ 256 +#endif + int DES_read_password(DES_cblock *key, const char *prompt, int verify) { int ok; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index eaf0618..2e7ed31 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -89,7 +89,9 @@ * this is no longer automatic in ENGINE_load_builtin_engines(). */ #define TEST_ENG_OPENSSL_RC4 +#ifndef OPENSSL_NO_STDIO #define TEST_ENG_OPENSSL_PKEY +#endif /* #define TEST_ENG_OPENSSL_HMAC */ /* #define TEST_ENG_OPENSSL_HMAC_INIT */ /* #define TEST_ENG_OPENSSL_RC4_OTHERS */ diff --git a/crypto/lock.c b/crypto/lock.c index d7d672d..2066b31 100644 --- a/crypto/lock.c +++ b/crypto/lock.c @@ -309,9 +309,7 @@ void CRYPTO_destroy_dynlockid(int i) --pointer->references; #ifdef REF_CHECK if (pointer->references < 0) { - fprintf(stderr, - "CRYPTO_destroy_dynlockid, bad reference count\n"); - abort(); + OPENSSL_showfatal("CRYPTO_destroy_dynlockid, bad reference count\n"); } else #endif if (pointer->references <= 0) { diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 39c89e8..a877f8d 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -349,6 +349,7 @@ static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) return NULL; } +#ifndef OPENSSL_NO_STDIO /* * this function parses verifier file. Format is: * string(index):base64(N):base64(g):0 @@ -467,6 +468,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) return error_code; } +#endif SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) { diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index f65f80d..b18e2a2 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -56,6 +56,10 @@ #include #include "ui_locl.h" +#ifndef BUFSIZ +#define BUFSIZ 256 +#endif + int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) { diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index cc91db8..d46666f 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -69,6 +69,8 @@ # include #endif +#ifndef OPENSSL_NO_STDIO + #include #include @@ -435,3 +437,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, BUF_MEM_free(b); return (ok); } + +#endif /* OPENSSL_NO_STDIO */ diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 2da93bd..fbb3d37 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -631,7 +631,9 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free); -# ifndef OPENSSL_NO_STDIO +# ifdef OPENSSL_NO_STDIO +#define BIO_new_file(filename, mode) (NULL) +# else BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 06c7601..c111464 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -133,7 +133,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, const char *name); void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); void OPENSSL_config(const char *config_name); @@ -166,7 +168,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, char *NCONF_get_string(const CONF *conf, const char *group, const char *name); int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, long *result); +#ifndef OPENSSL_NO_STDIO int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif int NCONF_dump_bio(const CONF *conf, BIO *out); #define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) diff --git a/include/openssl/pem.h b/include/openssl/pem.h index a1e5166..f9e23d2 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -284,6 +284,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ # define DECLARE_PEM_read_fp(name, type) /**/ # define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ # define DECLARE_PEM_write_cb_fp(name, type) /**/ # else @@ -361,6 +362,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); +#ifndef OPENSSL_NO_STDIO int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len); int PEM_write(FILE *fp, const char *name, const char *hdr, @@ -372,6 +374,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, int klen, pem_password_cb *callback, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +#endif int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, @@ -437,6 +440,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +#ifndef OPENSSL_NO_STDIO int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); @@ -453,7 +457,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cd, void *u); - +#endif EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); diff --git a/include/openssl/srp.h b/include/openssl/srp.h index 3411fe5..c998bf3 100644 --- a/include/openssl/srp.h +++ b/include/openssl/srp.h @@ -118,7 +118,9 @@ DECLARE_STACK_OF(SRP_gN) SRP_VBASE *SRP_VBASE_new(char *seed_key); void SRP_VBASE_free(SRP_VBASE *vb); +#ifndef OPENSSL_NO_STDIO int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); +#endif SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g); diff --git a/include/openssl/ts.h b/include/openssl/ts.h index b983abc..a5af9c2 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -273,8 +273,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); TS_REQ *TS_REQ_dup(TS_REQ *a); +#ifndef OPENSSL_NO_STDIO TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); @@ -286,10 +288,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); +#ifndef OPENSSL_NO_STDIO TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); +#endif TS_RESP *TS_RESP_new(void); void TS_RESP_free(TS_RESP *a); @@ -298,10 +302,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); TS_RESP *TS_RESP_dup(TS_RESP *a); +#ifndef OPENSSL_NO_STDIO TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); +#endif TS_STATUS_INFO *TS_STATUS_INFO_new(void); void TS_STATUS_INFO_free(TS_STATUS_INFO *a); @@ -317,10 +323,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, long length); TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); +#ifndef OPENSSL_NO_STDIO TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); +#endif TS_ACCURACY *TS_ACCURACY_new(void); void TS_ACCURACY_free(TS_ACCURACY *a); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 8e0a225..8858632 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -459,10 +459,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); - +#ifndef OPENSSL_NO_STDIO X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); - +#endif int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index a46ec5d..63c4b37 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -684,8 +684,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); +#ifndef OPENSSL_NO_STDIO int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - +#endif int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 5e9b8ff..e6f6d5a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -661,12 +661,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) return (add_client_CA(&(ctx->client_CA), x)); } +#ifndef OPENSSL_NO_STDIO + static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b) { return (X509_NAME_cmp(*a, *b)); } -#ifndef OPENSSL_NO_STDIO /** * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; * it doesn't really have anything to do with clients (except that a common use @@ -730,7 +731,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) ERR_clear_error(); return (ret); } -#endif /** * Add a file of certs to a stack. @@ -846,6 +846,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } +#endif /* !OPENSSL_NO_STDIO */ /* Add a certificate to a BUF_MEM structure */ -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation ? http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/eb73a6112 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rsalz at akamai.com Wed Jul 22 16:02:17 2015 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 22 Jul 2015 16:02:17 +0000 Subject: [openssl-dev] [RFC][PATCH] Fixing OPENSSL_NO_STDIO In-Reply-To: <1437580527.3905.112.camel@infradead.org> References: <1437580527.3905.112.camel@infradead.org> Message-ID: <26f69f5d622a4f9cae5f36b20d3a26e2@ustx2ex-dag1mb2.msg.corp.akamai.com> > To what extent is the OPENSSL_NO_STDIO build expected to actually work? > It seems fairly unloved. I have a a "complete" fix sitting in my queue for a few months now. From dwmw2 at infradead.org Wed Jul 22 16:09:21 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 17:09:21 +0100 Subject: [openssl-dev] [RFC][PATCH] Fixing OPENSSL_NO_STDIO In-Reply-To: <26f69f5d622a4f9cae5f36b20d3a26e2@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <1437580527.3905.112.camel@infradead.org> <26f69f5d622a4f9cae5f36b20d3a26e2@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <1437581361.3905.114.camel@infradead.org> On Wed, 2015-07-22 at 16:02 +0000, Salz, Rich wrote: > > To what extent is the OPENSSL_NO_STDIO build expected to actually work? > > It seems fairly unloved. > > I have a a "complete" fix sitting in my queue for a few months now. Is that sitting in a visible git tree somewhere, and/or could you share, please? If I can move them towards fixes which are at least *destined* for upstream, that would be a step in the right direction... Thanks. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rsalz at akamai.com Wed Jul 22 16:13:10 2015 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 22 Jul 2015 16:13:10 +0000 Subject: [openssl-dev] [RFC][PATCH] Fixing OPENSSL_NO_STDIO In-Reply-To: <1437581361.3905.114.camel@infradead.org> References: <1437580527.3905.112.camel@infradead.org> <26f69f5d622a4f9cae5f36b20d3a26e2@ustx2ex-dag1mb2.msg.corp.akamai.com> <1437581361.3905.114.camel@infradead.org> Message-ID: I'm willing to forward them to you, and if you want to review and rebase, etc., that would make it quicker. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz > -----Original Message----- > From: David Woodhouse [mailto:dwmw2 at infradead.org] > Sent: Wednesday, July 22, 2015 6:09 PM > To: Salz, Rich; openssl-dev at openssl.org > Subject: Re: [openssl-dev] [RFC][PATCH] Fixing OPENSSL_NO_STDIO > > On Wed, 2015-07-22 at 16:02 +0000, Salz, Rich wrote: > > > To what extent is the OPENSSL_NO_STDIO build expected to actually > work? > > > It seems fairly unloved. > > > > I have a a "complete" fix sitting in my queue for a few months now. > > Is that sitting in a visible git tree somewhere, and/or could you > share, please? > > If I can move them towards fixes which are at least *destined* for > upstream, that would be a step in the right direction... > > Thanks. > > -- > David Woodhouse Open Source Technology Centre > David.Woodhouse at intel.com Intel Corporation From dwmw2 at infradead.org Wed Jul 22 16:15:11 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 17:15:11 +0100 Subject: [openssl-dev] [RFC][PATCH] Fixing OPENSSL_NO_STDIO In-Reply-To: References: <1437580527.3905.112.camel@infradead.org> <26f69f5d622a4f9cae5f36b20d3a26e2@ustx2ex-dag1mb2.msg.corp.akamai.com> <1437581361.3905.114.camel@infradead.org> Message-ID: <1437581711.3905.118.camel@infradead.org> On Wed, 2015-07-22 at 16:13 +0000, Salz, Rich wrote: > I'm willing to forward them to you, and if you want to review and > rebase, etc., that would make it quicker. Please. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Wed Jul 22 16:38:30 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Wed, 22 Jul 2015 16:38:30 +0000 Subject: [openssl-dev] [openssl.org #3952] [PATCH] Introduce OPENSSL_SYS_UEFI for rand configuration In-Reply-To: <1437582629.3905.125.camel@infradead.org> References: <1437582629.3905.125.camel@infradead.org> Message-ID: For secure boot (and other services), OpenSSL is built as part of the Tianocore UEFI firmware. It does not use the normal makefiles; it has its own build system and provides its own #defines and list of files to be built: https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/Openssl Lib/OpensslLib.inf I'm open to suggestions on how best to generate opensslconf.h for it, and keep that OpensslLib.inf up to date. To start with, though, this simply gets the right version of RAND_poll() for OPENSSL_SYS_UEFI. (I'm not even going to think about the asm bits yet.) -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-UEFI-flag-for-rand-build.patch Type: text/x-patch Size: 1334 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From openssl-users at dukhovni.org Wed Jul 22 16:47:48 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 22 Jul 2015 16:47:48 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> Message-ID: <20150722164747.GG4347@mournblade.imrryr.org> On Wed, Jul 22, 2015 at 03:36:40PM +0000, David Woodhouse via RT wrote: > FWIW the Linux kernel also specifically avoids checking timestamps > altogether when validating signed modules. You probably need a dedicated implementation of X509_verify_cert(). When dealing with "data at rest" (signed email, signed code, ...) certificate expiration needs to be understood in the context of time of signature, not time of verification. Ideally (this generally works for email), the verifier "initially" verifies the signed object before the expiration time of the certificate and then caches this fact in some manner, so that subsequent verification can ignore the certificate entirely, and just check the the object has not changed since initially verified. If caching results of initial verification is not an option, then perhaps disabling expiration checks is a last-resort option. There are ways (with care) to do this via the verify callback, which can be made to suppress *only* expiration errors and fail on all other errors. -- Viktor. From rt at openssl.org Wed Jul 22 18:47:30 2015 From: rt at openssl.org (Rich Salz via RT) Date: Wed, 22 Jul 2015 18:47:30 +0000 Subject: [openssl-dev] [openssl.org #3950] Standard mem* functions called with length 0 and invalid pointer arguments In-Reply-To: References: Message-ID: fixed in master. not needed for 1.0.2 since that code uses inline coding, not calling the standard routines. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Wed Jul 22 19:17:30 2015 From: rt at openssl.org (Kurt Roeckx via RT) Date: Wed, 22 Jul 2015 19:17:30 +0000 Subject: [openssl-dev] [openssl.org #3950] Standard mem* functions called with length 0 and invalid pointer arguments In-Reply-To: <20150722191710.GA28560@roeckx.be> References: <20150722191710.GA28560@roeckx.be> Message-ID: On Wed, Jul 22, 2015 at 10:23:40AM +0000, Pascal Cuoq via RT wrote: > Recently, GCC began to assume for optimization purposes that p and q are non-null pointers when > memcpy(p, q, n); is invoked. I have to agree that p and q can't be NULL, even when n is 0. The standard seems to be rather clear about that. > Clause 7.1.4 also allows compilers to assume that p and q are not pointers "one past" the end of an object: > > http://stackoverflow.com/questions/25390577/is-memcpya-1-b-1-0-defined-in-c11 It seems at least not everybody agrees on that, and it's non obvious to me who is correct. Can I suggest someone takes that question to the standard committee? > OpenSSL's bignum implementation contains two invocations of standard functions that > fail this property: > > https://github.com/openssl/openssl/blob/b39fc560612984e65ec30d7f37487303bf514fb3/crypto/bn/bn_add.c#L225 > https://github.com/openssl/openssl/blob/b39fc560612984e65ec30d7f37487303bf514fb3/crypto/bn/bn_mont.c#L199 > > These two lines are actually reached with pointers "one past" and sizes of 0 during real executions. I'm unsure what the effect of it would be in case it's really undefined behaviour. I think the only thing gcc could assume is that the pointers aren't NULL, which they aren't. But that would be the first undefined behaviour, not the second. Kurt From rt at openssl.org Wed Jul 22 19:38:48 2015 From: rt at openssl.org (Lynch, Paul[E] via RT) Date: Wed, 22 Jul 2015 19:38:48 +0000 Subject: [openssl-dev] [openssl.org #3953] Bug: !RSA does not exclude aRSA In-Reply-To: References: Message-ID: The ciphers documentation page (https://www.openssl.org/docs/apps/ciphers.html) says: "kRSA, aRSA, RSA cipher suites using RSA key exchange, authentication or either respectively." That sounds like "RSA" should be a superset of kRSA and aRSA, but actually aRSA includes cipher suites not in "RSA", as can be seen from: (bash)$ diff <(openssl ciphers 'RSA' | sed -e 's/:/\n/g') <(openssl ciphers 'aRSA'| sed -e 's/:/\n/g') As a consequence, !RSA allows some aRSA ciphers. I don't know whether this is a documentation problem or a software problem. I am using "OpenSSL 1.0.1e-fips 11 Feb 2013" on "Red Hat Enterprise Linux Workstation release 6.6 (Santiago)". Thanks, --Paul -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From kurt at roeckx.be Wed Jul 22 20:40:03 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Wed, 22 Jul 2015 22:40:03 +0200 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437579387.3905.104.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> Message-ID: <20150722204003.GA6643@roeckx.be> On Wed, Jul 22, 2015 at 04:36:27PM +0100, David Woodhouse wrote: > On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote: > > The way this is supposed to work is by using a timestamp from a > > trusted timestamp server to show the certificate was valid at the > > time the code was signed. > > That would be great. Unfortunately, if the UEFI firmware were suddenly > to start insisting upon that then a lot of operating systems would no > longer boot. Which operating systems would that be? As far as I know Windows 7 required this if you wanted to have your drivers stay valid for longer than 2 years and Windows 10 just always requires it. So I would hope that they actually do this for all of their own software. Kurt From rt at openssl.org Wed Jul 22 20:40:11 2015 From: rt at openssl.org (Kurt Roeckx via RT) Date: Wed, 22 Jul 2015 20:40:11 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150722204003.GA6643@roeckx.be> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204003.GA6643@roeckx.be> Message-ID: On Wed, Jul 22, 2015 at 04:36:27PM +0100, David Woodhouse wrote: > On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote: > > The way this is supposed to work is by using a timestamp from a > > trusted timestamp server to show the certificate was valid at the > > time the code was signed. > > That would be great. Unfortunately, if the UEFI firmware were suddenly > to start insisting upon that then a lot of operating systems would no > longer boot. Which operating systems would that be? As far as I know Windows 7 required this if you wanted to have your drivers stay valid for longer than 2 years and Windows 10 just always requires it. So I would hope that they actually do this for all of their own software. Kurt From kurt at roeckx.be Wed Jul 22 20:42:02 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Wed, 22 Jul 2015 22:42:02 +0200 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> Message-ID: <20150722204202.GB6643@roeckx.be> On Wed, Jul 22, 2015 at 03:36:40PM +0000, David Woodhouse via RT wrote: > > FWIW the Linux kernel also specifically avoids checking timestamps > altogether when validating signed modules. What do you mean wit timestamps? The trusted timestamp, or the validity period? Any idea why they don't check it? They're not sure about the time or something at the moment it's checked? Kurt From rt at openssl.org Wed Jul 22 20:49:05 2015 From: rt at openssl.org (Kurt Roeckx via RT) Date: Wed, 22 Jul 2015 20:49:05 +0000 Subject: [openssl-dev] [openssl.org #3953] Bug: !RSA does not exclude aRSA In-Reply-To: <20150722204856.GC6643@roeckx.be> References: <20150722204856.GC6643@roeckx.be> Message-ID: On Wed, Jul 22, 2015 at 07:38:48PM +0000, Lynch, Paul[E] via RT wrote: > The ciphers documentation page (https://www.openssl.org/docs/apps/ciphers.html) says: > > "kRSA, aRSA, RSA > cipher suites using RSA key exchange, authentication or either respectively." > > That sounds like "RSA" should be a superset of kRSA and aRSA, but actually aRSA includes cipher suites not in "RSA", as can be seen from: I think the problem is that "RSA" does "and" instead of "or", and ends up being the same as "kRSA". Kurt From dwmw2 at infradead.org Wed Jul 22 20:56:24 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 21:56:24 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150722204202.GB6643@roeckx.be> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204202.GB6643@roeckx.be> Message-ID: <1437598584.3905.130.camel@infradead.org> On Wed, 2015-07-22 at 22:42 +0200, Kurt Roeckx wrote: > On Wed, Jul 22, 2015 at 03:36:40PM +0000, David Woodhouse via RT > wrote: > > > > FWIW the Linux kernel also specifically avoids checking timestamps > > altogether when validating signed modules. > > What do you mean wit timestamps? The trusted timestamp, or the > validity period? > > Any idea why they don't check it? They're not sure about the time > or something at the moment it's checked? It's running on a computer. Of course they're not sure about the time. If after a CMOS battery failure you cannot boot the system in order to log into it and correct the time, because the firmware refuses to load the OS kernel or because the OS kernel refuses to load its disk driver, then there is something very wrong with the design. And if your system is designed to suddenly stop booting in 2037 for no better reason than the fact that *some* systems had bugs which made it seem simpler to set that as the expiry date for a cert even though we didn't really want it to expire *ever*, that's kind of broken too. The more I look at this 'signed timestamp' scheme, the more pointless it seems in this situation. We basically don't *care* about the wall -clock time, *and* we don't really know it. If we're going to trust anyone to say " was the time at which the signature was generated", then we might as well forget the whole nonsense about an expiry time and just trust that same third party to provide a signature... or not. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From dwmw2 at infradead.org Wed Jul 22 21:00:58 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 22:00:58 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150722204003.GA6643@roeckx.be> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204003.GA6643@roeckx.be> Message-ID: <1437598858.3905.133.camel@infradead.org> On Wed, 2015-07-22 at 22:40 +0200, Kurt Roeckx wrote: > On Wed, Jul 22, 2015 at 04:36:27PM +0100, David Woodhouse wrote: > > On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote: > > > The way this is supposed to work is by using a timestamp from a > > > trusted timestamp server to show the certificate was valid at the > > > > > > time the code was signed. > > > > That would be great. Unfortunately, if the UEFI firmware were > > suddenly > > to start insisting upon that then a lot of operating systems would > > no > > longer boot. > > Which operating systems would that be? As far as I know Windows 7 > required this if you wanted to have your drivers stay valid for > longer than 2 years and Windows 10 just always requires it. So I > would hope that they actually do this for all of their own > software. Perhaps they do, although the UEFI bootloader they use is a somewhat different beast. But there are plenty of other OS bootloeders which are signed for so-called "secure boot", other than Microsoft's. And I would be utterly shocked if they all have trusted timestamps, given that the UEFI firmware in all current machines does not require such. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Wed Jul 22 21:01:10 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Wed, 22 Jul 2015 21:01:10 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437598858.3905.133.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204003.GA6643@roeckx.be> <1437598858.3905.133.camel@infradead.org> Message-ID: On Wed, 2015-07-22 at 22:40 +0200, Kurt Roeckx wrote: > On Wed, Jul 22, 2015 at 04:36:27PM +0100, David Woodhouse wrote: > > On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote: > > > The way this is supposed to work is by using a timestamp from a > > > trusted timestamp server to show the certificate was valid at the > > > > > > time the code was signed. > > > > That would be great. Unfortunately, if the UEFI firmware were > > suddenly > > to start insisting upon that then a lot of operating systems would > > no > > longer boot. > > Which operating systems would that be? As far as I know Windows 7 > required this if you wanted to have your drivers stay valid for > longer than 2 years and Windows 10 just always requires it. So I > would hope that they actually do this for all of their own > software. Perhaps they do, although the UEFI bootloader they use is a somewhat different beast. But there are plenty of other OS bootloeders which are signed for so-called "secure boot", other than Microsoft's. And I would be utterly shocked if they all have trusted timestamps, given that the UEFI firmware in all current machines does not require such. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From openssl-users at dukhovni.org Wed Jul 22 21:18:01 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Wed, 22 Jul 2015 21:18:01 +0000 Subject: [openssl-dev] [openssl.org #3953] Bug: !RSA does not exclude aRSA In-Reply-To: References: <20150722204856.GC6643@roeckx.be> Message-ID: <20150722211800.GM4347@mournblade.imrryr.org> On Wed, Jul 22, 2015 at 08:49:05PM +0000, Kurt Roeckx via RT wrote: > On Wed, Jul 22, 2015 at 07:38:48PM +0000, Lynch, Paul[E] via RT wrote: > > The ciphers documentation page (https://www.openssl.org/docs/apps/ciphers.html) says: > > > > "kRSA, aRSA, RSA > > cipher suites using RSA key exchange, authentication or either respectively." > > > > That sounds like "RSA" should be a superset of kRSA and aRSA, but actually aRSA includes cipher suites not in "RSA", as can be seen from: > > I think the problem is that "RSA" does "and" instead of "or", and > ends up being the same as "kRSA". Yes, one way or another the "RSA" cipherstring is just "kRSA". -- Viktor. From kurt at roeckx.be Wed Jul 22 21:29:14 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Wed, 22 Jul 2015 23:29:14 +0200 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437598584.3905.130.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204202.GB6643@roeckx.be> <1437598584.3905.130.camel@infradead.org> Message-ID: <20150722212914.GA12582@roeckx.be> On Wed, Jul 22, 2015 at 09:56:24PM +0100, David Woodhouse wrote: > > The more I look at this 'signed timestamp' scheme, the more pointless > it seems in this situation. We basically don't *care* about the wall > -clock time, *and* we don't really know it. If we're going to trust > anyone to say " was the time at which the signature was > generated", then we might as well forget the whole nonsense about an > expiry time and just trust that same third party to provide a > signature... or not. The whole point of this signed timestamp is that the signature doesn't expire and that you don't have to care about the wall clock. Kurt From dwmw2 at infradead.org Wed Jul 22 21:34:53 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 22:34:53 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150722212914.GA12582@roeckx.be> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204202.GB6643@roeckx.be> <1437598584.3905.130.camel@infradead.org> <20150722212914.GA12582@roeckx.be> Message-ID: <1437600893.3905.142.camel@infradead.org> On Wed, 2015-07-22 at 23:29 +0200, Kurt Roeckx wrote: > On Wed, Jul 22, 2015 at 09:56:24PM +0100, David Woodhouse wrote: > > > > The more I look at this 'signed timestamp' scheme, the more pointless > > it seems in this situation. We basically don't *care* about the wall > > -clock time, *and* we don't really know it. If we're going to trust > > anyone to say " was the time at which the signature was > > generated", then we might as well forget the whole nonsense about an > > expiry time and just trust that same third party to provide a > > signature... or not. > > The whole point of this signed timestamp is that the signature > doesn't expire and that you don't have to care about the wall > clock. ... which is much more simply achieved by just not caring about the validity times of the certificate in the first place. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From agostrer at gmail.com Wed Jul 22 22:02:26 2015 From: agostrer at gmail.com (Alexander Gostrer) Date: Wed, 22 Jul 2015 15:02:26 -0700 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437600893.3905.142.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204202.GB6643@roeckx.be> <1437598584.3905.130.camel@infradead.org> <20150722212914.GA12582@roeckx.be> <1437600893.3905.142.camel@infradead.org> Message-ID: Maybe it is the time to introduce the 64-bit UNIX time? Anything else looks like a patch. Regards, Alex. On Wed, Jul 22, 2015 at 2:34 PM, David Woodhouse wrote: > On Wed, 2015-07-22 at 23:29 +0200, Kurt Roeckx wrote: > > On Wed, Jul 22, 2015 at 09:56:24PM +0100, David Woodhouse wrote: > > > > > > The more I look at this 'signed timestamp' scheme, the more pointless > > > it seems in this situation. We basically don't *care* about the wall > > > -clock time, *and* we don't really know it. If we're going to trust > > > anyone to say " was the time at which the signature was > > > generated", then we might as well forget the whole nonsense about an > > > expiry time and just trust that same third party to provide a > > > signature... or not. > > > > The whole point of this signed timestamp is that the signature > > doesn't expire and that you don't have to care about the wall > > clock. > > ... which is much more simply achieved by just not caring about the > validity times of the certificate in the first place. > > -- > dwmw2 > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at roeckx.be Wed Jul 22 22:29:52 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Thu, 23 Jul 2015 00:29:52 +0200 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1437600893.3905.142.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204202.GB6643@roeckx.be> <1437598584.3905.130.camel@infradead.org> <20150722212914.GA12582@roeckx.be> <1437600893.3905.142.camel@infradead.org> Message-ID: <20150722222952.GA18264@roeckx.be> On Wed, Jul 22, 2015 at 10:34:53PM +0100, David Woodhouse wrote: > On Wed, 2015-07-22 at 23:29 +0200, Kurt Roeckx wrote: > > On Wed, Jul 22, 2015 at 09:56:24PM +0100, David Woodhouse wrote: > > > > The whole point of this signed timestamp is that the signature > > doesn't expire and that you don't have to care about the wall > > clock. > > ... which is much more simply achieved by just not caring about the > validity times of the certificate in the first place. In case of a timestamp you can reduce the check to verify that the timestamp was in the validity period of the certificate. Kurt From dwmw2 at infradead.org Wed Jul 22 22:41:36 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 23:41:36 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150722222952.GA18264@roeckx.be> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204202.GB6643@roeckx.be> <1437598584.3905.130.camel@infradead.org> <20150722212914.GA12582@roeckx.be> <1437600893.3905.142.camel@infradead.org> <20150722222952.GA18264@roeckx.be> Message-ID: <1437604896.3905.162.camel@infradead.org> On Thu, 2015-07-23 at 00:29 +0200, Kurt Roeckx wrote: > On Wed, Jul 22, 2015 at 10:34:53PM +0100, David Woodhouse wrote: > > On Wed, 2015-07-22 at 23:29 +0200, Kurt Roeckx wrote: > > > On Wed, Jul 22, 2015 at 09:56:24PM +0100, David Woodhouse wrote: > > > > > > The whole point of this signed timestamp is that the signature > > > doesn't expire and that you don't have to care about the wall > > > clock. > > > > ... which is much more simply achieved by just not caring about the > > validity times of the certificate in the first place. > > In case of a timestamp you can reduce the check to verify that the > timestamp was in the validity period of the certificate. Yes. You can. But it's still pointless complexity in a use case where *every* valid signature would need a corresponding timestamp to ensure its validity. I can kind of understand why we might want the timestamp scheme in circumstances where *some* signatures should be infinitely valid, and others not. But in the case where *all* signatures should be infinitely valid, it just seems entirely gratuitous. And retrofitting it into a model where the validity is *already* not being checked is a inviting a whole bunch of breakage for precisely zero benefit. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From dwmw2 at infradead.org Wed Jul 22 22:43:24 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Wed, 22 Jul 2015 23:43:24 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722204202.GB6643@roeckx.be> <1437598584.3905.130.camel@infradead.org> <20150722212914.GA12582@roeckx.be> <1437600893.3905.142.camel@infradead.org> Message-ID: <1437605004.3905.164.camel@infradead.org> On Wed, 2015-07-22 at 15:02 -0700, Alexander Gostrer wrote: > Maybe it is the time to introduce the 64-bit UNIX time? Anything else > looks like a patch. Theoretically, we can already encode notAfter values as a GeneralizedTime of up to 99991231235959Z (i.e. Y10K) in an X.509 certificate. The limitation is purely an implementation issue ? not only is it a fairly safe bet that a lot of software will crap itself on seeing a GeneralizedTime at all (since for dates before we MUST use UTCTime instead), but a lot of 32-bit implementations are known to break even for UTCTime values later than 2038. So certificates which do this are just not going to interoperate very well at all. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From soul.great at me.com Thu Jul 23 08:47:39 2015 From: soul.great at me.com (Song Geng) Date: Thu, 23 Jul 2015 16:47:39 +0800 Subject: [openssl-dev] compile error Message-ID: Hi guys, I am a novice about openssl. I encounter linker error when I try to compile evp demos which locate openssl/demos/evp. My computer info is: Darwin Kernel Version 14.4.0: Thu May 28 11:35:04 PDT 2015; root:xnu-2782.30.5~1/RELEASE_X86_64 And I use both gcc and clang with command ?cc -g -Wall -I../../include -lcrypto aesgcm.c" to compile the source code. The error info shows: Undefined symbols for architecture x86_64: "_EVP_aes_256_gcm", referenced from: _aes_gcm_encrypt in aesgcm-093314.o _aes_gcm_decrypt in aesgcm-093314.o ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) Please help me. I will be very appreciate. Br, Great Soul soul.great at me.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Thu Jul 23 12:10:44 2015 From: rt at openssl.org (Steffen Nurpmeso via RT) Date: Thu, 23 Jul 2015 12:10:44 +0000 Subject: [openssl-dev] [openssl.org #3954] Enhancement suggestion: extend x509(1) with -key-fingerprint In-Reply-To: <20150723114058.Sr1UatyDR6fU%sdaoden@yandex.com> References: <20150723114058.Sr1UatyDR6fU%sdaoden@yandex.com> Message-ID: Hello, for certificates which get renewed -- mine do twice a year, for example -- the fingerprint changes ?0[tmp]$ openssl x509 -fingerprint -noout < cert.old SHA1 Fingerprint=00:10:F0:2C:EA:50:1F:11:FE:8D:CC:A0:A9:40:91:A2:D0:4D:65:4E ?0[tmp]$ openssl x509 -fingerprint -noout < cert.crt SHA1 Fingerprint=77:E3:10:F0:3B:D9:1E:1F:29:B0:83:74:50:29:67:E4:04:B2:53:B1 Of course if you have the CA's certificate you can verify the validity of the above, but if i change the CA you need to get that one etc. I may also change to a self-signed CA. Imagine i need to renew my certificate, switch the CA and use sk_X509_push() to include the new root certificate that signed my updated certificate with my .p7s. The receiver will (possibly) get a verification failure, but if there would be an easy possibility to verify the fingerprint of the public key he or she would be able to verify that only the certificate changed, not the key: ?0[tmp]$ openssl x509 -pubkey -noout < cert.old| > openssl rsa -pubin -outform der| > openssl sha1 writing RSA key (stdin)= 0e349338a3baf9f1edf176dd02151939a31ebb79 ?0[tmp]$ openssl x509 -pubkey -noout < cert.crt| > openssl rsa -pubin -outform der| > openssl sha1 writing RSA key (stdin)= 0e349338a3baf9f1edf176dd02151939a31ebb79 In the end the key is an authority by itself, no? --steffen _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From kannanar at cisco.com Thu Jul 23 12:15:37 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Thu, 23 Jul 2015 12:15:37 +0000 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: References: Message-ID: Any thoughts much appreciated. ~Kannan N. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Wednesday, July 22, 2015 4:54 PM To: openssl-dev at openssl.org Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Hi, To disable SSLv2 and SSLv3 while compilation used no-ssl2 and no-ssl3 option for windows platform. But getting the below link error. Without option "no-ssl2 no-ssl3" I can compile successfully. Any pointers to resolve this issue? Thanks in advance. LINK : warning LNK4001: no object files specified; libraries used LINK : warning LNK4068: /MACHINE not specified; defaulting to IX86 LINK : warning LNK4001: no object files specified; libraries used SSLEAY32.def : error LNK2001: unresolved external symbol BIO_f_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_buffer_ssl_connec SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl_connect SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_copy_session_id SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_shutdown SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_client_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_server_method SSLEAY32.def : error LNK2001: unresolved external symbol ERR_load_SSL_strings SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_description SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_bits SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_version SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_add_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_client_CA SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_session SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_callback_ctrl SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_check_private_key Openssl Version: openssl-0.9.8zc Commands used: VCVARS32.BAT perl Configure VC-WIN32 no-idea shared no-ssl2 no-ssl3 --prefix=e:/openssl ms\do_masm nmake -f ms\ntdll.mak Thanks, Kannan Narayanasamy. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From imcfadri at cisco.com Thu Jul 23 13:19:24 2015 From: imcfadri at cisco.com (Ian McFadries (imcfadri)) Date: Thu, 23 Jul 2015 13:19:24 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method Message-ID: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> I have encountered a problem with EAP-FAST PACs when switching our implementation of OpenSSL from a context that supports TLSv1.0 only to a context that supports negotiation to the highest available TLS version. For EAP-FAST the PAC opaque is loaded into the SSL tlsext_session_ticket using the SSL_set_session_ticket_ext method during initialization of the SSL connection. When the SSL context is set using TLSV1_client_method (TLS v1.0), the ssl3_client_hello method is invoked for the client hello message which calls ssl_get_new_session if SSL session is NULL. The ssl3_client_hello method eventually calls ssl_add_clienthello_tlsext which will initialize the SSL session tlsext_tick structure as long as the SSL structure contains a session that is not NULL. When the SSL context is set using SSLv23_client_method, the ssl23_client_hello method is invoked for the client hello message which does not call ssl_get_new_session (the call is commented out) before the ssl_add_clienthello_tlsext is called. In this scenario the SSL session is NULL, so when ssl_add_clienthello_tlsext is called it does not initialize the SSL session tlsext_tick structure. This results in the EAP-FAST PAC not being loaded into the TLS session ticket extension when using the methods that support negotiation of the highest available SSL/TLS version. In order for TLS session ticket extension to work with the SSLv23_client_method's it seems that the ssl23_client_hello method should add a new session object to the SSL connection when there is none, similar to what is done in the ssl3_client_hello method. Ian McFadries -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Thu Jul 23 13:40:08 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 23 Jul 2015 13:40:08 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> Message-ID: <20150723134007.GR4347@mournblade.imrryr.org> On Thu, Jul 23, 2015 at 01:19:24PM +0000, Ian McFadries (imcfadri) wrote: > I have encountered a problem with EAP-FAST PACs when switching our > implementation of OpenSSL from a context that supports TLSv1.0 only to a > context that supports negotiation to the highest available TLS version. Just call: SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) (just the no-v2 option suffices, but you should avoid v3 also). Once SSLv2 is disabled, the client HELLO will again include SSLv3/TLS extensions. -- Viktor. From imcfadri at cisco.com Thu Jul 23 14:21:31 2015 From: imcfadri at cisco.com (Ian McFadries (imcfadri)) Date: Thu, 23 Jul 2015 14:21:31 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150723134007.GR4347@mournblade.imrryr.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723134007.GR4347@mournblade.imrryr.org> Message-ID: <522B816F59485D4FBCBAF2CE8015B891928B64@xmb-rcd-x01.cisco.com> I do call SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) so the client hello message starts with a TLSv1.2, and will negotiate as low as TLSv1.0. Under this context, the ssl23_client_hello method is being called -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Viktor Dukhovni Sent: Thursday, July 23, 2015 9:40 AM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method On Thu, Jul 23, 2015 at 01:19:24PM +0000, Ian McFadries (imcfadri) wrote: > I have encountered a problem with EAP-FAST PACs when switching our > implementation of OpenSSL from a context that supports TLSv1.0 only to > a context that supports negotiation to the highest available TLS version. Just call: SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) (just the no-v2 option suffices, but you should avoid v3 also). Once SSLv2 is disabled, the client HELLO will again include SSLv3/TLS extensions. -- Viktor. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From openssl-users at dukhovni.org Thu Jul 23 14:38:10 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 23 Jul 2015 14:38:10 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <522B816F59485D4FBCBAF2CE8015B891928B64@xmb-rcd-x01.cisco.com> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723134007.GR4347@mournblade.imrryr.org> <522B816F59485D4FBCBAF2CE8015B891928B64@xmb-rcd-x01.cisco.com> Message-ID: <20150723143810.GS4347@mournblade.imrryr.org> On Thu, Jul 23, 2015 at 02:21:31PM +0000, Ian McFadries (imcfadri) wrote: > I do call SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) so > the client hello message starts with a TLSv1.2, and will negotiate as low > as TLSv1.0. Under this context, the ssl23_client_hello method is being > called When SSL_OP_NO_SSLv2 is present, the same extensions should be produced with TLSv1_client_method() as SSLv23_client_method(). If prior beginning the handshake you've loaded a session for re-use, and that session has an associated session ticket, the session ticket extension should be sent by the client. -- Viktor. From dwmw2 at infradead.org Thu Jul 23 15:39:23 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Thu, 23 Jul 2015 16:39:23 +0100 Subject: [openssl-dev] OPENSSL_NO_xxx cleanup: RFC3779 Message-ID: <1437665963.27621.40.camel@infradead.org> On Tue Jan 27 10:19:14 2015 -0500, Rich Salz wrote: > Remove OPENSSL_NO_RFCF3779. Hm, that hurts. The UEFI build was using that, as it doesn't provide a strspn() function. And doesn't need or want this functionality. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rsalz at akamai.com Thu Jul 23 16:23:21 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 23 Jul 2015 16:23:21 +0000 Subject: [openssl-dev] OPENSSL_NO_xxx cleanup: RFC3779 In-Reply-To: <1437665963.27621.40.camel@infradead.org> References: <1437665963.27621.40.camel@infradead.org> Message-ID: > Hm, that hurts. The UEFI build was using that, as it doesn't provide a > strspn() function. And doesn't need or want this functionality. Hm. There's always going to be some extensions that not everyone wants... No good ideas here. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz From dwmw2 at infradead.org Thu Jul 23 16:25:56 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Thu, 23 Jul 2015 17:25:56 +0100 Subject: [openssl-dev] OPENSSL_NO_xxx cleanup: RFC3779 In-Reply-To: References: <1437665963.27621.40.camel@infradead.org> Message-ID: <1437668756.27621.42.camel@infradead.org> On Thu, 2015-07-23 at 16:23 +0000, Salz, Rich wrote: > > > > Hm, that hurts. The UEFI build was using that, as it doesn't > > provide a > > strspn() function. And doesn't need or want this functionality. > > Hm. There's always going to be some extensions that not everyone > wants... No good ideas here. This one is particularly problematic because we don't have strspn(). If I were to resurrect it as part of the patchset to make the UEFI build work sanely, would you object to that? It's also been suggested that certain things could be elided simply by OPENSSL_SYS_UEFI rather than OPENSSL_NO_xxx. But I really don't like that idea very much. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rsalz at akamai.com Thu Jul 23 16:30:03 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 23 Jul 2015 16:30:03 +0000 Subject: [openssl-dev] OPENSSL_NO_xxx cleanup: RFC3779 In-Reply-To: <1437668756.27621.42.camel@infradead.org> References: <1437665963.27621.40.camel@infradead.org> <1437668756.27621.42.camel@infradead.org> Message-ID: <6671ed07ae4343c58226f31a85e45e88@ustx2ex-dag1mb2.msg.corp.akamai.com> > If I were to resurrect it as part of the patchset to make the UEFI > build work sanely, would you object to that? I've got no problem with that. > It's also been suggested that certain things could be elided simply by > OPENSSL_SYS_UEFI rather than OPENSSL_NO_xxx. But I really don't like > that idea very much. We'll have to address these on a case-by-case basis as things come up, I guess. From rt at openssl.org Thu Jul 23 18:22:50 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Thu, 23 Jul 2015 18:22:50 +0000 Subject: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() In-Reply-To: <1437655510.27621.29.camel@infradead.org> References: <1437655510.27621.29.camel@infradead.org> Message-ID: From: "Long, Qin" Some environments, such as 32-bit UEFI, have strict limits on stack size. Using a 4KiB buffer on the stack for reading from p7bio is somewhat excessive, so allocate it on the heap instead. --- Alternatively, we could leave it on the stack and reduce it to 256 bytes or something like that. It's not as if performance is really an issue here if we do that, right? crypto/pkcs7/pk7_smime.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index e52e746..077b06d 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -253,7 +253,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, STACK_OF(PKCS7_SIGNER_INFO) *sinfos; PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; - char buf[4096]; + char *buf = NULL; + int bufsiz; int i, j = 0, k, ret = 0; BIO *p7bio; BIO *tmpin, *tmpout; @@ -365,9 +366,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, } else tmpout = out; + bufsiz = 4096; + buf = OPENSSL_malloc(bufsiz); + if (buf == NULL) { + goto err; + } /* We now have to 'read' from p7bio to calculate digests etc. */ for (;;) { - i = BIO_read(p7bio, buf, sizeof(buf)); + i = BIO_read(p7bio, buf, bufsiz); if (i <= 0) break; if (tmpout) @@ -407,6 +413,10 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, sk_X509_free(signers); + if (buf != NULL) { + OPENSSL_free(buf); + } + return ret; } -- 2.4.3 -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From j at w1.fi Thu Jul 23 18:22:04 2015 From: j at w1.fi (Jouni Malinen) Date: Thu, 23 Jul 2015 21:22:04 +0300 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> Message-ID: <20150723182204.GA3935@w1.fi> I reported the same issue on openssl-user last year without getting any response and based on the response I just got when trying to send this from gmail, I guess the reason was in the message getting rejected for some reason.. Lovely, I guess I need to go through all my past messages to see if some other questions were dropped as well.. Here's a copy of that message for reference, should there be any additional details. I would also be quite interested in getting this resolved. For now, I have had to add a workaround where TLS v1.0 is forced for EAP-FAST while other TLS-based EAP methods can negotiate TLS v1.1 or v1.2.. That email from December: TLS v1.x negotiation when using SSL_set_session_ticket_ext() I used to use SSL_CTX_new(TLSv1_method()) to initialize SSL_CTX for various TLS-based EAP methods. This worked fine with EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST. However, it did not allow OpenSSL to negotiate TLS v1.1 or v1.2 to be used. Consequently, there seemed to be need to change from TLSv1_method() to SSLv23_method() with SSL_OP_NO_SSLv2 and SSL_OP_NO_v3. Initially, this seemed to work fine, but I found an issue with EAP-FAST peer (i.e., TLS client). It looks like there is a difference in what can be included in ClientHello message between TLSv1_method() and SSLv23_method() even if TLS v1.0 ends up getting used in both cases. With TLSv1_method(), the TLS session ticket extension set by SSL_set_session_ticket_ext() gets used while with SSLv23_method() that does not happen and this is the part that breaks EAP-FAST. Looking at the differences between ssl3_connect() and ssl23_connect(), it seems clear that the issue is caused by different handling of s->session. In case of ssl3_connect() (which is used by TLSv1_method()), s->session gets initialized before a call to ssl_add_clienthello_tlsext() while this does not happen with ssl23_connect(); quite the opposite, s->session is even verified to be NULL and a place to call ssl_get_new_session() is #if 0'ed out. Is there a way to use SSLv23_method() or some other means to configure OpenSSL as the TLS clients to allow TLS v1.0, v1.1, v1.2 to be negotiated while still allowing SSL_set_session_ticket_ext() to be used? If not, can such mechanism be added? So far, the only option of how to potentially handle this is by creating two SSL_CTX instances. One with SSLv23_method() for EAP-TLS, EAP-PEAP, and EAP-TTLS (which do not use SSL_set_session_ticket_ext()) and another one for EAP-FAST with TLSv1_method() to allow SSL_set_session_ticket_ext() to be used. The drawback here is that this is more complex and in addition, would continue to force TLS v1.0 to be used with EAP-FAST. TLSv1_1_method() or TLSv1_2_method() would not be much help either since those would seem to require known beforehand what the server supports. (Or well, with even more complexity, I guess those could be probed for and the results cached for future uses, but I don't think I really want to go that far in extra complexity.) -- Jouni Malinen PGP id EFC895FA From openssl-users at dukhovni.org Thu Jul 23 20:21:11 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 23 Jul 2015 20:21:11 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150723182204.GA3935@w1.fi> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723182204.GA3935@w1.fi> Message-ID: <20150723202111.GY4347@mournblade.imrryr.org> On Thu, Jul 23, 2015 at 09:22:04PM +0300, Jouni Malinen wrote: > I used to use SSL_CTX_new(TLSv1_method()) to initialize SSL_CTX for > various TLS-based EAP methods. This worked fine with EAP-TLS, > EAP-PEAP, EAP-TTLS, and EAP-FAST. However, it did not allow OpenSSL to > negotiate TLS v1.1 or v1.2 to be used. Consequently, there seemed to > be need to change from TLSv1_method() to SSLv23_method() with > SSL_OP_NO_SSLv2 and SSL_OP_NO_v3. Initially, this seemed to work fine, > but I found an issue with EAP-FAST peer (i.e., TLS client). Postfix happily sends session tickets and resuming sessions even though it is using SSLv23_client_method(), and there is no server-side session cache (I made sure the client connets to a different server process between the initial handshake and the resumption, and that there is no "external" cache configured.) Output summary: $ posttls-finger -lmay -Ldebug -r 10 -c example.org posttls-finger: setting up TLS connection to mx1.example.org[192.0.2.1]:25 posttls-finger: SSL_connect:before/connect initialization posttls-finger: SSL_connect:SSLv2/v3 write client hello A posttls-finger: SSL_connect:SSLv3 read server hello A posttls-finger: SSL_connect:SSLv3 read server key exchange A posttls-finger: SSL_connect:SSLv3 read server done A posttls-finger: SSL_connect:SSLv3 write client key exchange A posttls-finger: SSL_connect:SSLv3 write change cipher spec A posttls-finger: SSL_connect:SSLv3 write finished A posttls-finger: SSL_connect:SSLv3 flush data posttls-finger: SSL_connect:SSLv3 read server session ticket A posttls-finger: SSL_connect:SSLv3 read finished A posttls-finger: save session [192.0.2.1]:25&8132DFEF2967E661AEDA394357CABF4803EA6915B5AA3750F5C937BEAB39FE1E to memory cache posttls-finger: Anonymous TLS connection established to mx1.example.org[192.0.2.1]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits) posttls-finger: Reconnecting after 10 seconds posttls-finger: looking for session [192.0.2.1]:25&8132DFEF2967E661AEDA394357CABF4803EA6915B5AA3750F5C937BEAB39FE1E in memory cache posttls-finger: reloaded session [192.0.2.1]:25&8132DFEF2967E661AEDA394357CABF4803EA6915B5AA3750F5C937BEAB39FE1E from memory cache posttls-finger: SSL_connect:before/connect initialization posttls-finger: SSL_connect:SSLv3 write client hello A posttls-finger: SSL_connect:SSLv3 read server hello A posttls-finger: SSL_connect:SSLv3 read finished A posttls-finger: SSL_connect:SSLv3 write change cipher spec A posttls-finger: SSL_connect:SSLv3 write finished A posttls-finger: SSL_connect:SSLv3 flush data posttls-finger: mx1.example.org[192.0.2.1]:25: Reusing old session posttls-finger: Anonymous TLS connection established to mx1.example.org[192.0.2.1]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits) The order of events is: /* Once only */ ctx = SSL_CTX_new(SSLv23_client_method()); /* Per connection */ ssl = SSL_new(ctx); /* Protocol support varies per server, so not set via global context */ SSL_set_options(...); /* restore appropriate session from the client cache */ session = ... ; if (session) SSL_set_session(ssl, session); SSL_connect(ssl); What are you doing to associate a previous session with a new SSL connection? -- Viktor. From rt at openssl.org Thu Jul 23 20:33:16 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Thu, 23 Jul 2015 20:33:16 +0000 Subject: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() In-Reply-To: <7ca263e61d704be28e03b0a646683eb0@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <1437655510.27621.29.camel@infradead.org> <7ca263e61d704be28e03b0a646683eb0@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: How about 256 on the stack? From pwalten at au1.ibm.com Thu Jul 23 22:14:08 2015 From: pwalten at au1.ibm.com (Peter Waltenberg) Date: Fri, 24 Jul 2015 08:14:08 +1000 Subject: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() In-Reply-To: References: <1437655510.27621.29.camel@infradead.org> <7ca263e61d704be28e03b0a646683eb0@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <201507232221.t6NMKwWg018915@d23av03.au.ibm.com> bn/bn_prime.c static int probable_prime(BIGNUM *rnd, int bits) { int i; prime_t mods[NUMPRIMES]; <========== BN_ULONG delta, maxdelta; This one is also excessive. The problem is that even on OS's with dynamic thread stack if you do cause a stack overrun, the entire process gets frozen, a new stack for that thread is allocated, stack copied, process restarted. Sounds O.K., but if you have a 1000 threads and they all sequentially hit their guard pages performance suffers rather badly with the entire process being stalled for each thread. OS's without dynamic thread stacks just crash. And yes, 256 bytes is usually O.K., but it's overall thread stack use for the component that really needs to be audited and kept within some fixed budget. Any single stack allocation > 4k is generally bad news as that's large enough to reach past the (typical) 4k guard pages. Peter From: "Salz, Rich via RT" To: dwmw2 at infradead.org Cc: openssl-dev at openssl.org Date: 24/07/2015 06:35 AM Subject: Re: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() Sent by: "openssl-dev" How about 256 on the stack? _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: From rt at openssl.org Thu Jul 23 22:22:08 2015 From: rt at openssl.org (Peter Waltenberg via RT) Date: Thu, 23 Jul 2015 22:22:08 +0000 Subject: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() In-Reply-To: <201507232221.t6NML2l0003454@d23av02.au.ibm.com> References: <1437655510.27621.29.camel@infradead.org> <7ca263e61d704be28e03b0a646683eb0@ustx2ex-dag1mb2.msg.corp.akamai.com> <201507232221.t6NML2l0003454@d23av02.au.ibm.com> Message-ID: bn/bn_prime.c static int probable_prime(BIGNUM *rnd, int bits) { int i; prime_t mods[NUMPRIMES]; <========== BN_ULONG delta, maxdelta; This one is also excessive. The problem is that even on OS's with dynamic thread stack if you do cause a stack overrun, the entire process gets frozen, a new stack for that thread is allocated, stack copied, process restarted. Sounds O.K., but if you have a 1000 threads and they all sequentially hit their guard pages performance suffers rather badly with the entire process being stalled for each thread. OS's without dynamic thread stacks just crash. And yes, 256 bytes is usually O.K., but it's overall thread stack use for the component that really needs to be audited and kept within some fixed budget. Any single stack allocation > 4k is generally bad news as that's large enough to reach past the (typical) 4k guard pages. Peter From: "Salz, Rich via RT" To: dwmw2 at infradead.org Cc: openssl-dev at openssl.org Date: 24/07/2015 06:35 AM Subject: Re: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() Sent by: "openssl-dev" How about 256 on the stack? _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: From j at w1.fi Thu Jul 23 22:46:36 2015 From: j at w1.fi (Jouni Malinen) Date: Fri, 24 Jul 2015 01:46:36 +0300 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150723202111.GY4347@mournblade.imrryr.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723182204.GA3935@w1.fi> <20150723202111.GY4347@mournblade.imrryr.org> Message-ID: <20150723224636.GA3876@w1.fi> On Thu, Jul 23, 2015 at 08:21:11PM +0000, Viktor Dukhovni wrote: > Postfix happily sends session tickets and resuming sessions even > though it is using SSLv23_client_method(), and there is no server-side > session cache (I made sure the client connets to a different server > process between the initial handshake and the resumption, and that > there is no "external" cache configured.) Output summary: I'd assume this is with the more standard TLS SessionTicket which is not what EAP-FAST is.. > The order of events is: > > /* Once only */ > ctx = SSL_CTX_new(SSLv23_client_method()); > > /* Per connection */ > ssl = SSL_new(ctx); > > /* Protocol support varies per server, so not set via global context */ > SSL_set_options(...); This is all same.. > /* restore appropriate session from the client cache */ > session = ... ; > if (session) > SSL_set_session(ssl, session); > > SSL_connect(ssl); While this is not. > What are you doing to associate a previous session with a new SSL > connection? With EAP-FAST, I don't really have a cached session in this sense for deriving the keys and information for ClientHello. Instead of SSL_set_session(), I'm only calling SSL_set_session_ticket_ext() before SSL_connect() to provide the externally (to OpenSSL) stored SessionTicket data. With TLSv1_method(), this data goes out in ClientHello; with SSLv23_method() it does not (only an empty request for standard session ticket included, not the SessionTicket from EAP-FAST PAC data). If I were to store the TLS session during which the EAP-FAST PAC was provisioned and then issue SSL_set_session() with it here, I would indeed get abbreviated handshake with that session (non-empty Session ID in ClientHello), but that's not how EAP-FAST works. The Session ID is supposed to be empty here and instead of the standard session ticket mechanism, the keys get from SSL_set_session_secret_cb() registered callback function which derives the secret in EAP-FAST specific way (master_secret = T-PRF(PAC-Key, "PAC to master secret label hash", server_random + client_random, 48)). -- Jouni Malinen PGP id EFC895FA From openssl-users at dukhovni.org Thu Jul 23 23:09:40 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 23 Jul 2015 23:09:40 +0000 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150723224636.GA3876@w1.fi> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723182204.GA3935@w1.fi> <20150723202111.GY4347@mournblade.imrryr.org> <20150723224636.GA3876@w1.fi> Message-ID: <20150723230939.GB4347@mournblade.imrryr.org> On Fri, Jul 24, 2015 at 01:46:36AM +0300, Jouni Malinen wrote: > I'd assume this is with the more standard TLS SessionTicket which is not > what EAP-FAST is.. Correct. > > The order of events is: > > > > /* Once only */ > > ctx = SSL_CTX_new(SSLv23_client_method()); > > > > /* Per connection */ > > ssl = SSL_new(ctx); > > > > /* Protocol support varies per server, so not set via global context */ > > SSL_set_options(...); > > This is all same.. Sure. > > /* restore appropriate session from the client cache */ > > session = ... ; > > if (session) > > SSL_set_session(ssl, session); > > > > SSL_connect(ssl); > > While this is not. > > > What are you doing to associate a previous session with a new SSL > > connection? > > With EAP-FAST, I don't really have a cached session in this sense for > deriving the keys and information for ClientHello. Instead of > SSL_set_session(), I'm only calling SSL_set_session_ticket_ext() before > SSL_connect() to provide the externally (to OpenSSL) stored > SessionTicket data. With TLSv1_method(), this data goes out in > ClientHello; with SSLv23_method() it does not (only an empty request for > standard session ticket included, not the SessionTicket from EAP-FAST > PAC data). Thanks makes the issue more clear to me, perhaps others were there already, but I think this context is helpful. > If I were to store the TLS session during which the EAP-FAST PAC was > provisioned and then issue SSL_set_session() with it here, I would > indeed get abbreviated handshake with that session (non-empty Session ID > in ClientHello), but that's not how EAP-FAST works. The Session ID is > supposed to be empty here and instead of the standard session ticket > mechanism, the keys get from SSL_set_session_secret_cb() registered > callback function which derives the secret in EAP-FAST specific way > (master_secret = T-PRF(PAC-Key, "PAC to master secret label hash", > server_random + client_random, 48)). Any chance you have a standalone test program that works with TLSv1_client_method(), but not with SSLv23_client_method() (and SSLv2 disabled). Such code if added to "make test" might ensure the problem does not come back after is is fixed. What would be excellent is a program that is both the client and the server (talking to itself over a socketpair perhaps, though that might not be portable to Windows, but perhaps it suffices for the test to run on Unix-like systems...). -- Viktor. From rt at openssl.org Fri Jul 24 07:18:37 2015 From: rt at openssl.org (ice via RT) Date: Fri, 24 Jul 2015 07:18:37 +0000 Subject: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing In-Reply-To: References: Message-ID: Hi, in my process, I expecienced too many SSL_accept() crashed when processing SSLv3 client request. (gdb) info stack #0 0xb76e3f7a in SSL_accept () from /lib/libssl.so.1.0.0 #1 0x00000000 in ?? () #2 0xb76e3f56 in SSL_accept () from /lib/libssl.so.1.0.0 #3 0xbfc2ff23 in ?? () #4 0x08049d57 in do_ssl_accept (client_cb=0x9f79790) at rhttpd.cc:823 $12 = {version = 768, type = 8192, method = 0x0, rbio = 0x9f799e0, wbio = 0x9f799e0, bbio = 0x0, rwstate = 1, in_handshake = 0, handshake_func = 0xb76d5d00 , server = 1, new_session = 0, quiet_shutdown = 0, shutdown = 0, state = 8720, rstate = 240, init_buf = 0x9f79a28, init_msg = 0x0, init_num = 0, init_off = 0, packet = 0x9fa3e30 "\026\003", packet_length = 11, s2 = 0x0, s3 = 0x9f9e4a8, d1 = 0x0, read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, hit = 0, param = 0x9f78288, cipher_list = 0x0, cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx = 0x0, read_hash = 0x0, expand = 0x0, enc_write_ctx = 0x0, write_hash = 0x0, compress = 0x0, cert = 0x9f79948, sid_ctx_length = 0, sid_ctx = '\0' , session = 0x0, generate_session_id = 0, verify_mode = 0, verify_callback = 0, info_callback = 0, error = 0, error_code = 0, psk_client_callback = 0, psk_server_callback = 0, ctx = 0x9f77e60, debug = 0, verify_result = 0, ex_data = {sk = 0x0, dummy = 0}, client_CA = 0x0, references = 1, options = 2147486719, mode = 0, max_cert_list = 102400, first_packet = 0, client_version = 771, max_send_fragment = 16384, tlsext_debug_cb = 0, tlsext_debug_arg = 0x0, tlsext_hostname = 0x0, servername_done = 0, tlsext_status_type = -1, tlsext_status_expected = 0, tlsext_ocsp_ids = 0x0, tlsext_ocsp_exts = 0x0, tlsext_ocsp_resp = 0x0, tlsext_ocsp_resplen = -1, tlsext_ticket_expected = 0, tlsext_ecpointformatlist_length = 0, tlsext_ecpointformatlist = 0x0, tlsext_ellipticcurvelist_length = 0, tlsext_ellipticcurvelist = 0x0, tlsext_opaque_prf_input = 0x0, tlsext_opaque_prf_input_len = 0, tlsext_session_ticket = 0x0, tls_session_ticket_ext_cb = 0, tls_session_ticket_ext_cb_arg = 0x0, tls_session_secret_cb = 0, tls_session_secret_cb_arg = 0x0, initial_ctx = 0x9f77e60, next_proto_negotiated = 0x0, next_proto_negotiated_len = 0 '\0', srtp_profiles = 0x0, srtp_profile = 0x0, tlsext_heartbeat = 0, tlsext_hb_pending = 0, tlsext_hb_seq = 153, renegotiate = 167221624, srp_ctx = {SRP_cb_arg = 0x0, TLS_ext_srp_username_callback = 0, SRP_verify_param_callback = 0, SRP_give_srp_client_pwd_callback = 0, login = 0x0, N = 0x0, g = 0x0, s = 0x0, B = 0x0, A = 0x0, a = 0x0, b = 0x9f786d0, v = 0x9f7b2f8, info = 0xb76b52e8 "@", strength = 0, srp_Mask = 0}} Somehow the method became 0x0 when processing SSLv3. for now all crashes occured with SSLv3 client requests. We have to disable SSLv2 and SSLv3 support in the process. Could anyone help check what happened to make the "method" become 0x0 when processing SSLv3? Thanks, Murphy.zhao -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Fri Jul 24 07:20:16 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Fri, 24 Jul 2015 07:20:16 +0000 Subject: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing In-Reply-To: <36f232dcbd234dfaa5f082868aeb766e@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <36f232dcbd234dfaa5f082868aeb766e@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: The first place to look is to see if your program has any pointers errors that are overwriting memory. Try something like valgrind or ASAN. From rt at openssl.org Fri Jul 24 07:30:02 2015 From: rt at openssl.org (Matt Caswell via RT) Date: Fri, 24 Jul 2015 07:30:02 +0000 Subject: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing In-Reply-To: References: Message-ID: On Fri Jul 24 07:18:37 2015, murphy.zhao at qq.com wrote: > Somehow the method became 0x0 when processing SSLv3. for now all > crashes occured with SSLv3 client requests. We have to disable SSLv2 > and SSLv3 support in the process. > Could anyone help check what happened to make the "method" become 0x0 > when processing SSLv3? What openssl version/platform are you using? Matt From j at w1.fi Fri Jul 24 09:04:09 2015 From: j at w1.fi (Jouni Malinen) Date: Fri, 24 Jul 2015 12:04:09 +0300 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150723230939.GB4347@mournblade.imrryr.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <20150723182204.GA3935@w1.fi> <20150723202111.GY4347@mournblade.imrryr.org> <20150723224636.GA3876@w1.fi> <20150723230939.GB4347@mournblade.imrryr.org> Message-ID: <20150724090409.GA8799@w1.fi> On Thu, Jul 23, 2015 at 11:09:40PM +0000, Viktor Dukhovni wrote: > Any chance you have a standalone test program that works with > TLSv1_client_method(), but not with SSLv23_client_method() (and > SSLv2 disabled). Such code if added to "make test" might ensure > the problem does not come back after is is fixed. > > What would be excellent is a program that is both the client and > the server (talking to itself over a socketpair perhaps, though > that might not be portable to Windows, but perhaps it suffices > for the test to run on Unix-like systems...). While I do have a fully automated test setup (http://buildbot.w1.fi/hwsim/) that runs on a single server and can be used with OpenSSL 0.9.8 through 1.0.2, it would be quite a stretch to claim that to be standalone in this context.. :-) I do have an example program that comes much closer, though. eap_example in hostap.git is a single process that runs EAP server and peer and runs through one authentication round. By default, it is not built with OpenSSL or for EAP-FAST, but it is straightforward to modify that to do so. Here's a step-by-step example of running this test: git clone git://w1.fi/hostap.git cd hostap/ wget http://w1.fi/p/eap-example-openssl-eap-fast.patch patch -p1 < eap-example-openssl-eap-fast.patch cd eap_example/ make ./eap_example > run1 ls -l eap-fast.pac ./eap_example > run2 grep SessionTicket run2 The eap-example-openssl-eap-fast.patch comments out the EAP-FAST workaround where I force TLSv1_method() to be used. In other words, with this patch, SSLv23_method() is used instead. The workaround can be re-enabled by reverting the change in src/crypto/tls_openssl.c (#if 0 --> #if 1). The first execution of eap_example goes through the EAP-FAST provisioning step. This works with SSLv23_method() since no SessionTicket is used here. As a result of that provisioning round, eap-fast.pac file is created with the information that the peer can use to establishing connections afterwards. On the second run (and all following runs with the PAC file present for that matter), we'll hit the issue with SSLv23_method(). That grep for SessionTicket in run2 shows this type of output in the failed case: OpenSSL: ClientHello SessionTicket extension - hexdump(len=0): EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket (PAC-Opaque) - hexdump(len=0): EAP-FAST: Ignore invalid SessionTicket EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket - hexdump(len=0): [NULL] OpenSSL: ClientHello SessionTicket extension - hexdump(len=0): While the workaround with TLSv1_method() shows this: OpenSSL: ClientHello SessionTicket extension - hexdump(len=60): 00 02 00 38 93 ac a7 0f 32 75 a3 88 dc b1 e4 b0 83 84 04 bd 63 ed 55 a5 37 0d 69 c9 05 a2 b4 1c f0 43 b4 d5 9b e2 2c 67 74 cf c9 3d bc 82 56 97 79 1d 03 59 5e 86 d3 e3 bd d7 a4 ca EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket (PAC-Opaque) - hexdump(len=60): 00 02 00 38 93 ac a7 0f 32 75 a3 88 dc b1 e4 b0 83 84 04 bd 63 ed 55 a5 37 0d 69 c9 05 a2 b4 1c f0 43 b4 d5 9b e2 2c 67 74 cf c9 3d bc 82 56 97 79 1d 03 59 5e 86 d3 e3 bd d7 a4 ca EAP-FAST: SessionTicket callback EAP-FAST: SessionTicket - hexdump(len=0): [NULL] This may still be quite a bit too much for OpenSSL "make test" purposes, i.e., something without the full EAP-FAST implementation is likely to be sufficient there. I don't have such an example available, though. Anyway, I hope this eap_example code is useful for anyone who might be able to make SSLv23_method() case in OpenSSL support this use case. I'm trying to run the full hostapd/wpa_supplicant test suite with all OpenSSL releases, so I should at least notice regressions in the relevant areas pretty quickly. In theory, I could also do this on snapshot builds (or repository snapshots in general). -- Jouni Malinen PGP id EFC895FA From dwmw2 at infradead.org Fri Jul 24 09:19:02 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Fri, 24 Jul 2015 10:19:02 +0100 Subject: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() In-Reply-To: References: <1437655510.27621.29.camel@infradead.org> <7ca263e61d704be28e03b0a646683eb0@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <1437729542.27621.90.camel@infradead.org> On Thu, 2015-07-23 at 20:33 +0000, Salz, Rich via RT wrote: > How about 256 on the stack? Sure. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3955-Reduce-stack-usage-in-PKCS7_verify-and-PKCS7_.patch Type: text/x-patch Size: 1330 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Fri Jul 24 09:19:16 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Fri, 24 Jul 2015 09:19:16 +0000 Subject: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify() In-Reply-To: <1437729542.27621.90.camel@infradead.org> References: <1437655510.27621.29.camel@infradead.org> <7ca263e61d704be28e03b0a646683eb0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1437729542.27621.90.camel@infradead.org> Message-ID: On Thu, 2015-07-23 at 20:33 +0000, Salz, Rich via RT wrote: > How about 256 on the stack? Sure. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3955-Reduce-stack-usage-in-PKCS7_verify-and-PKCS7_.patch Type: text/x-patch Size: 1331 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Fri Jul 24 10:25:04 2015 From: rt at openssl.org (ice via RT) Date: Fri, 24 Jul 2015 10:25:04 +0000 Subject: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing In-Reply-To: References: Message-ID: >What openssl version/platform are you using? $ openssl version OpenSSL 1.0.1j 15 Oct 2014 Embedded environment based on x86 Regards, Murphy.zhao From rt at openssl.org Fri Jul 24 10:26:06 2015 From: rt at openssl.org (ice via RT) Date: Fri, 24 Jul 2015 10:26:06 +0000 Subject: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing In-Reply-To: References: Message-ID: This transaction appears to have no content -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 683 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 1064 bytes Desc: not available URL: From Stefan.Neis at t-online.de Fri Jul 24 11:52:25 2015 From: Stefan.Neis at t-online.de (Stefan.Neis at t-online.de) Date: Fri, 24 Jul 2015 13:52:25 +0200 Subject: [openssl-dev] =?utf-8?q?compile_error?= In-Reply-To: References: Message-ID: <6629937255b226f948f873.20251648@email.t-online.de> > And I use both gcc and clang with command ?cc -g -Wall -I../../include -lcrypto aesgcm.c" to compile the source code. Long version: Note that the linker processes its libraries from left to right, e.g. if you have an object file object.o and to libraries liba.a and libb.a, then "cc object.o -la -lb" will first collect all unresolved symbols in the object files, then it will resolve whatever it can resolve with the files in liba.a, possibly adding new unresolved symbols and finally it will try to resolve the remaining symbols with libb.a. If you do "cc object.o -lb -la", it will again start with the symbols from object.o, resolve what it can against libb.a, then resolve the reamaining stuff against liba.a and if it adds any symbol from liba.a that needs something from libb.a you get an error. If you do "cc -lb -la object.o", it will start with no symbols, add whatever it needs to resolve the symbols from libb.a (i.e. nothing), then adds whatever it needs from liba.a (i.e. nothing), then add object.o and complain about everything that remains unresolved. In short: try "cc ... aesgcm.c -lcrypto", that should work. Regards, Stefan -------------- next part -------------- An HTML attachment was scrubbed... URL: From fweimer at redhat.com Fri Jul 24 12:09:23 2015 From: fweimer at redhat.com (Florian Weimer) Date: Fri, 24 Jul 2015 14:09:23 +0200 Subject: [openssl-dev] 0.9.8 support after 31 Dec 2015 In-Reply-To: <55AE29FC.605@monetra.com> References: <42780e97ec0a4ec59227df7eef5c5ee7@ustx2ex-dag1mb2.msg.corp.akamai.com> <55AE29FC.605@monetra.com> Message-ID: <55B22AF3.7000403@redhat.com> On 07/21/2015 01:16 PM, Brad House wrote: > I'm sure you're not the only one that will be needing to support 0.9.8 > after the > official EOL. RedHat Enterprise Linux 5 comes to mind (supported until > 3/2017), > so there will definitely be others providing security related patches. On the other hand, Red Hat will only backport critical security fixes to Red Hant Enterprise Linux 5 because it is in Production Phase 3. This is considerably narrower than what is currently provided by OpenSSL upstream 0.9.8. (The main problem people have with 0.9.8 right now is lack of TLS 1.1/1.2 support, and fixing that while preserving binary compatibility with 0.9.8 is quite a challenge.) -- Florian Weimer / Red Hat Product Security From fweimer at redhat.com Fri Jul 24 13:19:55 2015 From: fweimer at redhat.com (Florian Weimer) Date: Fri, 24 Jul 2015 15:19:55 +0200 Subject: [openssl-dev] Self-initialization of locking/threadid callbacks and auto-detection of features In-Reply-To: <20150615160234.GA3955@localhost> References: <20131028020710.GA15554@gmail.com> <52702171.1060604@openssl.org> <20131029231514.GA23539@gmail.com> <557949D6.9010506@redhat.com> <20150615160234.GA3955@localhost> Message-ID: <55B23B7B.8000309@redhat.com> On 06/15/2015 06:02 PM, Nico Williams wrote: > On Thu, Jun 11, 2015 at 10:41:58AM +0200, Florian Weimer wrote: >> Detecting things in libcrypto is very difficult on GNU/Linux due to the >> way dynamic linking works. > > Details? Detection based on weak symbols can break due to linking order (if the main executable is not linked against libpthread). Merely linking against libpthread, without ever creating any threads, is also not an indicator of thread usage (libcrypto, for instance, currently does this unconditionally). > Perhaps OpenSSL should have several configuration flavors for Linux > then. If you want to statically link a non-threaded program with > OpenSSL, then you should use the libpthread static link meant for it. I have not considered the static linking case at all, to be honest. It should be used only very rarely. If the lack of stubs is a problem for static linking, glibc could be enhanced to provide them in a separate archive. > A workaound for libraries may be to use a private copy (as if by static > linking) of OpenSSL with distinct SONAME/symbols and initialize that > copy properly. This is generally safe (we've tried it) but also a bit > troublesome. On the plus side this means that ABI incompatibilities > betwee OpenSSL releases become a non-issue. We can't do that because too much would need to be recompiled and relinked for updates. > Or indeed, libpthread should move into libc (which I gather would take a > long time and is beyond what we can do here). See my offer to add more stubs as needed. > (Moving the implementation of a library to another requires support for > shared object "filters", at least on Solaris, so that dynamically-linked > dependents of libpthread and such will find the symbols they need there, > though the RTLD knows to go look in the object they moved to. We say > that libpthread is a filter of libc because only the pthread-related > symbols of libc appear in libpthread. IIUC the Linux RTLD does not > support filters.) If I understand you correctly, we emulate them with IFUNCs in glibc. There is no additional indirection at run time, calls go directly through the libc implementation even if it is called through the libpthread symbol. >> Linking -lpthread has a real performance hit for unthreaded >> applications, so core libraries should avoid it. > > It shouldn't. We can get rid of the performance overhead for single-threaded case, but it's a multi-year effort, and we haven't even started. What you as a library author can do: do not link against libpthread. Most functionality you might need is available from libc proper, and where it is not, ask for advice on the libc-help list. > In any case, the initialization problems when OpenSSL is used by > *libraries* are simply unacceptable. Right. -- Florian Weimer / Red Hat Product Security From kurt at roeckx.be Fri Jul 24 17:49:18 2015 From: kurt at roeckx.be (Kurt Roeckx) Date: Fri, 24 Jul 2015 19:49:18 +0200 Subject: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing In-Reply-To: References: Message-ID: <20150724174918.GA9745@roeckx.be> On Fri, Jul 24, 2015 at 10:25:04AM +0000, ice via RT wrote: > >What openssl version/platform are you using? > > > $ openssl version > OpenSSL 1.0.1j 15 Oct 2014 You seem to be affected by CVE-2014-3569 that only affects the 1.0.1j version. Kurt From rt at openssl.org Fri Jul 24 17:49:29 2015 From: rt at openssl.org (Kurt Roeckx via RT) Date: Fri, 24 Jul 2015 17:49:29 +0000 Subject: [openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing In-Reply-To: <20150724174918.GA9745@roeckx.be> References: <20150724174918.GA9745@roeckx.be> Message-ID: On Fri, Jul 24, 2015 at 10:25:04AM +0000, ice via RT wrote: > >What openssl version/platform are you using? > > > $ openssl version > OpenSSL 1.0.1j 15 Oct 2014 You seem to be affected by CVE-2014-3569 that only affects the 1.0.1j version. Kurt From kannanar at cisco.com Mon Jul 27 04:09:15 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Mon, 27 Jul 2015 04:09:15 +0000 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: References: Message-ID: Hi Team, Can anyone share the thoughts on this? Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Thursday, July 23, 2015 5:46 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Any thoughts much appreciated. ~Kannan N. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Wednesday, July 22, 2015 4:54 PM To: openssl-dev at openssl.org Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Hi, To disable SSLv2 and SSLv3 while compilation used no-ssl2 and no-ssl3 option for windows platform. But getting the below link error. Without option "no-ssl2 no-ssl3" I can compile successfully. Any pointers to resolve this issue? Thanks in advance. LINK : warning LNK4001: no object files specified; libraries used LINK : warning LNK4068: /MACHINE not specified; defaulting to IX86 LINK : warning LNK4001: no object files specified; libraries used SSLEAY32.def : error LNK2001: unresolved external symbol BIO_f_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_buffer_ssl_connec SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl_connect SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_copy_session_id SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_shutdown SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_client_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_server_method SSLEAY32.def : error LNK2001: unresolved external symbol ERR_load_SSL_strings SSLEAY32.def : error LNK2001: unresolved ex ternal symbol SSL_CIPHER_description SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_bits SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_version SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_add_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_client_CA SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_session SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_callback_ctrl SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_check_private_key Openssl Version: openssl-0.9.8zc Commands used: VCVARS32.BAT perl Configure VC-WIN32 no-idea shared no-ssl2 no-ssl3 --prefix=e:/openssl ms\do_masm nmake -f ms\ntdll.mak Thanks, Kannan Narayanasamy. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From soul.great at me.com Mon Jul 27 03:54:21 2015 From: soul.great at me.com (Song Geng) Date: Mon, 27 Jul 2015 11:54:21 +0800 Subject: [openssl-dev] compile error In-Reply-To: <6629937255b226f948f873.20251648@email.t-online.de> References: <6629937255b226f948f873.20251648@email.t-online.de> Message-ID: <4AFCDAA2-F2FA-424E-AF15-2DF19D6F867B@me.com> Hi, Thanks for replying. I tried the command you mentioned. But it doesn?t work. I doubt that the implementation of ?gcm? hasn?t be included. Could you use it sucessfully? Br, Great Soul soul.great at me.com > On Jul 24, 2015, at 7:52 PM, Stefan.Neis at t-online.de wrote: > > with -------------- next part -------------- An HTML attachment was scrubbed... URL: From soul.great at me.com Mon Jul 27 08:04:09 2015 From: soul.great at me.com (Song Geng) Date: Mon, 27 Jul 2015 16:04:09 +0800 Subject: [openssl-dev] compile error In-Reply-To: <6629937255b226f948f873.20251648@email.t-online.de> References: <6629937255b226f948f873.20251648@email.t-online.de> Message-ID: Hi, Finally I found the reason. The program find lib ?crypto? in the default path. And my system has installed a openssl-0.98. That version doesn?t support ?gcm?. I installed a new version openssl from source code, but it only generate libcrypto.a in directory ?lib/?. And I notice that there?s the libcrypto.dylib in /usr/lib. So I use brew to install the latest openssl in from the repo. Then use command as follows: cc -g -L/path/to/brew repo/openssl/1.0.2a-1/lib/ -Wall -I../../include -o test aesgcm.c -lcrypto It works. Br, Great Soul soul.great at me.com > On Jul 24, 2015, at 7:52 PM, Stefan.Neis at t-online.de wrote: > > > And I use both gcc and clang with command ?cc -g -Wall -I../../include -lcrypto aesgcm.c" to compile the source code. > Long version: > Note that the linker processes its libraries from left to right, e.g. if you have an object file object.o and to libraries > liba.a and libb.a, then "cc object.o -la -lb" will first collect all unresolved symbols in the object files, then it will > resolve whatever it can resolve with the files in liba.a, possibly adding new unresolved symbols and finally it > will try to resolve the remaining symbols with libb.a. If you do "cc object.o -lb -la", it will again start with the > symbols from object.o, resolve what it can against libb.a, then resolve the reamaining stuff against liba.a and > if it adds any symbol from liba.a that needs something from libb.a you get an error. > If you do "cc -lb -la object.o", it will start with no symbols, add whatever it needs to resolve the symbols from > libb.a (i.e. nothing), then adds whatever it needs from liba.a (i.e. nothing), then add object.o and complain > about everything that remains unresolved. > > In short: try "cc ... aesgcm.c -lcrypto", that should work. > > Regards, > Stefan > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From dwmw2 at infradead.org Mon Jul 27 09:46:30 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Mon, 27 Jul 2015 10:46:30 +0100 Subject: [openssl-dev] [RFC] Add UEFI target to OpenSSL Message-ID: <1437990390.4155.27.camel@infradead.org> EDK II is the reference implementation of UEFI, used by fairly much everyone shipping UEFI firmware these days. It uses OpenSSL to provide cryptographic functionality, used for Secure Boot. This might make it one of the largest OpenSSL deployments ever. So it would be quite useful for it to be supported out of the box, without the need to rapidly update and reapply external patches each time it's necessary to update OpenSSL. I've been submitting patches last week to both OpenSSL and EDKII. Now I'm looking at the build process itself. EDK II has its own build system, and this is its build INF file for OpenSSL: https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/OpensslLib.inf Obviously, that list of filenames wants to be generated automatically by something based on 'make files', and !included into the INF file. And the litany of -DOPENSSL_NO_xxx probably just wants to be in opensslconf.h with a proper ./Configure invocation. (For the Windows users building EDKII, who can't be assumed to have a sane build setup, we can ship preprepared versions of both.) Here's a first attempt at making './Configure UEFI' do something sane. The main question is what I should be doing about SIXTY_FOUR_BIT_LONG et al.? Using the *same* build INF file, we build for i386, x86_64, ARM, AARCH64 and IA64. The current INF file will explicitly set THIRTY_TWO_BIT or SIXTY_FOUR_BIT_LONG according to the platform. Hence making that part of opensslconf.h inactive for OPENSSL_SYS_UEFI, in the patch below. Better suggestions would be welcomed... since this isn't entirely performance-critical, *perhaps* it might be acceptable just to use THIRTY_TWO_BIT everywhere? My other question, before I look too hard at the integration: is it worth providing an OpenSSL build target that can build OpenSSL and its tools as standalone UEFI executables? That way, the UEFI build target has some meaning (and can perhaps at least be build tested) within OpenSSL directly, rather than only when imported into an EDK II build. diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index b5d32b6..2dcc82d 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1207,6 +1207,13 @@ shared_extension => ".dll.a", }, +#### UEFI + "UEFI" => { + cc => "cc", + cflags => "-DL_ENDIAN -O", + sys_id => "UEFI", + }, + #### UWIN "UWIN" => { cc => "cc", diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in index 4429c91..2ce2e48 100644 --- a/crypto/opensslconf.h.in +++ b/crypto/opensslconf.h.in @@ -79,11 +79,13 @@ /* Should we define BN_DIV2W here? */ +#ifndef OPENSSL_SYS_UEFI /* This is defined in the EDK2 build INF */ /* Only one for the following should be defined */ #undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #define THIRTY_TWO_BIT #endif +#endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) #define CONFIG_HEADER_RC4_LOCL_H diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 177b098..6327a64 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -76,6 +76,11 @@ extern "C" { # define OPENSSL_SYS_NETWARE # endif +/* -------------------------------- UEFI ---------------------------------- */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# endif + /* --------------------- Microsoft operating systems ---------------------- */ /* -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation From dwmw2 at infradead.org Mon Jul 27 11:32:37 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Mon, 27 Jul 2015 12:32:37 +0100 Subject: [openssl-dev] [openssl.org #3628] [PATCH] NDEBUG macro and redundant strings In-Reply-To: <1YEfN9-26xxBY0@fwd08.aul.t-online.de> Message-ID: <1437996757.4155.44.camel@infradead.org> This would be extremely useful for the UEFI build too. For us it's not the insanely-tinfoil-hat concern about revealing "private" information about which directory OpenSSL happens to have been built in; it's more about the need to have *small* and *reproducible* builds. EDK II currently carries a big patch which just takes the brute-force approach of replacing all instances of __FILE__ with NULL, and __LINE__ with 0. Rather than littering the source with #ifdef NDEBUG, I had considered instead introducing OPENSSL_FILE and OPENSSL_LINE. I think those would do the right thing in situ, rather than picking up the filename and line on which OPENSSL_FILE and OPENSSL_LINE respectively were defined? Perhaps it could be just depend on OPENSSL_SMALL_FOOTPRINT? -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation From dwmw2 at infradead.org Mon Jul 27 15:18:43 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Mon, 27 Jul 2015 16:18:43 +0100 Subject: [openssl-dev] OPENSSL_NO_xxx cleanup: RFC3779 In-Reply-To: <6671ed07ae4343c58226f31a85e45e88@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <1437665963.27621.40.camel@infradead.org> <1437668756.27621.42.camel@infradead.org> <6671ed07ae4343c58226f31a85e45e88@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <1438010323.26913.26.camel@infradead.org> On Thu, 2015-07-23 at 16:30 +0000, Salz, Rich wrote: > > If I were to resurrect it as part of the patchset to make the UEFI > > build work sanely, would you object to that? > > I've got no problem with that. Thanks. Attached. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Revert-OPENSSL_NO_xxx-cleanup-RFC3779.patch Type: text/x-patch Size: 10500 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From matt at openssl.org Mon Jul 27 16:03:45 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 27 Jul 2015 17:03:45 +0100 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> Message-ID: <55B65661.8030701@openssl.org> On 23/07/15 14:19, Ian McFadries (imcfadri) wrote: > In order for TLS session ticket extension to work with the > SSLv23_client_method's it seems that the ssl23_client_hello method > should add a new session object to the SSL connection when there is > none, similar to what is done in the ssl3_client_hello method. I have just committed a fix for this issue: https://github.com/openssl/openssl/commit/f0348c842e75a77f643e7d34cb88609145b2d320 As well as a test: https://github.com/openssl/openssl/commit/09368c044b4a0dfe694e4905cb13e9a293efd78d The above links are for the 1.0.2 commits. Equivalent commits have also been pushed for 1.0.1. For master I have only added the test as the bug did not exist in master (the version negotiation rewrite fixed it). Matt From rt at openssl.org Mon Jul 27 17:04:10 2015 From: rt at openssl.org (mahendar katkuri via RT) Date: Mon, 27 Jul 2015 17:04:10 +0000 Subject: [openssl-dev] [openssl.org #3957] BUG:Double free in int_thread_del_item in crypto/err/err.c In-Reply-To: References: Message-ID: Dear Sir/Madam, During system restart, there is a crash in openSSL(ver openssl-1.0.1j) pointing to crypto/err/err.c >From the backtrace, it is complaining about double free in int_thread_del_item() function in crypto/err/err.c file. Please find backtrace below. Could you let us know if this is a known issue. #3 0x000000801ea20000 in __GI_raise (sig=) at ../sysdeps/unix/sysv/linux/raise.c:55 #4 0x000000801ea25850 in __GI_abort () at abort.c:89 #5 0x000000801ea60e24 in __libc_message (do_abort=, fmt=) at ../sysdeps/posix/libc_fatal.c:175 #6 0x000000801ea6f368 in malloc_printerr (action=, str=0x801eb4f240 "*double free or corruption (!prev)*", ptr=) at malloc.c:4958 #7 0x000000801ea701bc in _int_free (av=, p=, have_lock=) at malloc.c:3829 #8 0x00003fff7ab472d8 in CRYPTO_free (str=0x3fff4c001010) at mem.c:397 #9 0x00003fff7abda018 in lh_free (lh=0x3fff4c000f50) at lhash.c:175 #10 0x00003fff7abdd858 in int_thread_del_item (d=) at err.c:537 #11 0x00003fff7abde978 in ERR_remove_thread_state (id=) at err.c:994 #12 0x00003fff7abdea14 in ERR_remove_state (pid=) at err.c:1000 BR Mahendar. -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Mon Jul 27 21:15:39 2015 From: rt at openssl.org (David Weidenkopf via RT) Date: Mon, 27 Jul 2015 21:15:39 +0000 Subject: [openssl-dev] [openssl.org #3958] [PATCH] pkcs12 application selects bad defaults in FIPS mode In-Reply-To: References: Message-ID: openssl 1.0.1l It seems that the default algorithm selection for pkcs12 is incorrect when FIPS mode is in use. The root cause appears to be that the FIPS_mode() check is performed prior to the load_config() call. A patch is attached that changes this ordering. Feedback on this issue would be much appreciated. Thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: pkcs12_FIPS_check.patch Type: text/x-patch Size: 829 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From j at w1.fi Mon Jul 27 21:51:26 2015 From: j at w1.fi (Jouni Malinen) Date: Tue, 28 Jul 2015 00:51:26 +0300 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <55B65661.8030701@openssl.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> Message-ID: <20150727215126.GA9715@w1.fi> On Mon, Jul 27, 2015 at 05:03:45PM +0100, Matt Caswell wrote: > I have just committed a fix for this issue: > https://github.com/openssl/openssl/commit/f0348c842e75a77f643e7d34cb88609145b2d320 > The above links are for the 1.0.2 commits. Equivalent commits have also > been pushed for 1.0.1. For master I have only added the test as the bug > did not exist in master (the version negotiation rewrite fixed it). Thanks! I can confirm that the 1.0.2 changes allow me to remove the EAP-FAST workaround (force TLSv1_method() to be used). I had not yet been able to test EAP-FAST with the master branch snapshot since there were number of API changes that broke the mechanism I used for key derivation. Now that I took a new look at this, most of the needed accessors have apparently be added. I think I still may need something to be able to figure out the keyblock size to be able to skip over it in EAP-FAST key derivation. Anyway, this was sufficiently close to be able to run some more tests. With couple more fixes and hardcoded keyblock size for testing purposes, it looks like EAP-FAST with authenticated provisioning worked. Unauthenticated provisioning case was failing due to "ssl3_client_hello:no ciphers available", but I'd assume that to be caused by some change in the enabled ciphers (this mode is trying to use ADH-AES128-SHA). While this is somewhat beyond the scope of this thread, I'd appreciate any guidance on how to figure out keyblock size from the current negotiation with the master branch OpenSSL snapshot. I used to use ssl->s3->tmp.new_mac_secret_size and EVP_CIPHER_{key,iv}_length(). The latter are still present, the former is not. Though, ssl->enc_read_ctx->cipher is not available for EVP_CIPHER_*(). Alternative version used EVP_MD_CTX_md(ssl->read_hash) followed by EVP_MD_size(). That is not available either. A more flexible version of SSL_export_keying_material() would be another (and likely cleaner) alternative for this. The addition need for couple of EAP methods is in being able to request server random to be used used before client random (i.e., the reverse order of the standard implementation) and to be able to skip key block length number of bytes from the beginning of the PRF output. For that key block skipping part, though, it would also hit an issue with memcmp against TLS_MD_KEY_EXPANSION_CONST, i.e., something completely different may be needed to be able to derive the EAP-FAST session_key_seed (see RFC 4851 Section 5.1 for details and RFC 5422 Section 3.3 shows yet another EAP-FAST case where session_key_seed and ServerChallenge + ClientChallenge needs to be derived similarly after the key_block). It would be nice to be able to get those out from OpenSSL without having to implement the PRF for this externally (and without exporting the master key for that matter). -- Jouni Malinen PGP id EFC895FA From matt at openssl.org Mon Jul 27 22:28:09 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 27 Jul 2015 23:28:09 +0100 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150727215126.GA9715@w1.fi> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> <20150727215126.GA9715@w1.fi> Message-ID: <55B6B079.9040009@openssl.org> On 27/07/15 22:51, Jouni Malinen wrote: > On Mon, Jul 27, 2015 at 05:03:45PM +0100, Matt Caswell wrote: >> I have just committed a fix for this issue: >> https://github.com/openssl/openssl/commit/f0348c842e75a77f643e7d34cb88609145b2d320 > >> The above links are for the 1.0.2 commits. Equivalent commits have also >> been pushed for 1.0.1. For master I have only added the test as the bug >> did not exist in master (the version negotiation rewrite fixed it). > > Thanks! I can confirm that the 1.0.2 changes allow me to remove the > EAP-FAST workaround (force TLSv1_method() to be used). > > I had not yet been able to test EAP-FAST with the master branch snapshot > since there were number of API changes that broke the mechanism I used > for key derivation. Now that I took a new look at this, most of the > needed accessors have apparently be added. I think I still may need > something to be able to figure out the keyblock size to be able to skip > over it in EAP-FAST key derivation. Anyway, this was sufficiently close > to be able to run some more tests. With couple more fixes and hardcoded > keyblock size for testing purposes, it looks like EAP-FAST with > authenticated provisioning worked. Unauthenticated provisioning case was > failing due to "ssl3_client_hello:no ciphers available", but I'd assume > that to be caused by some change in the enabled ciphers (this mode is > trying to use ADH-AES128-SHA). The master branch implements "security levels". The default security level does not allow anon ciphersuites. I suspect this may be your problem. > > > While this is somewhat beyond the scope of this thread, I'd appreciate > any guidance on how to figure out keyblock size from the current > negotiation with the master branch OpenSSL snapshot. I used to use > ssl->s3->tmp.new_mac_secret_size and EVP_CIPHER_{key,iv}_length(). The > latter are still present, the former is not. Though, > ssl->enc_read_ctx->cipher is not available for EVP_CIPHER_*(). > Alternative version used EVP_MD_CTX_md(ssl->read_hash) followed by > EVP_MD_size(). That is not available either. Can you use: __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); and int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); to then call: EVP_MD_size(EVP_get_digestbynid(nid)); Matt From rsteck at symsysresearch.com Mon Jul 27 23:47:00 2015 From: rsteck at symsysresearch.com (rsteck at symsysresearch.com) Date: Mon, 27 Jul 2015 19:47:00 -0400 Subject: [openssl-dev] RSA key generation in FIPS mode Message-ID: <783d03127bbed3f61b357c5135c14692@symsysresearch.com> This is potentially a question with openssl-dev/openssl-users crossover. In the FIPS Security Policy there are listed two functions for generating RSA keys: FIPS_rsa_generate_key_ex() (renamed from RSA_generate_key_ex()) and FIPS_rsa_x931_generate_key_ex() (renamed from RSA_X931_generate_key_ex()) The later is a complete implementation, according to X9.31, and an approved method in FIPS 186-2. The former is a wrapper function for either a "custom" keygen contained in the RSA struct, or the static "rsa_builtin_keygen". This builtin function does not conform to X9.31 (and therefor is not acceptable under 186-2). In testing, it appears when running in FIPS mode and calling the wrapper function, the non-approved builtin function is the one that is called. The default RSA struct creation function, defined in "fips/fips_rsa_lib.c:FIPS_rsa_new()" sets a mechanism parameter ("RSA_PKCS1_SSLeay()") that doesn't specify any key construction method (see cryupto/rsa/rsa_eay.c). Without this specified in the struct, the default (builtin; non-approved) method is used. Thus, it appears that there is a function in the FIPS API that allows for the creation of RSA keys in a non-approved manner. Am I missing something? Assuming I was to remediate this for one of my clients, the wrapper function within the canister should replace the call to the builtin function with a call to the RSA_X931_generate_key_ex() function, and/or the struct creation function should explicitly set the rsa_keygen method. Correct? Thanks, Randy From dwmw2 at infradead.org Tue Jul 28 10:38:05 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Tue, 28 Jul 2015 11:38:05 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150722164747.GG4347@mournblade.imrryr.org> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722164747.GG4347@mournblade.imrryr.org> Message-ID: <1438079885.26913.127.camel@infradead.org> On Wed, 2015-07-22 at 16:47 +0000, Viktor Dukhovni wrote: > On Wed, Jul 22, 2015 at 03:36:40PM +0000, David Woodhouse via RT > wrote: > > > FWIW the Linux kernel also specifically avoids checking timestamps > > altogether when validating signed modules. > > You probably need a dedicated implementation of X509_verify_cert(). > When dealing with "data at rest" (signed email, signed code, ...) > certificate expiration needs to be understood in the context of > time of signature, not time of verification. Yes, but AFAICT the security model here is entirely bogus. If we're going to trust a third party to say " is my signature, oh and trust me, is when I signed it", then we might as well not be checking the validity time for that third party's signatures at all. There is *no* benefit, surely? Just complexity. > Ideally (this generally works for email), the verifier "initially" > verifies the signed object before the expiration time of the > certificate and then caches this fact in some manner, so that > subsequent verification can ignore the certificate entirely, and > just check the the object has not changed since initially verified. Except that IMAP deliberately provides a *read-only* message store. You cannot modify messages in any way, by design. You can only add flags. I don't even want to contemplate a world in which we just have a 'trust me, message signature was OK' flag on a mailstore and allow that to bypass the *actual* checking. Actually, if you look at RFC3851 ?2.5.1 you'll see that we include a signingTime attribute in the S/MIME message. Validation is done using that. Which makes it entirely pointless, as I said above. You might as well just not *check* the validity time at all when validating email, surely? Hell, it would make more sense in the case of email to do the check using the Date: header (or the last Resent-Date: header). At least that wouldn't be *entirely* redundant. And it wouldn't be possible to falsely sign a message > If caching results of initial verification is not an option, then > perhaps disabling expiration checks is a last-resort option. It's not an option. It's not even a good idea. > There are ways (with care) to do this via the verify callback, which > can be made to suppress *only* expiration errors and fail on all > other errors. Yeah. And it turns out that we have verify callbacks in most cases *already*, to cope with intermediate CAs being present in our trust store without the ultimate self-signed root CA also being present. (Although I'd hope there was a better way to handle that; I'll come back to that later.) So for now I can live without the requested feature ? although reluctantly because I think the reasons for refusing are utterly bogus ? and fix it up on the EDK2 side just by ignoring/allowing X509_V_ERR_CERT_{HAS_EXPIRED,NOT_YET_VALID} thus: http://git.infradead.org/users/dwmw2/edk2.git/commitdiff/9b89269c -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Tue Jul 28 11:00:15 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Tue, 28 Jul 2015 11:00:15 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <1437569859.3905.87.camel@intel.com> <1437579387.3905.104.camel@infradead.org> <20150722164747.GG4347@mournblade.imrryr.org> <1438079885.26913.127.camel@infradead.org> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: It seems that the simplest and most obvious thing is to indicate that you don't care about the dates, which is what this patch does. From j at w1.fi Tue Jul 28 14:09:38 2015 From: j at w1.fi (Jouni Malinen) Date: Tue, 28 Jul 2015 17:09:38 +0300 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <55B6B079.9040009@openssl.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> <20150727215126.GA9715@w1.fi> <55B6B079.9040009@openssl.org> Message-ID: <20150728140938.GA4079@w1.fi> On Mon, Jul 27, 2015 at 11:28:09PM +0100, Matt Caswell wrote: > The master branch implements "security levels". The default security > level does not allow anon ciphersuites. I suspect this may be your problem. Indeed. SSL_set_security_level(ssl, 0) for this special EAP-FAST case resolved this. > Can you use: > __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); > > and > > int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); > > to then call: > EVP_MD_size(EVP_get_digestbynid(nid)); Thanks! This does indeed work fine and is significantly cleaner design than the one I had to use with earlier OpenSSL versions. It looks like things are getting very close to complete now. I was able to get all EAP-FAST test cases passing with the current snapshot of 1.0.2 and using TLSv1.2. With the current snapshot of the master branch, there is an issue on the TLS server side, though. All the EAP-FAST peer functionality worked with the master branch version. The remaining issue for EAP-FAST server is in the SSL_set_session_secret_cb() callback not having access to the correct server_random through SSL_get_server_random(). In earlier OpenSSL versions, I could fetch this from ssl->s3->server_random. However, SSL_get_server_random() seems to return some bogus data at this point in the sequence (_before_ the ServerHello has actually been written). The correct server_random becomes available later, but that's too late to be able to derive the correct master_secret in the session secret callback.. Any idea what could be causing this? Would it be possible to modify the sequence of operations here in a way that the real server_random were available through SSL_get_server_random() from the SSL_set_session_secret_cb() handler on the TLS server side as well as on the client side (where it seems to work now). -- Jouni Malinen PGP id EFC895FA From eijdenberg at google.com Tue Jul 28 14:51:32 2015 From: eijdenberg at google.com (Adam Eijdenberg) Date: Tue, 28 Jul 2015 14:51:32 +0000 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa Message-ID: HI openssl-dev, This is my first patch, so hope I'm following the right process. The argument parsing for "openssl genrsa" is missing a "break;" statement and as a consequence control the users gets a set of spurious warnings about a missing engine that they didn't actually intentionally specify. A quick grep found 2 other similar issues. I created a pull request on Friday ( https://github.com/openssl/openssl/pull/339) but since I didn't hear anything there I am attaching the small (3 line) patch to this message. Cheers, Adam -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- From 36f4de1c10acb4b16fd9dda01d3389f28b15da46 Mon Sep 17 00:00:00 2001 From: Adam Eijdenberg Date: Fri, 24 Jul 2015 19:27:39 -0700 Subject: [PATCH] Fix missing break for -out argument parsing that causes genrsa to attempt to load engine with name of out.key. e.g. without fix, operation succeeds but with warnings: $ apps/openssl genrsa -out out.key invalid engine "out.key" 140735214080848:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:172:filename(/usr/local/ssl/lib/engines/libout.key.dylib): dlopen(/usr/local/ssl/lib/engines/libout.key.dylib, 2): image not found 140735214080848:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:228: 140735214080848:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:458: 140735214080848:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:379:id=out.key 140735214080848:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:172:filename(libout.key.dylib): dlopen(libout.key.dylib, 2): image not found 140735214080848:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:228: 140735214080848:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:458: Generating RSA private key, 2048 bit long modulus .............+++ .............................................................................................................+++ e is 65537 (0x010001) A quick grep for "=" on a line before "case" found two other similar issues addressed in same commit. --- apps/genrsa.c | 1 + apps/pkeyutl.c | 1 + apps/req.c | 1 - 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/genrsa.c b/apps/genrsa.c index bb8437f..1fea351 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -141,6 +141,7 @@ int genrsa_main(int argc, char **argv) break; case OPT_OUT: outfile = opt_arg(); + break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 4c267c1..741dd64 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -200,6 +200,7 @@ int pkeyutl_main(int argc, char **argv) break; case OPT_REV: rev = 1; + break; case OPT_ENCRYPT: pkey_op = EVP_PKEY_OP_ENCRYPT; break; diff --git a/apps/req.c b/apps/req.c index b3220ba..a16febd 100644 --- a/apps/req.c +++ b/apps/req.c @@ -344,7 +344,6 @@ int req_main(int argc, char **argv) case OPT_NO_ASN1_KLUDGE: kludge = 0; break; - multirdn = 1; case OPT_DAYS: days = atoi(opt_arg()); break; -- 2.5.0.rc2.392.g76e840b From rt at openssl.org Tue Jul 28 14:57:11 2015 From: rt at openssl.org (Nicholas Cooper via RT) Date: Tue, 28 Jul 2015 14:57:11 +0000 Subject: [openssl-dev] [openssl.org #3959] misleading comment in openssl-1.0.2 In-Reply-To: <55B70855.50005@gmail.com> References: <55B70855.50005@gmail.com> Message-ID: The patch is for openssl-1.0.2d.tar.gz of which file the MD5 is 38dd619b2e77cbac69b99f52a053d25a -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl-1.0.2d.diff Type: text/x-patch Size: 1012 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Jul 28 14:57:28 2015 From: rt at openssl.org (John Denker via RT) Date: Tue, 28 Jul 2015 14:57:28 +0000 Subject: [openssl-dev] [openssl.org #3960] make install fails with --prefix=./relative-path In-Reply-To: <55B7933D.3030403@av8n.com> References: <55B7933D.3030403@av8n.com> Message-ID: Scenario: :; git clone https://github.com/openssl/openssl openssl-temp :; cd openssl-temp :; ./config --prefix=./relpath :; make :; make install [spewage snipped] created directory `./relpath' Cannot create directory ./relpath/.: File exists Makefile:669: recipe for target 'install_docs' failed make: *** [install_docs] Error 17 Discussion: It could be argued that an implicit relative path of the form --prefix=usr is probably a user error, i.e. a typo in lieu of --prefix=/usr. However, if you think it should be treated as an error, it should be caught at ./config time ... rather than waiting until the middle of the install process. Also, there should be some meaningful, helpful error message, rather than "file exists". Furthermore, an explicit relative path (i.e. one with a leading "./" or "../" in it) is probably not a user error. The expected and desired behavior is that it should just work. If for some reason this cannot work, it should be caught at ./config time. A meaningful, helpful error message should be given. _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rsalz at akamai.com Tue Jul 28 15:13:42 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 28 Jul 2015 15:13:42 +0000 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: References: Message-ID: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> We saw your pull request. Three days is not a long time. -------------- next part -------------- An HTML attachment was scrubbed... URL: From eijdenberg at google.com Tue Jul 28 15:22:36 2015 From: eijdenberg at google.com (Adam Eijdenberg) Date: Tue, 28 Jul 2015 15:22:36 +0000 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: Sorry Rich, I didn't mean to imply it was (especially since it included the weekend!) - I'm still trying to understand the correct workflow for this project - do you normally prefer mail to this list or pull requests with that type of patch? The README file talks about sending patches to this list, whereas the Wiki talks about GitHub pull requests so I wanted to make sure I was following the right process. Cheers, Adam On Tue, Jul 28, 2015 at 8:14 AM Salz, Rich wrote: > We saw your pull request. Three days is not a long time. > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Jul 28 15:25:42 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 28 Jul 2015 16:25:42 +0100 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: References: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <55B79EF6.9040000@openssl.org> On 28/07/15 16:22, Adam Eijdenberg wrote: > Sorry Rich, I didn't mean to imply it was (especially since it included > the weekend!) - I'm still trying to understand the correct workflow for > this project - do you normally prefer mail to this list or pull requests > with that type of patch? The README file talks about sending patches to > this list, whereas the Wiki talks about GitHub pull requests so I wanted > to make sure I was following the right process. We really need to sort that out! :-) The preferred approach is an email to rt at openssl.org either with patches attached or with a referenced github pull request. Matt From eijdenberg at google.com Tue Jul 28 15:30:10 2015 From: eijdenberg at google.com (Adam Eijdenberg) Date: Tue, 28 Jul 2015 15:30:10 +0000 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: <55B79EF6.9040000@openssl.org> References: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> <55B79EF6.9040000@openssl.org> Message-ID: Thanks Matt - I'll send mail to rt at openssl.org with a reference to the pull request. Cheers, Adam On Tue, Jul 28, 2015 at 8:26 AM Matt Caswell wrote: > > > On 28/07/15 16:22, Adam Eijdenberg wrote: > > Sorry Rich, I didn't mean to imply it was (especially since it included > > the weekend!) - I'm still trying to understand the correct workflow for > > this project - do you normally prefer mail to this list or pull requests > > with that type of patch? The README file talks about sending patches to > > this list, whereas the Wiki talks about GitHub pull requests so I wanted > > to make sure I was following the right process. > > We really need to sort that out! :-) > > The preferred approach is an email to rt at openssl.org either with patches > attached or with a referenced github pull request. > > Matt > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Tue Jul 28 15:51:57 2015 From: rt at openssl.org (Adam Eijdenberg via RT) Date: Tue, 28 Jul 2015 15:51:57 +0000 Subject: [openssl-dev] [openssl.org #3961] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: References: Message-ID: Hi rt at openssl.org, Please see linked pull request for a small patch to fix various argument parsing issues noticed in genrsa and also some other tools: https://github.com/openssl/openssl/pull/339 Cheers, Adam -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rsalz at akamai.com Tue Jul 28 15:54:20 2015 From: rsalz at akamai.com (Salz, Rich) Date: Tue, 28 Jul 2015 15:54:20 +0000 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: <55B79EF6.9040000@openssl.org> References: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> <55B79EF6.9040000@openssl.org> Message-ID: <4ca40b2706614e71be0a4f39cef33757@ustx2ex-dag1mb2.msg.corp.akamai.com> > > or pull requests with that type of patch? The README file talks about > > sending patches to this list, whereas the Wiki talks about GitHub pull > > requests so I wanted to make sure I was following the right process. > > We really need to sort that out! :-) Can you point me to the wiki page? I'll fix it. And update the README. From matt at openssl.org Tue Jul 28 16:00:41 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 28 Jul 2015 17:00:41 +0100 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: <4ca40b2706614e71be0a4f39cef33757@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> <55B79EF6.9040000@openssl.org> <4ca40b2706614e71be0a4f39cef33757@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <55B7A729.8020204@openssl.org> On 28/07/15 16:54, Salz, Rich wrote: >>> or pull requests with that type of patch? The README file talks about >>> sending patches to this list, whereas the Wiki talks about GitHub pull >>> requests so I wanted to make sure I was following the right process. >> >> We really need to sort that out! :-) > > Can you point me to the wiki page? I'll fix it. And update the README. We have this documented (inconsistently) in a few different places: See the Feedback and Contributions section on the main wiki page: https://wiki.openssl.org/index.php/Main_Page Also this page: https://wiki.openssl.org/index.php/Use_of_Git Also some stuff here: https://wiki.openssl.org/index.php/Developing_For_OpenSSL On the website here: https://www.openssl.org/support/rt.html And of course also in the README. Matt From rt at openssl.org Tue Jul 28 17:31:33 2015 From: rt at openssl.org (Adam Eijdenberg via RT) Date: Tue, 28 Jul 2015 17:31:33 +0000 Subject: [openssl-dev] [openssl.org #3962] [PATCH] Fix behavior of unspecified number of requests for OCSP responder In-Reply-To: References: Message-ID: Documentation states that "-nrequest pnum Number of requests to accept (default unlimited)", but in practice not specifying "-nrequest" would have the affect of accepting only 1 request. Pull request to fix behavior to match docs: https://github.com/openssl/openssl/pull/343 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Tue Jul 28 18:36:38 2015 From: rt at openssl.org (Adam Eijdenberg via RT) Date: Tue, 28 Jul 2015 18:36:38 +0000 Subject: [openssl-dev] [openssl.org #3963] [PATCH] Fix -rev, -www and -WWW modes to also allow OCSP-stapled responses In-Reply-To: References: Message-ID: openssl s_server ignores all OCSP-stapling options if -rev, -www or -WWW are enabled. Fix by moving initialization of CTX to outside of the callback. At same time also set options on ctx2 if available (matching how other ctx options are set). See pull request: https://github.com/openssl/openssl/pull/344 Cheers, Adam -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From misaki.miyashita at oracle.com Tue Jul 28 19:17:24 2015 From: misaki.miyashita at oracle.com (Misaki.Miyashita) Date: Tue, 28 Jul 2015 14:17:24 -0500 Subject: [openssl-dev] PR for OpenSSL FIPS Message-ID: <55B7D544.5020407@oracle.com> Hi, I would like the same change as the following PR to be applied to the OpenSSL FIPS module: https://github.com/openssl/openssl/pull/342 How should I proceed in this case? Should I make a pull request for the openssl:OpenSSL-fips-2_0-dev branch? Thank you, -- misaki -- Oracle Solaris Security - Austin, TX Principal Software Engineer From adam.walling at gmail.com Tue Jul 28 20:02:31 2015 From: adam.walling at gmail.com (Adam Walling) Date: Tue, 28 Jul 2015 16:02:31 -0400 Subject: [openssl-dev] [PATCH] to fix hang in RAND_poll on Windows 7 / Server 2008R2 and other performance problems Message-ID: When Heap32First is called while RtlAllocateHeap is executing on another thread, the process can deadlock. The underlying bug has a hotfix from Microsoft, but is not part of a service pack. Only Windows 7 or 2008R2 are affected: https://support.microsoft.com/en-us/kb/2719306 Deadlock noted in various places, such as: http://rt.openssl.org/Ticket/Display.html?id=2485&user=guest&pass=guest http://comments.gmane.org/gmane.comp.encryption.openssl.devel/20440 And the performance was discussed and had workarounds as noted here: http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest The discussion here: http://openssl.6102.n7.nabble.com/Deadlock-in-RAND-poll-s-Heap32First-call-td13043.html proposed a similar solution to this, but discussion diverged from the actual problem. While using the heap as a source of entropy is debatable, we can still fix this issue while also avoiding the performance issue that was already patched with the workaround. In the existing code, the process ID of 0 is passed to CreateToolhelp32Snapshot, so it only iterates the heaps of the current process. This patch uses HeapWalk to implement the same behavior in a safer manner; toolhelp is still used to iterate the modules, threads, processes for entropy. HeapWalk and other functions used by this patch are available since NT 3.51, though they are dynamically loaded anyway. Most of the time, a windows process will only have or use one heap, but sometimes private heaps are used. However they cannot really be traversed safely since some may be created without serialization. The attached version patch will only use the main heap returned by GetProcessHeap since this is a safe operation. If there is only one heap, then this version matches the entropy provided by the existing implementation without the performance implications or deadlock / hang. If there is interest, I also have a version of this patch that iterates all heaps of the process in addition to the main heap (GetProcessHeap). However I am uncertain if the extra motes of entropy that those private heaps provide are worth potentially destabilizing the process. I did my best to maintain style using the OpenSSL style guide and 'when-in-rome' guidelines; for example there was a pre-existing mix of tabs and spaces for indentation, so I kept them where it already existed. I've been encountering this quite often on some machines that can't realistically be updated, and the patch works very well for both 0.9.8gz and 1.0.1h. The only changes are rand_win.c -- I've attached the unified diff for 1.0.1h, though the differences in the implementation of this change between 1.0.1h and 0.9.8zg are cosmetic only. I also have a diff for 0.9.8zg, as well as the implementation of walking all heaps for both of these release branches as well, but I'd rather not pollute this list with mostly-redundant patches. If preferred, I can create a pull request, but it seems that submitting simpler patches to the mailing list is suggested initial approach. Thanks, -- - Adam D. Walling -------------- next part -------------- --- rand_win.c.original 2014-06-05 05:41:30.000000000 -0400 +++ rand_win.c 2015-07-28 12:28:43.393846200 -0400 @@ -168,13 +168,15 @@ typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); -typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t); -typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); -typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); +typedef BOOL(WINAPI *HEAPWALK) (HANDLE, LPPROCESS_HEAP_ENTRY); +typedef BOOL(WINAPI *HEAPLOCK) (HANDLE); +typedef BOOL(WINAPI *HEAPUNLOCK) (HANDLE); +typedef HANDLE(WINAPI *GETPROCESSHEAP) (VOID); + #include #include #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE @@ -432,7 +434,67 @@ FreeLibrary(user); } - /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap + if (kernel) { + GETPROCESSHEAP get_process_heap; + HEAPWALK heap_walk; + HEAPLOCK heap_lock; + HEAPUNLOCK heap_unlock; + + HANDLE heap; + + DWORD starttime = 0; + + // HeapWalk et al available as of NT 3.51 + get_process_heap = (GETPROCESSHEAP) + GetProcAddress(kernel, "GetProcessHeap"); + heap_walk = (HEAPWALK) GetProcAddress(kernel, "HeapWalk"); + heap_lock = (HEAPLOCK) GetProcAddress(kernel, "HeapLock"); + heap_unlock = (HEAPUNLOCK) GetProcAddress(kernel, "HeapUnlock"); + + if (get_process_heap && heap_walk && heap_lock && heap_unlock) { + + if (good) + starttime = GetTickCount(); + + HANDLE heap; + PROCESS_HEAP_ENTRY hentry; + + heap = get_process_heap(); + + ZeroMemory(&hentry, sizeof(PROCESS_HEAP_ENTRY)); + int entrycnt = 80; + + heap_lock(heap); +# ifdef _MSC_VER + __try { +# endif + while (heap_walk(heap, &hentry) + && (!good + || (GetTickCount() - starttime) < + MAXDELAY) + && --entrycnt > 0) + { + /* PROCESS_HEAP_ENTRY has 5 fields that change with + * each entry. Consider each field a source of 1 byte + * of entropy. + */ + RAND_add(&hentry, sizeof(PROCESS_HEAP_ENTRY), 5); + } +# ifdef _MSC_VER + } + __except(EXCEPTION_EXECUTE_HANDLER) { + /* + * ignore access violations when walking the heap + * list + */ + } +# endif + heap_unlock(heap); + } + } + + + /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm * (Win 9x and 2000 only, not available on NT) * @@ -451,15 +513,10 @@ CLOSETOOLHELP32SNAPSHOT close_snap; HANDLE handle; - HEAP32FIRST heap_first; - HEAP32NEXT heap_next; - HEAP32LIST heaplist_first, heaplist_next; PROCESS32 process_first, process_next; THREAD32 thread_first, thread_next; MODULE32 module_first, module_next; - HEAPLIST32 hlist; - HEAPENTRY32 hentry; PROCESSENTRY32 p; THREADENTRY32 t; MODULEENTRY32 m; @@ -469,10 +526,6 @@ GetProcAddress(kernel, "CreateToolhelp32Snapshot"); close_snap = (CLOSETOOLHELP32SNAPSHOT) GetProcAddress(kernel, "CloseToolhelp32Snapshot"); - heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); - heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); - heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); - heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); @@ -480,90 +533,15 @@ module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); - if (snap && heap_first && heap_next && heaplist_first && - heaplist_next && process_first && process_next && + if (snap && process_first && process_next && thread_first && thread_next && module_first && - module_next && (handle = snap(TH32CS_SNAPALL,0)) - != INVALID_HANDLE_VALUE) + module_next && (handle = snap( + TH32CS_SNAPMODULE + | TH32CS_SNAPPROCESS + | TH32CS_SNAPTHREAD + , 0)) + != INVALID_HANDLE_VALUE) { - /* heap list and heap walking */ - /* HEAPLIST32 contains 3 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - * HEAPENTRY32 contains 5 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - */ - ZeroMemory(&hlist, sizeof(HEAPLIST32)); - hlist.dwSize = sizeof(HEAPLIST32); - if (good) starttime = GetTickCount(); -#ifdef _MSC_VER - if (heaplist_first(handle, &hlist)) - { - /* - following discussion on dev ML, exception on WinCE (or other Win - platform) is theoretically of unknown origin; prevent infinite - loop here when this theoretical case occurs; otherwise cope with - the expected (MSDN documented) exception-throwing behaviour of - Heap32Next() on WinCE. - - based on patch in original message by Tanguy Fautr? (2009/03/02) - Subject: RAND_poll() and CreateToolhelp32Snapshot() stability - */ - int ex_cnt_limit = 42; - do - { - RAND_add(&hlist, hlist.dwSize, 3); - __try - { - ZeroMemory(&hentry, sizeof(HEAPENTRY32)); - hentry.dwSize = sizeof(HEAPENTRY32); - if (heap_first(&hentry, - hlist.th32ProcessID, - hlist.th32HeapID)) - { - int entrycnt = 80; - do - RAND_add(&hentry, - hentry.dwSize, 5); - while (heap_next(&hentry) - && (!good || (GetTickCount()-starttime) 0); - } - } - __except (EXCEPTION_EXECUTE_HANDLER) - { - /* ignore access violations when walking the heap list */ - ex_cnt_limit--; - } - } while (heaplist_next(handle, &hlist) - && (!good || (GetTickCount()-starttime) 0); - } - -#else - if (heaplist_first(handle, &hlist)) - { - do - { - RAND_add(&hlist, hlist.dwSize, 3); - hentry.dwSize = sizeof(HEAPENTRY32); - if (heap_first(&hentry, - hlist.th32ProcessID, - hlist.th32HeapID)) - { - int entrycnt = 80; - do - RAND_add(&hentry, - hentry.dwSize, 5); - while (heap_next(&hentry) - && --entrycnt > 0); - } - } while (heaplist_next(handle, &hlist) - && (!good || (GetTickCount()-starttime) References: <55B7D544.5020407@oracle.com> Message-ID: <55B7E0FB.2050708@openssl.com> On 07/28/2015 03:17 PM, Misaki.Miyashita wrote: > Hi, > > I would like the same change as the following PR to be applied to the > OpenSSL FIPS module: > https://github.com/openssl/openssl/pull/342 > > How should I proceed in this case? > Should I make a pull request for the openssl:OpenSSL-fips-2_0-dev branch? > The FIPS module is unfortunately a special case because we can't make any changes to already validated code. Our only opportunity to introduce course code changes is when we do "change letter" updates, and those we have to pay for (and wait on for months). Only some kinds of source code changes can be done even with that process. For example, we were unable to fully mitigate "Lucky 13" for the FIPS-enabled OpenSSL because we weren't allowed to make the necessary changes to the FIPS module. So feel free to make changes yourself to your local copy of the code, but you'll need to get that modified code validated to claim FIPS 140-2 validation. There is no reason to use the FIPS module code otherwise, so the basic rule is you just have to live with whatever flaws or omissions are present. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc From rt at openssl.org Wed Jul 29 11:59:54 2015 From: rt at openssl.org (Woodhouse, David via RT) Date: Wed, 29 Jul 2015 11:59:54 +0000 Subject: [openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build In-Reply-To: <1438170735.26511.33.camel@intel.com> References: <1438170735.26511.33.camel@intel.com> Message-ID: Please pull the following fixes from git://git.infradead.org/users/dwmw2/openssl-nostdio.git These are browsable in gitweb at http://git.infradead.org/users/dwmw2/openssl-nostdio.git This removes a number of functions which require file access, which is not possible when OPENSSL_NO_STDIO is set. In some cases the functions were already missing, but the declarations were still present in the header files (and causing compilation errors if FILE was not defined). In other cases the declarations were correctly made conditional but the actual functions still existed. A couple of places use the BUFSIZ macro for a temporary buffer, and needed an alternative. The unused OPENSSL_stderr() function that does nothing but return stderr is removed entirely. OPENSSL_showfatal() now does nothing for the no-stdio build. It might be possible to (re)introduce OPENSSL_std{in,out,err} as BIOs. Even platforms which have no file access and no true stdio will often have some form of console output, and BIO_printf() to that could certainly work for things like OPENSSL_showfatal(). That's left for a later date. The main thing that I'm *not* happy with is including to make sscanf() work in OPENSSL_cpuid_setup(). That's at the very end of the tree for a reason. David Woodhouse (17): Eliminate compiler warning for unused send_fp_chars() with no-stdio Disable GOST engine when no-stdio Disable TEST_ENG_OPENSSL_PKEY with no-stdio Eliminate compiler warning for unused do_pk8pkey_fp() with no-stdio Eliminate SRP_VBASE_init() and supporting functions for no-stdio Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid() to fix no-stdio Disable X509_LOOKUP_hash_dir() with no-stdio Add missing DECLARE_PEM_write_fp_const for no-stdio Remove functions taking FILE * from header files for no-stdio Disable file-based TS_CONF_* functions for no-stdio build Disable file: values in pci_process_value() for no-stdio build Add fallback definition of BUFSIZ for no-stdio build Remove unviable conf functionality from no-stdio build Remove file-based functionality from ssl/ for no-stdio build Kill OPENSSL_stderr() Make OPENSSL_showfatal do nothing with no-stdio Include for sscanf() even with no-stdio -- Sent with Evolution's ActiveSync support. David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3437 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Jul 29 12:24:42 2015 From: rt at openssl.org (Woodhouse, David via RT) Date: Wed, 29 Jul 2015 12:24:42 +0000 Subject: [openssl-dev] [openssl.org #3964] Fix OPENSSL_NO_STDIO build In-Reply-To: <1438172644.26511.40.camel@intel.com> References: <1438170735.26511.33.camel@intel.com> <1438172644.26511.40.camel@intel.com> Message-ID: This is the full patch, in case that's easier to read. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: RT3964-Fix_OPENSSL_NO_STDIO_build.patch Type: text/x-patch Size: 33001 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3437 bytes Desc: not available URL: From rt at openssl.org Wed Jul 29 14:00:09 2015 From: rt at openssl.org (Cezary Pytka via RT) Date: Wed, 29 Jul 2015 14:00:09 +0000 Subject: [openssl-dev] [openssl.org #3966] Enhancement: s_client proxy basic authorization In-Reply-To: References: Message-ID: Hi, Regarding OpenSSL v1.1.0-dev on Cygwin64, Windows 8.1 I've tried to use the proxy option in s_client and it seems that it doesn't support basic authorization via user:password at proxyhost:port. I get an error "getservbyname failure for password at proxyhost:port" If I try user at proxyhost:port I get "gethostbyname failure" Cezary -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Jul 29 14:00:08 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Wed, 29 Jul 2015 14:00:08 +0000 Subject: [openssl-dev] [openssl.org #3965] Restore OPENSSL_NO_RFC3779 In-Reply-To: <1438175976.26511.50.camel@infradead.org> References: <1438175976.26511.50.camel@infradead.org> Message-ID: This reverts the non-cleanup parts of commit c73ad69017. We do actually have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI build, since we don't have a strspn() function in our runtime environment and we don't want the RFC3779 functionality anyway. In addition, it changes the default behaviour of the Configure script so that RFC3779 support isn't disabled by default. It was always disabled from when it was first added in 2006, right up until the point where OPENSSL_NO_RFC3779 was turned into a no-op ? and the code in the Configure script was left *trying* to disable it, but not actually working. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Revert-OPENSSL_NO_xxx-cleanup-RFC3779.patch Type: text/x-patch Size: 10500 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rsalz at akamai.com Wed Jul 29 20:09:34 2015 From: rsalz at akamai.com (Salz, Rich) Date: Wed, 29 Jul 2015 20:09:34 +0000 Subject: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: <55B7A729.8020204@openssl.org> References: <4361e79c6d2a41928df5095ea0c5196e@ustx2ex-dag1mb2.msg.corp.akamai.com> <55B79EF6.9040000@openssl.org> <4ca40b2706614e71be0a4f39cef33757@ustx2ex-dag1mb2.msg.corp.akamai.com> <55B7A729.8020204@openssl.org> Message-ID: <8281c72efa7c4fc59084834631c65e72@ustx2ex-dag1mb2.msg.corp.akamai.com> > See the Feedback and Contributions section on the main wiki page: > https://wiki.openssl.org/index.php/Main_Page > > Also this page: > https://wiki.openssl.org/index.php/Use_of_Git > > Also some stuff here: > https://wiki.openssl.org/index.php/Developing_For_OpenSSL > > On the website here: > https://www.openssl.org/support/rt.html > > And of course also in the README. All fixed. From rt at openssl.org Wed Jul 29 20:30:22 2015 From: rt at openssl.org (Praveen Kariyanahalli via RT) Date: Wed, 29 Jul 2015 20:30:22 +0000 Subject: [openssl-dev] [openssl.org #3967] Assert hit in the latest 1.0.2d code In-Reply-To: References: Message-ID: int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) { unsigned char *p,*pseq; int i,mac_size,clear=0; int prefix_len = 0; SSL3_RECORD *wr; SSL3_BUFFER *wb; SSL_SESSION *sess; int bs; /* first check if there is a SSL3_BUFFER still being written * out. This will happen with non blocking IO */ if (s->s3->wbuf.left != 0) { * OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */* return(ssl3_write_pending(s,type,buf,len)); } ================================== (gdb) frame 2 #2 0x00007ffff6d690d5 in do_dtls1_write (s=0x7ffff4fe5c10, type=23, buf=0x7ffff4bdf010 "\005@\200", len=62, create_empty_fragment=0) at d1_pkt.c:1505 1505 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ (gdb) p s->s3->wbuf $1 = {buf = 0x7ffff36f6010 "\027\376\375", len = 17584, offset = 0, left = 99} (gdb) ==================================== We seem to hit this assert with the latest code. Our sockets are all in non-blocking fashion. I dont see this assert in the previous releases. Can somebody throw more light on to this ? It is urgent. As we are not able to migrate to this version because of this regression. Thanks in Advance -Praveen -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Wed Jul 29 20:59:51 2015 From: rt at openssl.org (Rich Salz via RT) Date: Wed, 29 Jul 2015 20:59:51 +0000 Subject: [openssl-dev] [openssl.org #3639] document the -no_comp command line option In-Reply-To: <20141220152505.GA4409@reykholt.kaiser.cx> References: <20141220152505.GA4409@reykholt.kaiser.cx> Message-ID: Fixed in master; thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Wed Jul 29 22:35:19 2015 From: rt at openssl.org (Matt Caswell via RT) Date: Wed, 29 Jul 2015 22:35:19 +0000 Subject: [openssl-dev] [openssl.org #3967] Assert hit in the latest 1.0.2d code In-Reply-To: References: Message-ID: On Wed Jul 29 20:30:22 2015, praveen at viptela.com wrote: > We seem to hit this assert with the latest code. Our sockets are all in > non-blocking fashion. I dont see this assert in the previous releases. What was the last release you tried where this worked? Was this previously working on a 1.0.2 release? > > Can somebody throw more light on to this ? It is urgent. As we are not able > to migrate to this version because of this regression. Please can you try the attached patch and let me know if that makes any difference. There seems to be an issue with DTLS1.2. If the underlying BIO write buffers are full DTLS is supposed to drop the packet and clear out the internal OpenSSL buffer. This code was only testing for DTLS1 not DTLS1 and DTLS1.2. If you are using DTLS1.2 then the internal buffer does not get cleared out, and the next time you try to write some data it falls over because the buffer should be empty but it isn't. Matt -------------- next part -------------- A non-text attachment was scrubbed... Name: fix-dtls-assert.patch Type: text/x-patch Size: 1218 bytes Desc: not available URL: From rt at openssl.org Thu Jul 30 01:23:07 2015 From: rt at openssl.org (Rich Salz via RT) Date: Thu, 30 Jul 2015 01:23:07 +0000 Subject: [openssl-dev] [openssl.org #3774] Double free in dsa_priv_encode In-Reply-To: <908fd54a4da04c288e2749b21318fd98@EX13-CZ-03.cz.avg.com> References: <908fd54a4da04c288e2749b21318fd98@EX13-CZ-03.cz.avg.com> Message-ID: Thanks! OpenSSL_1_0_0-stable 86fecb2 RT3774: double-free in DSA OpenSSL_1_0_1-stable 721cbae RT3774: double-free in DSA OpenSSL_1_0_2-stable 374fd38 RT3774: double-free in DSA master fa4629b RT3774: double-free in DSA Author: Martin Vejnar Date: Wed Jul 29 17:28:19 2015 -0400 RT3774: double-free in DSA Reviewed-by: Matt Caswell -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From matt at openssl.org Thu Jul 30 10:00:45 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 30 Jul 2015 11:00:45 +0100 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150728140938.GA4079@w1.fi> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> <20150727215126.GA9715@w1.fi> <55B6B079.9040009@openssl.org> <20150728140938.GA4079@w1.fi> Message-ID: <55B9F5CD.7010901@openssl.org> On 28/07/15 15:09, Jouni Malinen wrote: > The remaining issue for EAP-FAST server is in the > SSL_set_session_secret_cb() callback not having access to the correct > server_random through SSL_get_server_random(). In earlier OpenSSL > versions, I could fetch this from ssl->s3->server_random. However, > SSL_get_server_random() seems to return some bogus data at this point in > the sequence (_before_ the ServerHello has actually been written). The > correct server_random becomes available later, but that's too late to be > able to derive the correct master_secret in the session secret > callback.. Is this still a problem? From looking at the code it seems to me that the server random is set prior to calling the callback: /* * Check if we want to use external pre-shared secret for this handshake * for not reused session only. We need to generate server_random before * calling tls_session_secret_cb in order to allow SessionTicket * processing to use it in key derivation. */ { unsigned char *pos; pos = s->s3->server_random; if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) { goto f_err; } } if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); if (s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, ciphers, &pref_cipher, s->tls_session_secret_cb_arg)) { Checking the commit logs this seems to have been put in by this commit responding to one of your tickets! commit 12bf56c017a34bd0d5fc6d817564ae49d0a9e861 Author: Dr. Stephen Henson AuthorDate: Sat Nov 15 17:18:12 2008 +0000 Commit: Dr. Stephen Henson CommitDate: Sat Nov 15 17:18:12 2008 +0000 PR: 1574 Submitted by: Jouni Malinen Approved by: steve at openssl.org Ticket override support for EAP-FAST. You seem to imply that you can get the server_random through ssl->s3->server_random but not through SSL_get_server_random(). Looking at the code I can't see an obvious reason why that would be the case. Here is SSL_get_server_random(): size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) { if (outlen == 0) return sizeof(ssl->s3->server_random); if (outlen > sizeof(ssl->s3->server_random)) outlen = sizeof(ssl->s3->server_random); memcpy(out, ssl->s3->server_random, outlen); return outlen; } Matt From rt at openssl.org Thu Jul 30 11:11:20 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Thu, 30 Jul 2015 11:11:20 +0000 Subject: [openssl-dev] [openssl.org #3628] NDEBUG macro and redundant strings In-Reply-To: <1438254663.26511.146.camel@infradead.org> References: <1437996757.4155.44.camel@infradead.org> <1438254663.26511.146.camel@infradead.org> Message-ID: On Mon, 2015-07-27 at 12:32 +0100, David Woodhouse wrote: > Rather than littering the source with #ifdef NDEBUG, I had considered > instead introducing OPENSSL_FILE and OPENSSL_LINE. Here's a patch which implements that. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3628-Allow-filenames-to-be-eliminated-from-compile.patch Type: text/x-patch Size: 26650 bytes Desc: not available URL: From rt at openssl.org Thu Jul 30 11:25:28 2015 From: rt at openssl.org (Julius Villapando via RT) Date: Thu, 30 Jul 2015 11:25:28 +0000 Subject: [openssl-dev] [openssl.org #3968] HOSENT: redefinition error In-Reply-To: <1201272200.5605558.1438253573652.JavaMail.yahoo@mail.yahoo.com> References: <1201272200.5605558.1438253573652.JavaMail.yahoo@mail.yahoo.com> Message-ID: Hi, I'm trying to use the openssl library along with other libraries but the HOSENT in bio.h conflicts with winsock.h HOSENT, do you guys have a solution for this, or can I request that you change the name of HOSENT to avoid the redefinition error? Thanks in advance. Here is the error:openssl/bio.h(729) : error C2371: 'HOSTENT' : redefinition; different basic types winsock.h(1029) : see declaration of 'HOSTENT' -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Jul 30 11:25:35 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Thu, 30 Jul 2015 11:25:35 +0000 Subject: [openssl-dev] [openssl.org #3969] [PATCH] Add OPENSSL_SYS_UEFI In-Reply-To: <1438255199.26511.151.camel@infradead.org> References: <1438255199.26511.151.camel@infradead.org> Message-ID: >From 22bb269a219147c9bba0debf652458796850cadc Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 27 Jul 2015 11:05:14 +0100 Subject: [PATCH] Add OPENSSL_SYS_UEFI This provides support for building in the EDK2 reference implementation of UEFI. Most UEFI firmware in existence uses OpenSSL for implementing the core cryptographic functionality needed for Secure Boot. This has always previously been handled with external patches to OpenSSL but we are now making a concerted effort to eliminate those. In this mode, we don't actually use the OpenSSL makefiles; we process the MINFO file generated by 'make files' and incorporate it into the EDK2 build system. Signed-off-by: David Woodhouse --- Configurations/10-main.conf | 7 +++++++ crypto/rand/rand_egd.c | 2 +- crypto/rand/rand_unix.c | 4 ++-- e_os.h | 2 +- include/openssl/e_os2.h | 5 +++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index b5d32b6..2dcc82d 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1207,6 +1207,13 @@ shared_extension => ".dll.a", }, +#### UEFI + "UEFI" => { + cc => "cc", + cflags => "-DL_ENDIAN -O", + sys_id => "UEFI", + }, + #### UWIN "UWIN" => { cc => "cc", diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 44ed4bb..d062dd6 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return (-1); diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 72f8617..bb70a5b 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -116,7 +116,7 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) # include # include @@ -419,7 +419,7 @@ int RAND_poll(void) * defined(OPENSSL_SYS_VXWORKS) || * defined(OPENSSL_SYS_NETWARE)) */ -#if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) int RAND_poll(void) { return 0; diff --git a/e_os.h b/e_os.h index 4c1b4aa..b3a3338 100644 --- a/e_os.h +++ b/e_os.h @@ -112,7 +112,7 @@ extern "C" { # define MSDOS # endif -# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS) +# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS) # define GETPID_IS_MEANINGLESS # endif diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 177b098..6327a64 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -76,6 +76,11 @@ extern "C" { # define OPENSSL_SYS_NETWARE # endif +/* -------------------------------- UEFI ---------------------------------- */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# endif + /* --------------------- Microsoft operating systems ---------------------- */ /* -- 2.4.3 -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Jul 30 14:46:13 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Thu, 30 Jul 2015 14:46:13 +0000 Subject: [openssl-dev] [openssl.org #2464] [PATCH] Experimental TLS-RSA-PSK support for OpenSSL In-Reply-To: References: <558707EA.8090703@kdab.com> <5589BCEF.2080709@kdab.com> Message-ID: On Tue Jun 23 20:09:36 2015, giuseppe.dangelo at kdab.com wrote: > Il 22/06/2015 23:14, Stephen Henson via RT ha scritto: > >> > > > > I'm currently looking at the OpenSSL PSK code. I'll look into > > incopoorating > > your changes (in a modified form) as part of that so there is no need > > to keep > > it up to date with the changing master branch. > > Great, thank you! I've just pushed the update PSK code to the master branch. Let me know of any problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rt at openssl.org Thu Jul 30 14:47:32 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Thu, 30 Jul 2015 14:47:32 +0000 Subject: [openssl-dev] [openssl.org #2299] [PATCH] Null cipher support PSK/PKI for 1.0.0 In-Reply-To: <6594DDFF12B03D4E89690887C2486994020AB65496@hasmsx504.ger.corp.intel.com> References: <6594DDFF12B03D4E89690887C2486994020AB65496@hasmsx504.ger.corp.intel.com> Message-ID: The official NULL PSK ciphersuites have now been added to the master branch. Closing ticket. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From openssl-users at dukhovni.org Thu Jul 30 15:09:18 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 30 Jul 2015 15:09:18 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: References: <558707EA.8090703@kdab.com> Message-ID: <20150730150917.GV4347@mournblade.imrryr.org> On Sun, Jun 21, 2015 at 07:00:55PM +0000, Giuseppe D'Angelo via RT wrote: > diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod > index c2d40ac..7fbe3a4 100644 > --- a/doc/apps/ciphers.pod > +++ b/doc/apps/ciphers.pod > @@ -585,10 +585,22 @@ Note: these ciphers can also be used in SSL v3. > > =head2 Pre shared keying (PSK) ciphersuites > > + TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA > + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA > + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA > + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 > + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 > + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 > + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 > TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA > TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA > TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA > TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA > + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 > + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 > + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 > + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 Question, should we really be adding new RC4 or new 3DES ciphersuites? Both ciphers are rather obsolete now. And we even have an RFC that "bans" RC4. While I have been known to resist potentially premature removal of *existing* RC4 support, I am certainly not a fan of RC4 and see no reason to add more RC4 to OpenSSL. And while 3DES seems to be holding up moderately well for its age, I see no reason to add more 3DES ciphersuites. Therefore, I would to propose that the 3DES and RC4 PSK ciphersuites not be included. I am not even sure that adding Camellia is a net win, ideally AES and (soonish) ChaCha20 are enough. One might similarly question the longevity of the new CBC suites, TLS 1.3 is moving to AEAD only (the PSK AEAD ciphers will IIRC be used for session resumption in 1.3). How many of the new ciphersuites are used/needed in practice? Which are MTI for PSK? I think that when adding ciphersuites, we have the opportunity/responsibility to exercise good judgement and enable only the essential ones, and try to keep a lid on needless ciphersuite proliferation. -- Viktor. From rt at openssl.org Thu Jul 30 16:10:14 2015 From: rt at openssl.org (Suchyan Tubcharoen via RT) Date: Thu, 30 Jul 2015 16:10:14 +0000 Subject: [openssl-dev] [openssl.org #3970] [openssl.org Bug Report] openssl win64 "smime -encrypt" can not handle big files In-Reply-To: References: Message-ID: This affects only openssl windows 64-bit binary, not openssl windows 32-bit binary. OS: Windows 64-bit OpenSSL Version: 1.0.2d 64 bit ( https://slproweb.com/products/Win32OpenSSL.html ) How to reproduce: using command smime -encrypt with a big file, say 350 MB openssl smime -encrypt -binary -in file.bin -aes-256-cbc -outform DER -out file.bin.encrypted cer.crt The output file is decreased in size and, of course, broken. Changing algorithms results exactly the same decreased output size. Regards, Suchyan. From rt at openssl.org Thu Jul 30 17:59:09 2015 From: rt at openssl.org (Stephen Henson via RT) Date: Thu, 30 Jul 2015 17:59:09 +0000 Subject: [openssl-dev] [openssl.org #3970] [openssl.org Bug Report] openssl win64 "smime -encrypt" can not handle big files In-Reply-To: References: Message-ID: On Thu Jul 30 16:10:14 2015, hotguest1 at hotmail.com wrote: > This affects only openssl windows 64-bit binary, not openssl windows > 32-bit binary. > > OS: Windows 64-bit > OpenSSL Version: 1.0.2d 64 bit ( > https://slproweb.com/products/Win32OpenSSL.html ) > > How to reproduce: > using command smime -encrypt with a big file, say 350 MB > > openssl smime -encrypt -binary -in file.bin -aes-256-cbc -outform DER > -out file.bin.encrypted cer.crt > > The output file is decreased in size and, of course, broken. > Changing algorithms results exactly the same decreased output size. > Can't reproduce it here with latest 1.0.2 stable branch and Win64. Tried it on a 600MB file and no problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org From rsalz at akamai.com Thu Jul 30 18:19:20 2015 From: rsalz at akamai.com (Salz, Rich) Date: Thu, 30 Jul 2015 18:19:20 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <20150730150917.GV4347@mournblade.imrryr.org> References: <558707EA.8090703@kdab.com> <20150730150917.GV4347@mournblade.imrryr.org> Message-ID: <2405b699e4204b75bfd8d158b54759b6@ustx2ex-dag1mb2.msg.corp.akamai.com> > Therefore, I would to propose that the 3DES and RC4 PSK ciphersuites not be > included. > > I am not even sure that adding Camellia is a net win, ideally AES and (soonish) > ChaCha20 are enough. > > One might similarly question the longevity of the new CBC suites, TLS 1.3 is > moving to AEAD only (the PSK AEAD ciphers will IIRC be used for session > resumption in 1.3). What Viktor said. From rt at openssl.org Thu Jul 30 20:41:02 2015 From: rt at openssl.org (A. Klitzing via RT) Date: Thu, 30 Jul 2015 20:41:02 +0000 Subject: [openssl-dev] [openssl.org #3971] Bug: install_sw target broken with no-engine In-Reply-To: References: Message-ID: Hi there! The install_sw target of current master branch [1] is broken if no-engine is provided. Same works with 1.0.2d! Steps: $ ./Configure --prefix=/tmp/test no-engine shared linux-x86_64 [...] $ make depend [...] $ make [...] $ make install_sw making install in engines... make[1]: Entering directory '/XXX/openssl/engines' installing 4758cca cp: cannot stat 'lib4758cca.so': No such file or directory Makefile:96: recipe for target 'install' failed make[1]: *** [install] Error 1 make[1]: Leaving directory '/XXX/openssl/engines' Makefile:524: recipe for target 'install_sw' failed make: *** [install_sw] Error 1 Best regards Andr? Klitzing [1] 3df16cc2e27f75eac2c0991248b0c294e2c847b5 -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Jul 30 20:41:02 2015 From: rt at openssl.org (Kaduk, Ben via RT) Date: Thu, 30 Jul 2015 20:41:02 +0000 Subject: [openssl-dev] [openssl.org #3972] EVP documentation implicitly recommends the use of single-DES In-Reply-To: References: Message-ID: See https://github.com/openssl/openssl/pull/348 I was looking for something else but then saw this text about "normally supplied by a function such as EVP_des_cbc()"; we should not be misleading our users in such a fashion. -Ben _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Thu Jul 30 21:55:36 2015 From: rt at openssl.org (Woodhouse, David via RT) Date: Thu, 30 Jul 2015 21:55:36 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1438293307.26511.254.camel@intel.com> References: <1437569859.3905.87.camel@intel.com> <20150722164747.GG4347@mournblade.imrryr.org> <1438079885.26913.127.camel@infradead.org> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1438293307.26511.254.camel@intel.com> Message-ID: On Tue, 2015-07-28 at 11:00 +0000, Salz, Rich via RT wrote: > It seems that the simplest and most obvious thing is to indicate that > you don't care about the dates, which is what this patch does. Obviously I agree, but life's too short to argue about it and I *do* have a viable alternative, with a verify_cb function that just ignores X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED. So (for the record) I've submitted patches to EDKII which do precisely that, and I don't depend on this patch any more. Close the RT if you wish. Having said that, if OpenSSL *does* gain this functionality then I'll happily change the EDKII code to make use of it, because I think it's the better approach. If requested, I can still provide a patch with the alternative variant of using a X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time(). -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3437 bytes Desc: not available URL: From openssl-users at dukhovni.org Thu Jul 30 22:08:03 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Thu, 30 Jul 2015 22:08:03 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <20150722164747.GG4347@mournblade.imrryr.org> <1438079885.26913.127.camel@infradead.org> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1438293307.26511.254.camel@intel.com> Message-ID: <20150730220803.GB4347@mournblade.imrryr.org> On Thu, Jul 30, 2015 at 09:55:36PM +0000, Woodhouse, David via RT wrote: > On Tue, 2015-07-28 at 11:00 +0000, Salz, Rich via RT wrote: > > It seems that the simplest and most obvious thing is to indicate that > > you don't care about the dates, which is what this patch does. > > Obviously I agree, but life's too short to argue about it and I *do* > have a viable alternative, with a verify_cb function that just ignores > X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED. You have to be careful how you do that. The final error in the X509_STORE_CTX is the *last* error reported, and other errors may also have been detected earlier. If your callback always returns the "ok" input except for the two above errors, you're fine. But if returns "1" in additional cases, and then in the end you look at the store error status, you may be in trouble. That's in issue in applications that don't immediately terminate the handshake on authentication errors, and disconnect more gracefully at the application layer when authentication fails. -- Viktor. From dwmw2 at infradead.org Thu Jul 30 22:20:05 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Thu, 30 Jul 2015 23:20:05 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <20150730220803.GB4347@mournblade.imrryr.org> References: <1437569859.3905.87.camel@intel.com> <20150722164747.GG4347@mournblade.imrryr.org> <1438079885.26913.127.camel@infradead.org> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1438293307.26511.254.camel@intel.com> <20150730220803.GB4347@mournblade.imrryr.org> Message-ID: <1438294805.26511.260.camel@infradead.org> On Thu, 2015-07-30 at 22:08 +0000, Viktor Dukhovni wrote: > > > Obviously I agree, but life's too short to argue about it and I *do* > > have a viable alternative, with a verify_cb function that just ignores > > X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED. > > You have to be careful how you do that. The final error in the > X509_STORE_CTX is the *last* error reported, and other errors > may also have been detected earlier. > > If your callback always returns the "ok" input except for the two > above errors, you're fine. But if returns "1" in additional cases, > and then in the end you look at the store error status, you may be > in trouble. That's in issue in applications that don't immediately > terminate the handshake on authentication errors, and disconnect > more gracefully at the application layer when authentication fails. Thanks for the warning. I don't believe we're looking at the store error status at all; we only care about the return value from X509_verify_cert() ? either directly, or when PKCS7_verify() calls it. (There's no SSL here; only crypto. It's for verifying certificate chains and checking signatures on boot images). So I think it's fine. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rsalz at akamai.com Fri Jul 31 03:09:32 2015 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 31 Jul 2015 03:09:32 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <20150722164747.GG4347@mournblade.imrryr.org> <1438079885.26913.127.camel@infradead.org> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1438293307.26511.254.camel@intel.com> Message-ID: > If requested, I can still provide a patch with the alternative variant of using a > X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a > 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time(). Yes, please. From rt at openssl.org Fri Jul 31 03:09:46 2015 From: rt at openssl.org (Salz, Rich via RT) Date: Fri, 31 Jul 2015 03:09:46 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <1438079885.26913.127.camel@infradead.org> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1438293307.26511.254.camel@intel.com> Message-ID: > If requested, I can still provide a patch with the alternative variant of using a > X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a > 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time(). Yes, please. From paul at securecottage.com Fri Jul 31 02:36:03 2015 From: paul at securecottage.com (paul at securecottage.com) Date: Fri, 31 Jul 2015 02:36:03 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) Message-ID: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> Hi there, I have looked at the RSA protocol a bit and have concluded that 1) common factors in (p-1) and (q-1) are also in the factorisation of (p*q-1). 2) by factoring (p*q-1) you can come up with candidates for squares in the totient. 3) you can also come up with d mod commonfactor^2 if there is a common factor. the math is shown in my wikipedia users page math blog at: https://en.wikipedia.org/wiki/User:Endo999#The_Bad_Stuff_That_Happens_When_There_Are_Common_Factors_Between_.28P-1.29_and_.28Q-1.29 I have looked at your latest source to see if you have a possible common factor for (p-1) and (q-1) in your RSA key generation code. I have concluded, after a quick look, that you may when you are not using SAFE mode to generate the keys. When keys are generated using SAFE mode then (p-1)/2 must be a prime. As the factorisation of p-1==2*prime and there are checks to make sure that p and q are not the same, then you cannot have a common factor in p-1 and q-1 besides 2. The code in rsa_builtin_keygen() does not use safe mode when generating keys using BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb). There are tests for these primes, but there does not seem to be an explicit check that there are no common factors in (p-1) and (q-1) besides 2 or 3. The authors of the code may well correct me here since I have just quickly looked at it. A quick check for this condition with BN_GCD(p-1,q-1)>3 in rsa_builtin_keygen() would detect any problems and avoid the possible leaking of part of the totient. I admit that it is unlikely that a large enough part of the totient would be revealed (when a truely random generator is used) to endanger the RSA pair, but I think it is a bit of housekeeping that knowledge of even small factors (besides 2 and 3) are kept out of the attackers hands. Thank You Paul Cheffers From dwmw2 at infradead.org Fri Jul 31 07:54:37 2015 From: dwmw2 at infradead.org (David Woodhouse) Date: Fri, 31 Jul 2015 08:54:37 +0100 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: References: <1437569859.3905.87.camel@intel.com> <20150722164747.GG4347@mournblade.imrryr.org> <1438079885.26913.127.camel@infradead.org> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1438293307.26511.254.camel@intel.com> Message-ID: <1438329277.26511.266.camel@infradead.org> On Fri, 2015-07-31 at 03:09 +0000, Salz, Rich wrote: > > If requested, I can still provide a patch with the alternative variant of using a > > X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a > > 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time(). > > Yes, please. [dwoodhou at i7 apps]$ ./openssl verify ~/.cert.20100813/certificate.pem C = US, O = Intel Corporation, CN = Intel Intranet Basic Issuing CA 1B error 10 at 1 depth lookup:certificate has expired DC = com, DC = intel, DC = corp, DC = ger, OU = Workers, CN = "Woodhouse, David", emailAddress = david.woodhouse at intel.com error 10 at 0 depth lookup:certificate has expired /home/dwmw2/.cert.20100813/certificate.pem: OK [dwoodhou at i7 apps]$ ./openssl verify -no_check_time ~/.cert.20100813/certificate.pem /home/dwmw2/.cert.20100813/certificate.pem: OK -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3951-Add-X509_V_FLAG_NO_CHECK_TIME-to-suppress-tim.patch Type: text/x-patch Size: 4751 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From rt at openssl.org Fri Jul 31 07:54:56 2015 From: rt at openssl.org (David Woodhouse via RT) Date: Fri, 31 Jul 2015 07:54:56 +0000 Subject: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled In-Reply-To: <1438329277.26511.266.camel@infradead.org> References: <1437569859.3905.87.camel@intel.com> <34aed41476b04899a0cdd65080d526e0@ustx2ex-dag1mb2.msg.corp.akamai.com> <1438293307.26511.254.camel@intel.com> <1438329277.26511.266.camel@infradead.org> Message-ID: On Fri, 2015-07-31 at 03:09 +0000, Salz, Rich wrote: > > If requested, I can still provide a patch with the alternative variant of using a > > X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a > > 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time(). > > Yes, please. [dwoodhou at i7 apps]$ ./openssl verify ~/.cert.20100813/certificate.pem C = US, O = Intel Corporation, CN = Intel Intranet Basic Issuing CA 1B error 10 at 1 depth lookup:certificate has expired DC = com, DC = intel, DC = corp, DC = ger, OU = Workers, CN = "Woodhouse, David", emailAddress = david.woodhouse at intel.com error 10 at 0 depth lookup:certificate has expired /home/dwmw2/.cert.20100813/certificate.pem: OK [dwoodhou at i7 apps]$ ./openssl verify -no_check_time ~/.cert.20100813/certificate.pem /home/dwmw2/.cert.20100813/certificate.pem: OK -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-RT3951-Add-X509_V_FLAG_NO_CHECK_TIME-to-suppress-tim.patch Type: text/x-patch Size: 4752 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: From michel.sales at free.fr Fri Jul 31 12:45:56 2015 From: michel.sales at free.fr (Michel) Date: Fri, 31 Jul 2015 14:45:56 +0200 Subject: [openssl-dev] [openssl.org #3968] HOSENT: redefinition error In-Reply-To: References: <1201272200.5605558.1438253573652.JavaMail.yahoo@mail.yahoo.com> Message-ID: <000601d0cb8e$d9386250$8ba926f0$@sales@free.fr> Hi Julius, I am afraid this is not related to the 'dev' list. Did you try to modify the order of your header files as mentioned on several other forums ? http://comments.gmane.org/gmane.comp.encryption.openssl.devel/14135 (and include WinSock2.h before windows.h) Regards, Michel -----Message d'origine----- De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Julius Villapando via RT Envoy? : jeudi 30 juillet 2015 13:25 Cc : openssl-dev at openssl.org Objet : [openssl-dev] [openssl.org #3968] HOSENT: redefinition error Hi, I'm trying to use the openssl library along with other libraries but the HOSENT in bio.h conflicts with winsock.h HOSENT, do you guys have a solution for this, or can I request that you change the name of HOSENT to avoid the redefinition error? Thanks in advance. Here is the error:openssl/bio.h(729) : error C2371: 'HOSTENT' : redefinition; different basic types winsock.h(1029) : see declaration of 'HOSTENT' From rt at openssl.org Fri Jul 31 12:46:42 2015 From: rt at openssl.org (Michel via RT) Date: Fri, 31 Jul 2015 12:46:42 +0000 Subject: [openssl-dev] [openssl.org #3968] HOSENT: redefinition error In-Reply-To: <000601d0cb8e$d9386250$8ba926f0$@sales@free.fr> References: <1201272200.5605558.1438253573652.JavaMail.yahoo@mail.yahoo.com> <000601d0cb8e$d9386250$8ba926f0$@sales@free.fr> Message-ID: Hi Julius, I am afraid this is not related to the 'dev' list. Did you try to modify the order of your header files as mentioned on several other forums ? http://comments.gmane.org/gmane.comp.encryption.openssl.devel/14135 (and include WinSock2.h before windows.h) Regards, Michel -----Message d'origine----- De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Julius Villapando via RT Envoy? : jeudi 30 juillet 2015 13:25 Cc : openssl-dev at openssl.org Objet : [openssl-dev] [openssl.org #3968] HOSENT: redefinition error Hi, I'm trying to use the openssl library along with other libraries but the HOSENT in bio.h conflicts with winsock.h HOSENT, do you guys have a solution for this, or can I request that you change the name of HOSENT to avoid the redefinition error? Thanks in advance. Here is the error:openssl/bio.h(729) : error C2371: 'HOSTENT' : redefinition; different basic types winsock.h(1029) : see declaration of 'HOSTENT' From kannanar at cisco.com Fri Jul 31 12:51:41 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Fri, 31 Jul 2015 12:51:41 +0000 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: References: Message-ID: Hi All, Any pointers on this much appreciated. Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Monday, July 27, 2015 9:39 AM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Hi Team, Can anyone share the thoughts on this? Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Thursday, July 23, 2015 5:46 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Any thoughts much appreciated. ~Kannan N. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Wednesday, July 22, 2015 4:54 PM To: openssl-dev at openssl.org Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 Hi, To disable SSLv2 and SSLv3 while compilation used no-ssl2 and no-ssl3 option for windows platform. But getting the below link error. Without option "no-ssl2 no-ssl3" I can compile successfully. Any pointers to resolve this issue? Thanks in advance. LINK : warning LNK4001: no object files specified; libraries used LINK : warning LNK4068: /MACHINE not specified; defaulting to IX86 LINK : warning LNK4001: no object files specified; libraries used SSLEAY32.def : error LNK2001: unresolved external symbol BIO_f_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_buffer_ssl_connec SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl_connect SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_copy_session_id SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_shutdown SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_client_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_server_method SSLEAY32.def : error LNK2001: unresolved external symbol ERR_load_SSL_strings SSLEAY32.def : error LNK2001: unresolved ex ternal symbol SSL_CIPHER_description SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_bits SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_version SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_add_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_client_CA SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_session SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_callback_ctrl SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_check_private_key Openssl Version: openssl-0.9.8zc Commands used: VCVARS32.BAT perl Configure VC-WIN32 no-idea shared no-ssl2 no-ssl3 --prefix=e:/openssl ms\do_masm nmake -f ms\ntdll.mak Thanks, Kannan Narayanasamy. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From matt at openssl.org Fri Jul 31 13:07:50 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 31 Jul 2015 14:07:50 +0100 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: References: Message-ID: <55BB7326.7010108@openssl.org> On 31/07/15 13:51, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi All, > > Any pointers on this much appreciated. I just tried it and those options appear to be broken for 0.9.8. I suspect they've been that way for a long time. That version is only receiving security fixes now so it won't be fixed either. Your only option is to use a more up to date version (which is advisable anyway since security fixes stop for 0.9.8 at the end of this year). Matt > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) > Sent: Monday, July 27, 2015 9:39 AM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 > > Hi Team, > > Can anyone share the thoughts on this? > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) > Sent: Thursday, July 23, 2015 5:46 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 > > Any thoughts much appreciated. > > ~Kannan N. > > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) > Sent: Wednesday, July 22, 2015 4:54 PM > To: openssl-dev at openssl.org > Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 > > Hi, > > To disable SSLv2 and SSLv3 while compilation used no-ssl2 and no-ssl3 option for windows platform. But getting the below link error. Without option "no-ssl2 no-ssl3" I can compile successfully. Any pointers to resolve this issue? Thanks in advance. > > LINK : warning LNK4001: no object files specified; libraries used LINK : warning LNK4068: /MACHINE not specified; defaulting to IX86 LINK : warning LNK4001: no object files specified; libraries used SSLEAY32.def : error LNK2001: unresolved external symbol BIO_f_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_buffer_ssl_connec SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl SSLEAY32.def : error LNK2001: unresolved external symbol BIO_new_ssl_connect SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_copy_session_id SSLEAY32.def : error LNK2001: unresolved external symbol BIO_ssl_shutdown SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_client_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_method SSLEAY32.def : error LNK2001: unresolved external symbol DTLSv1_server_method SSLEAY32.def : error LNK2001: unresolved external symbol ERR_load_SSL_strings SSLEAY32.def : error LNK2001: unresolved e x > ternal symbol SSL_CIPHER_description SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_bits SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CIPHER_get_version SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_add_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_compression_ SSLEAY32.def : error LNK2001: unresolved external symbol SSL_COMP_get_name SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_client_CA SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_add_session SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_callback_ctrl SSLEAY32.def : error LNK2001: unresolved external symbol SSL_CTX_check_private_key > > Openssl Version: openssl-0.9.8zc > > Commands used: > > VCVARS32.BAT > perl Configure VC-WIN32 no-idea shared no-ssl2 no-ssl3 --prefix=e:/openssl ms\do_masm nmake -f ms\ntdll.mak > > > > Thanks, > Kannan Narayanasamy. > > > > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > From kannanar at cisco.com Fri Jul 31 13:13:16 2015 From: kannanar at cisco.com (Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)) Date: Fri, 31 Jul 2015 13:13:16 +0000 Subject: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 In-Reply-To: <55BB7326.7010108@openssl.org> References: <55BB7326.7010108@openssl.org> Message-ID: Hi Matt, Thanks for the details. I can compile the same without any issues for Linux platform. But facing issues with Windows currently. Thanks, Kannan Narayanasamy. -----Original Message----- From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell Sent: Friday, July 31, 2015 6:38 PM To: openssl-dev at openssl.org Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 no-ssl3 On 31/07/15 13:51, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi All, > > Any pointers on this much appreciated. I just tried it and those options appear to be broken for 0.9.8. I suspect they've been that way for a long time. That version is only receiving security fixes now so it won't be fixed either. Your only option is to use a more up to date version (which is advisable anyway since security fixes stop for 0.9.8 at the end of this year). Matt > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at > Cisco) > Sent: Monday, July 27, 2015 9:39 AM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > Hi Team, > > Can anyone share the thoughts on this? > > Thanks, > Kannan Narayanasamy. > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at > Cisco) > Sent: Thursday, July 23, 2015 5:46 PM > To: openssl-dev at openssl.org > Subject: Re: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > Any thoughts much appreciated. > > ~Kannan N. > > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf > Of Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at > Cisco) > Sent: Wednesday, July 22, 2015 4:54 PM > To: openssl-dev at openssl.org > Subject: [openssl-dev] Compilation error while ignoring no-ssl2 > no-ssl3 > > Hi, > > To disable SSLv2 and SSLv3 while compilation used no-ssl2 and no-ssl3 option for windows platform. But getting the below link error. Without option "no-ssl2 no-ssl3" I can compile successfully. Any pointers to resolve this issue? Thanks in advance. > > LINK : warning LNK4001: no object files specified; libraries used LINK > : warning LNK4068: /MACHINE not specified; defaulting to IX86 LINK : > warning LNK4001: no object files specified; libraries used > SSLEAY32.def : error LNK2001: unresolved external symbol BIO_f_ssl > SSLEAY32.def : error LNK2001: unresolved external symbol > BIO_new_buffer_ssl_connec SSLEAY32.def : error LNK2001: unresolved > external symbol BIO_new_ssl SSLEAY32.def : error LNK2001: unresolved > external symbol BIO_new_ssl_connect SSLEAY32.def : error LNK2001: > unresolved external symbol BIO_ssl_copy_session_id SSLEAY32.def : > error LNK2001: unresolved external symbol BIO_ssl_shutdown > SSLEAY32.def : error LNK2001: unresolved external symbol > DTLSv1_client_method SSLEAY32.def : error LNK2001: unresolved external > symbol DTLSv1_method SSLEAY32.def : error LNK2001: unresolved external > symbol DTLSv1_server_method SSLEAY32.def : error LNK2001: unresolved > external symbol ERR_load_SSL_strings SSLEAY32.def : error LNK2001: > unresolved e x > ternal symbol SSL_CIPHER_description SSLEAY32.def : error LNK2001: > unresolved external symbol SSL_CIPHER_get_bits SSLEAY32.def : error > LNK2001: unresolved external symbol SSL_CIPHER_get_name SSLEAY32.def : > error LNK2001: unresolved external symbol SSL_CIPHER_get_version > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_COMP_add_compression_ SSLEAY32.def : error LNK2001: unresolved > external symbol SSL_COMP_get_compression_ SSLEAY32.def : error > LNK2001: unresolved external symbol SSL_COMP_get_name SSLEAY32.def : > error LNK2001: unresolved external symbol SSL_CTX_add_client_CA > SSLEAY32.def : error LNK2001: unresolved external symbol > SSL_CTX_add_session SSLEAY32.def : error LNK2001: unresolved external > symbol SSL_CTX_callback_ctrl SSLEAY32.def : error LNK2001: unresolved > external symbol SSL_CTX_check_private_key > > Openssl Version: openssl-0.9.8zc > > Commands used: > > VCVARS32.BAT > perl Configure VC-WIN32 no-idea shared no-ssl2 no-ssl3 > --prefix=e:/openssl ms\do_masm nmake -f ms\ntdll.mak > > > > Thanks, > Kannan Narayanasamy. > > > > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev From rsalz at akamai.com Fri Jul 31 14:37:30 2015 From: rsalz at akamai.com (Salz, Rich) Date: Fri, 31 Jul 2015 14:37:30 +0000 Subject: [openssl-dev] We're working on license changes Message-ID: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some more details. Summary: Moving to Apache 2, CLA's coming, it will take time. -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz -------------- next part -------------- An HTML attachment was scrubbed... URL: From rt at openssl.org Fri Jul 31 15:09:55 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 31 Jul 2015 15:09:55 +0000 Subject: [openssl-dev] [openssl.org #3959] misleading comment in openssl-1.0.2 In-Reply-To: <55B70855.50005@gmail.com> References: <55B70855.50005@gmail.com> Message-ID: comment fixed in 1.0.2 and master, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Jul 31 15:11:13 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 31 Jul 2015 15:11:13 +0000 Subject: [openssl-dev] [openssl.org #3961] [PATCH] Fix broken argument parsing for genrsa In-Reply-To: References: Message-ID: PR merged, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Jul 31 15:15:18 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 31 Jul 2015 15:15:18 +0000 Subject: [openssl-dev] [openssl.org #3962] [PATCH] Fix behavior of unspecified number of requests for OCSP responder In-Reply-To: References: Message-ID: done, thanks! -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Jul 31 15:16:17 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 31 Jul 2015 15:16:17 +0000 Subject: [openssl-dev] [openssl.org #3963] [PATCH] Fix -rev, -www and -WWW modes to also allow OCSP-stapled responses In-Reply-To: References: Message-ID: fixed, thanks! -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Jul 31 15:21:33 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 31 Jul 2015 15:21:33 +0000 Subject: [openssl-dev] [openssl.org #3742] Support s_client -starttls to xmpp server-to-server ports In-Reply-To: <1425990226.8798.7.camel@kuix.de> References: <1425990226.8798.7.camel@kuix.de> Message-ID: merged into master, thanks! -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From mancha1 at zoho.com Fri Jul 31 16:01:54 2015 From: mancha1 at zoho.com (mancha) Date: Fri, 31 Jul 2015 16:01:54 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> Message-ID: <20150731160154.GA2900@zoho.com> On Fri, Jul 31, 2015 at 02:36:03AM +0000, paul at securecottage.com wrote: > > Hi there, > > I have looked at the RSA protocol a bit and have concluded that > > 1) common factors in (p-1) and (q-1) are also in the factorisation of > (p*q-1). 2) by factoring (p*q-1) you can come up with candidates for > squares in the totient. 3) you can also come up with d mod > commonfactor^2 if there is a common factor. > > the math is shown in my wikipedia users page math blog at: > > https://en.wikipedia.org/wiki/User:Endo999#The_Bad_Stuff_That_Happens_When_There_Are_Common_Factors_Between_.28P-1.29_and_.28Q-1.29 [SNIP] Hi. How are you finding a common factor f such that f|(p-1) and f|(q-1)? Thanks. --mancha -- https://twitter.com/mancha140 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From hanno at hboeck.de Fri Jul 31 16:29:54 2015 From: hanno at hboeck.de (Hanno =?UTF-8?B?QsO2Y2s=?=) Date: Fri, 31 Jul 2015 09:29:54 -0700 Subject: [openssl-dev] We're working on license changes In-Reply-To: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> References: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> Message-ID: <20150731092954.76ce2b8a@pc1> Hi, On Fri, 31 Jul 2015 14:37:30 +0000 "Salz, Rich" wrote: > Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some > more details. > > Summary: Moving to Apache 2, CLA's coming, it will take time. This is a huge step if it works (I leave it up to the lawyers to decide if it will), but I want to question whether Apache License is really a wise move. AFAIK there has been work done to make the apache license compatible with the GPL, both with changes in the APache license and the GPL, but this only applies to the GPL 3. Whether one likes that or not, there is still a lot of GPL2-only code out there and that's unlikely to change because for some projects it's close to impossible to change the license due to the number of contributors. Just to give a very concrete example: Apache 2 licensing would mean that the linux kernel could not take code from OpenSSL. In the spirit of making OpenSSL as useful as possible for everyone I would consider a permissive license that's more compatible (e.g. MIT) a wiser choice. -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From rt at openssl.org Fri Jul 31 16:40:30 2015 From: rt at openssl.org (Rich Salz via RT) Date: Fri, 31 Jul 2015 16:40:30 +0000 Subject: [openssl-dev] [openssl.org #3972] EVP documentation implicitly recommends the use of single-DES In-Reply-To: References: Message-ID: fixed in master and 1.0.2, thanks. -- Rich Salz, OpenSSL dev team; rsalz at openssl.org From rt at openssl.org Fri Jul 31 16:52:11 2015 From: rt at openssl.org (Praveen Kariyanahalli via RT) Date: Fri, 31 Jul 2015 16:52:11 +0000 Subject: [openssl-dev] [openssl.org #3967] Assert hit in the latest 1.0.2d code In-Reply-To: References: Message-ID: Yes that worked. The previous version we were using 1.0.1m. Thanks for the quick turn around -Praveen On Wed, Jul 29, 2015 at 3:35 PM, Matt Caswell via RT wrote: > On Wed Jul 29 20:30:22 2015, praveen at viptela.com wrote: > > We seem to hit this assert with the latest code. Our sockets are all in > > non-blocking fashion. I dont see this assert in the previous releases. > > What was the last release you tried where this worked? Was this previously > working on a 1.0.2 release? > > > > > Can somebody throw more light on to this ? It is urgent. As we are not > able > > to migrate to this version because of this regression. > > Please can you try the attached patch and let me know if that makes any > difference. There seems to be an issue with DTLS1.2. If the underlying BIO > write buffers are full DTLS is supposed to drop the packet and clear out > the > internal OpenSSL buffer. This code was only testing for DTLS1 not DTLS1 and > DTLS1.2. If you are using DTLS1.2 then the internal buffer does not get > cleared > out, and the next time you try to write some data it falls over because the > buffer should be empty but it isn't. > > Matt > > -- -Praveen From rt at openssl.org Fri Jul 31 17:07:55 2015 From: rt at openssl.org (Hubert Kario via RT) Date: Fri, 31 Jul 2015 17:07:55 +0000 Subject: [openssl-dev] [openssl.org #3973] few options in s_client and s_server are missing descriptions In-Reply-To: <5287622.x94utvHqBf@pintsize.usersys.redhat.com> References: <5287622.x94utvHqBf@pintsize.usersys.redhat.com> Message-ID: -curves, -sigalgs, -client_sigalgs are not documented in s_client and s_server -help messages fixes: https://github.com/openssl/openssl/pull/351 (1.0.2) https://github.com/openssl/openssl/pull/350 (master) -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From hkario at redhat.com Fri Jul 31 17:24:15 2015 From: hkario at redhat.com (Hubert Kario) Date: Fri, 31 Jul 2015 19:24:15 +0200 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <20150730150917.GV4347@mournblade.imrryr.org> References: <20150730150917.GV4347@mournblade.imrryr.org> Message-ID: <4961725.NBo7d4Nl4U@pintsize.usersys.redhat.com> On Thursday 30 July 2015 15:09:18 Viktor Dukhovni wrote: > On Sun, Jun 21, 2015 at 07:00:55PM +0000, Giuseppe D'Angelo via RT wrote: > > diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod > > index c2d40ac..7fbe3a4 100644 > > --- a/doc/apps/ciphers.pod > > +++ b/doc/apps/ciphers.pod > > @@ -585,10 +585,22 @@ Note: these ciphers can also be used in SSL v3. > > > > =head2 Pre shared keying (PSK) ciphersuites > > > > + TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > > + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA > > + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA > > + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA > > + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 > > + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 > > + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 > > + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 > > > > TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA > > TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA > > TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA > > TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA > > > > + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 > > + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 > > + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 > > + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 > > Question, should we really be adding new RC4 or new 3DES ciphersuites? > Both ciphers are rather obsolete now. And we even have an RFC that > "bans" RC4. While I have been known to resist potentially premature > removal of *existing* RC4 support, I am certainly not a fan of RC4 > and see no reason to add more RC4 to OpenSSL. those are PSK ciphers, unless you set up PSK they won't be advertised at all, adding support for them has minimal impact on Internet use (be it port 443 or otherwise) of RC4 and 3DES and for people that actually need this support, it's better that they use OpenSSL than a home-cooked solution by an intern > I am not even sure that adding Camellia is a net win, ideally AES > and (soonish) ChaCha20 are enough. Camellia is the recommended backup cipher by ENISA, rightfully so > One might similarly question the longevity of the new CBC suites, > TLS 1.3 is moving to AEAD only (the PSK AEAD ciphers will IIRC be > used for session resumption in 1.3). I give them 20 years, ok... 30 years tops > How many of the new ciphersuites are used/needed in practice? Which > are MTI for PSK? I think that when adding ciphersuites, we have > the opportunity/responsibility to exercise good judgement and enable > only the essential ones, and try to keep a lid on needless ciphersuite > proliferation. this horse left the barn, the barn got overgrown, people cut the trees and now are building a new barn -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky?ova 99/71, 612 45, Brno, Czech Republic -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part. URL: From rt at openssl.org Fri Jul 31 17:35:51 2015 From: rt at openssl.org (Laetitia Baudoin via RT) Date: Fri, 31 Jul 2015 17:35:51 +0000 Subject: [openssl-dev] [openssl.org #3974] The IV used by the 'openssl cms -encrypt -aes-256-gcm' command is not random (all zeroes). In-Reply-To: References: Message-ID: When encrypting using the 'openssl cms -encrypt -aes-256-gcm' command an all zero IV is used, this breaks any guarantees provided by the GCM mode (see NIST Special Publication 800-38D). Version tested: openssl 1.0.2d on linux x86_64. Example: openssl cms -encrypt -in message.txt -out encrypted-openssl-aes-256-gcm.msg -recip user1_no_cn.pem -aes-256-gcm When looking at the ASN.1 for the contentEncryptionAlgorithm we get: SEQUENCE(2 elem) OBJECT IDENTIFIER2.16.840.1.101.3.4.1.46 OCTET STRING(12 byte) 000000000000000000000000 <-- This is the IV Expectation: - If AES-GCM is not supported by the 'openssl cms' command (there is no clear RFC for it when generating enveloped data, RFC 5084 is for authenticated enveloped data) the command should show an error. - If AES-GCM is supported it should generate a random IV -------------- next part -------------- A non-text attachment was scrubbed... Name: encrypted-openssl-aes-256-gcm.msg Type: application/octet-stream Size: 905 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From openssl-users at dukhovni.org Fri Jul 31 17:37:20 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 31 Jul 2015 17:37:20 +0000 Subject: [openssl-dev] [openssl.org #2464] TLS-RSA-PSK support In-Reply-To: <4961725.NBo7d4Nl4U@pintsize.usersys.redhat.com> References: <20150730150917.GV4347@mournblade.imrryr.org> <4961725.NBo7d4Nl4U@pintsize.usersys.redhat.com> Message-ID: <20150731173720.GP4347@mournblade.imrryr.org> On Fri, Jul 31, 2015 at 07:24:15PM +0200, Hubert Kario wrote: > > Question, should we really be adding new RC4 or new 3DES ciphersuites? > > Both ciphers are rather obsolete now. And we even have an RFC that > > "bans" RC4. While I have been known to resist potentially premature > > removal of *existing* RC4 support, I am certainly not a fan of RC4 > > and see no reason to add more RC4 to OpenSSL. > > those are PSK ciphers, unless you set up PSK they won't be advertised at all, > adding support for them has minimal impact on Internet use (be it port 443 or > otherwise) of RC4 and 3DES > > and for people that actually need this support, it's better that they use > OpenSSL than a home-cooked solution by an intern I know all that, but do they in fact need RC4 or 3DES, or are we just putting them in because they have code-point assignments in the RFC? > > I am not even sure that adding Camellia is a net win, ideally AES > > and (soonish) ChaCha20 are enough. > > Camellia is the recommended backup cipher by ENISA, rightfully so Fine. > > One might similarly question the longevity of the new CBC suites, > > TLS 1.3 is moving to AEAD only (the PSK AEAD ciphers will IIRC be > > used for session resumption in 1.3). > > I give them 20 years, ok... 30 years tops Yes, hence the "might". The point is that I am suggesting some consideration of what's actually needed before new ciphers are implemented. Mere inclusion in a somewhat dated RFC is perhaps not compelling. Which ciphers are actually needed by PSK users? My hope is that at this point RC4 and 3DES are not. It is highly likely that CBC AES-CBC is needed, perhaps also Camellia, but the question is I think worth asking. -- Viktor. From openssl-users at dukhovni.org Fri Jul 31 17:40:33 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 31 Jul 2015 17:40:33 +0000 Subject: [openssl-dev] [openssl.org #3974] The IV used by the 'openssl cms -encrypt -aes-256-gcm' command is not random (all zeroes). In-Reply-To: References: Message-ID: <20150731174033.GQ4347@mournblade.imrryr.org> On Fri, Jul 31, 2015 at 05:35:51PM +0000, Laetitia Baudoin via RT wrote: > When encrypting using the 'openssl cms -encrypt -aes-256-gcm' command an > all zero IV is used, this breaks any guarantees provided by the GCM > mode (see NIST Special Publication 800-38D). > https://mta.openssl.org/pipermail/openssl-dev/2015-April/001177.html > - If AES-GCM is not supported by the 'openssl cms' command (there is no > clear RFC for it when generating enveloped data, RFC 5084 is for > authenticated enveloped data) the command should show an error. Yes, it should return an error. -- Viktor. From rt at openssl.org Fri Jul 31 17:44:41 2015 From: rt at openssl.org (Laetitia Baudoin via RT) Date: Fri, 31 Jul 2015 17:44:41 +0000 Subject: [openssl-dev] [openssl.org #3975] The CMS encrypt command uses the wrong ASN.1 encoding for the AES-GCM algorithm parameter. In-Reply-To: References: Message-ID: When using 'openssl cms -encrypt -aes-256-gcm' the algorithm generated is encoded as: SEQUENCE(2 elem) OBJECT IDENTIFIER2.16.840.1.101.3.4.1.46 OCTET STRING(12 byte) 000000000000000000000000 But RFC 5084 (Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)) specifies the algorithm parameters as: GCMParameters ::= SEQUENCE { aes-nonce OCTET STRING, -- recommended size is 12 octets aes-ICVlen AES-GCM-ICVlen DEFAULT 12 } AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16) So the openssl version is missing the SEQUENCE tag. Version tested: openssl 1.0.2d on linux x86_64 Example: openssl cms -encrypt -in message.txt -out encrypted-openssl-aes-256-gcm.msg -recip user1_no_cn.pem -aes-256-gcm -------------- next part -------------- A non-text attachment was scrubbed... Name: encrypted-openssl-aes-256-gcm.msg Type: application/octet-stream Size: 905 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From j at w1.fi Fri Jul 31 17:51:43 2015 From: j at w1.fi (Jouni Malinen) Date: Fri, 31 Jul 2015 20:51:43 +0300 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <55B9F5CD.7010901@openssl.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> <20150727215126.GA9715@w1.fi> <55B6B079.9040009@openssl.org> <20150728140938.GA4079@w1.fi> <55B9F5CD.7010901@openssl.org> Message-ID: <20150731175143.GA5276@w1.fi> On Thu, Jul 30, 2015 at 11:00:45AM +0100, Matt Caswell wrote: > On 28/07/15 15:09, Jouni Malinen wrote: > > The remaining issue for EAP-FAST server is in the > > SSL_set_session_secret_cb() callback not having access to the correct > > server_random through SSL_get_server_random(). > Is this still a problem? From looking at the code it seems to me that > the server random is set prior to calling the callback: It is a problem with the current master branch snapshot, but not with older versions, i.e., a regression of some sort.. > /* > * Check if we want to use external pre-shared secret for this handshake > * for not reused session only. We need to generate server_random before > * calling tls_session_secret_cb in order to allow SessionTicket > * processing to use it in key derivation. > */ > { > unsigned char *pos; > pos = s->s3->server_random; > if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) { This is indeed the server_random I see in the tls_session_secret_cb, but that is not the server_random that gets used in the negotiation.. > Checking the commit logs this seems to have been put in by this commit > responding to one of your tickets! > > commit 12bf56c017a34bd0d5fc6d817564ae49d0a9e861 It was indeed and that commit worked.. Please note that it uses #ifdef OPENSSL_NO_TLSEXT to avoid having ssl3_send_server_hello() override the previously selected server_random. > You seem to imply that you can get the server_random through > ssl->s3->server_random but not through SSL_get_server_random(). Looking > at the code I can't see an obvious reason why that would be the case. > Here is SSL_get_server_random(): > > size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t > outlen) > { > if (outlen == 0) > return sizeof(ssl->s3->server_random); > if (outlen > sizeof(ssl->s3->server_random)) > outlen = sizeof(ssl->s3->server_random); > memcpy(out, ssl->s3->server_random, outlen); > return outlen; > } I had not checked what this does, but yes, that's indeed identical to the mechanism I use with older OpenSSL version. In other words, the issue is in ssl3_send_server_hello(). It looks like commit e481f9b90b164fd1053015d1c4e0a0d92076d7a8 ("Remove support for OPENSSL_NO_TLSEXT") broke this. It is deleting number of "#ifndef OPENSSL_NO_TLSEXT" lines correctly, but it is also deleting one "#ifdef OPENSSL_NO_TLSEXT" without removing the block of code that should have also been removed from ssl3_send_server_hello(). Because of that, server_random gets replaced after the call to tls_session_secret_cb which breaks the EAP-FAST use case. This is the relevant part of that commit: @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s) if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf = (unsigned char *)s->init_buf->data; -#ifdef OPENSSL_NO_TLSEXT + p = s->s3->server_random; if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { s->state = SSL_ST_ERR; return -1; } -#endif + /* Do the message type and length last */ d = p = ssl_handshake_start(s); That ssl_fill_hello_random() call needs to be deleted to fix this issue. Based on a quick test, that does indeed fix the EAP-FAST server issue I saw. -- Jouni Malinen PGP id EFC895FA From uri at ll.mit.edu Fri Jul 31 18:00:26 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Fri, 31 Jul 2015 18:00:26 +0000 Subject: [openssl-dev] We're working on license changes Message-ID: <20150731180034.17788996.92508.14564@ll.mit.edu> +1 Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: Hanno B?ck Sent: Friday, July 31, 2015 12:55 To: openssl-dev at openssl.org Reply To: openssl-dev at openssl.org Subject: Re: [openssl-dev] We're working on license changes Hi, On Fri, 31 Jul 2015 14:37:30 +0000 "Salz, Rich" wrote: > Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some > more details. > > Summary: Moving to Apache 2, CLA's coming, it will take time. This is a huge step if it works (I leave it up to the lawyers to decide if it will), but I want to question whether Apache License is really a wise move. AFAIK there has been work done to make the apache license compatible with the GPL, both with changes in the APache license and the GPL, but this only applies to the GPL 3. Whether one likes that or not, there is still a lot of GPL2-only code out there and that's unlikely to change because for some projects it's close to impossible to change the license due to the number of contributors. Just to give a very concrete example: Apache 2 licensing would mean that the linux kernel could not take code from OpenSSL. In the spirit of making OpenSSL as useful as possible for everyone I would consider a permissive license that's more compatible (e.g. MIT) a wiser choice. -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From brian at briansmith.org Fri Jul 31 18:19:16 2015 From: brian at briansmith.org (Brian Smith) Date: Fri, 31 Jul 2015 14:19:16 -0400 Subject: [openssl-dev] We're working on license changes In-Reply-To: <20150731092954.76ce2b8a@pc1> References: <70db214b09054cf1897cacf512a5f54d@ustx2ex-dag1mb2.msg.corp.akamai.com> <20150731092954.76ce2b8a@pc1> Message-ID: On Fri, Jul 31, 2015 at 12:29 PM, Hanno B?ck wrote: > "Salz, Rich" wrote: > > > Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some > > more details. > > > > Summary: Moving to Apache 2, CLA's coming, it will take time. > > This is a huge step if it works (I leave it up to the lawyers to decide > if it will), but I want to question whether Apache License is really a > wise move. [snip] In the spirit of making OpenSSL as useful as possible for everyone I > would consider a permissive license that's more compatible (e.g. MIT) a > wiser choice. > I agree 100%. What is wrong with the ISC-style license that LibreSSL and BoringSSL have been using to share code? Why not use that same license for new code? The ability to share code between these projects is hugely valuable, especially when it comes to getting security problems fixed in a timely and secure manner. Also, I question the need for people to sign a CLA to contribute to OpenSSL. OpenSSL has been very successful for decades without a CLA requirement. Lots of other projects are extremely successful without a CLA. A CLA seems unnecessary. Cheers, Brian [1] https://www.imperialviolet.org/2014/06/20/boringssl.html (end of document) -------------- next part -------------- An HTML attachment was scrubbed... URL: From waywardgeek at google.com Fri Jul 31 18:19:39 2015 From: waywardgeek at google.com (Bill Cox) Date: Fri, 31 Jul 2015 11:19:39 -0700 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> Message-ID: Cool observation. From running a bit of Python code, it looks like the probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at least for random numbers between 2048 and 4096 bits long. It looks like putting in a GCD(p-1, q-1) check will slow down finding suitable p and q by around a factor of 6.5. I am not saying OpenSSL should or should not do this check, but hopefully making that decision is easier knowing the runtime penalty. Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Fri Jul 31 18:46:22 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 31 Jul 2015 18:46:22 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> Message-ID: <20150731184621.GS4347@mournblade.imrryr.org> On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote: > Cool observation. From running a bit of Python code, it looks like the > probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at least for > random numbers between 2048 and 4096 bits long. It looks like putting in a > GCD(p-1, q-1) check will slow down finding suitable p and q by around a > factor of 6.5. A smaller slow-down would be incurred one were to restrict both of p,q to 3 mod 4. In that case 2 would be the largest common even factor of (p-1) and (q-1), and any appreciably large common odd factor (necessarily above 17863 due to how each of p/q is chosen) would be very rare. Is there a good argument for adding the gcd test? How big does the common factor have to be for any information it might provide to be substantially useful in finding 1/e mod phi(m)? The larger the common factor is, the smaller the probability of p-1 and q-1 sharing it (for a given sufficiently large prime factor "r" of (p-1), the probability of (q-1) also having that factor is 1/(r-1)). If say "r" needs be 80 bits long to be useful in attacking RSA 1024, then only ~1 in 2^80 (p-1,q-1) pairs will have such a common factor, which is sufficiently rare not warrant any attention. Also one still needs to be able to fully factor (n-1). After tens of thousands of trials, I managed to generate a (p,q,n) triple with a 1024-bit modulus n in which (p-1,q-1) have a common odd factor. n = 123727085863382195696899362818055010267368591819174730632443285012648773223152448218495408371737254282531468855140111723936275062312943433684139231097953508685462994307654703316031424869371422426773001891452680576333954733056995016189880381373567072504551999849596021790801362257131899242011337424119163152403 e = F_4 = 65537 gcd(p-1,q-1) = 2 * 28559 What can the OP tell us about d, p or q? Can anyone produce a full factorization of n - 1? -- Viktor. From matt at openssl.org Fri Jul 31 19:15:13 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 31 Jul 2015 20:15:13 +0100 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <20150731175143.GA5276@w1.fi> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> <20150727215126.GA9715@w1.fi> <55B6B079.9040009@openssl.org> <20150728140938.GA4079@w1.fi> <55B9F5CD.7010901@openssl.org> <20150731175143.GA5276@w1.fi> Message-ID: <55BBC941.2090302@openssl.org> On 31/07/15 18:51, Jouni Malinen wrote: > This is the relevant part of that commit: > > @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s) > > if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { > buf = (unsigned char *)s->init_buf->data; > -#ifdef OPENSSL_NO_TLSEXT > + > p = s->s3->server_random; > if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { > s->state = SSL_ST_ERR; > return -1; > } > -#endif > + > /* Do the message type and length last */ > d = p = ssl_handshake_start(s); > > > That ssl_fill_hello_random() call needs to be deleted to fix this issue. > Based on a quick test, that does indeed fix the EAP-FAST server issue I > saw. > Duhhh. Your email reminded me that I already fixed this a little while ago (actually I remembered just after I implemented the fix for a second time!). It got stuck in our review queue and I forgot about it. I've just pinged it so hopefully it will become unstuck and I can get this committed. Matt From mancha1 at zoho.com Fri Jul 31 19:35:42 2015 From: mancha1 at zoho.com (mancha) Date: Fri, 31 Jul 2015 19:35:42 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> Message-ID: <20150731193542.GB7416@zoho.com> On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote: > Cool observation. From running a bit of Python code, it looks like > the probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at > least for random numbers between 2048 and 4096 bits long. It looks > like putting in a GCD(p-1, q-1) check will slow down finding suitable > p and q by around a factor of 6.5. > > I am not saying OpenSSL should or should not do this check, but > hopefully making that decision is easier knowing the runtime penalty. To clarify, the worry is that lcm((p-1),(q-1)) << (p-1)(q-1) thus making the computation of d=1/e (mod lcm((p-1),(q-1))) comparatively easier? If so, here's my quick & dirty back-of-envelope calculation (mod bound) for the probability the gcd of two randomly chosen integers x,y is at most k: k p(gcd(x,y)<=k) - -------------- 1 60.79% 2 75.99% 3 82.75% 4 86.55% 5 88.98% 6 90.67% 7 91.91% 8 92.86% 9 93.61% 10 94.21% As can be seen, the probability is quite high the gcd will be small so (p-1)(q-1) ~ lcm((p-1)(q-1)) removing the above benefit. But it's the end of the week and the neurons need respite so please let me know if I'm missing something. --mancha -- https://twitter.com/mancha140 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: From matt at openssl.org Fri Jul 31 19:36:46 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 31 Jul 2015 20:36:46 +0100 Subject: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method In-Reply-To: <55BBC941.2090302@openssl.org> References: <522B816F59485D4FBCBAF2CE8015B891928AA6@xmb-rcd-x01.cisco.com> <55B65661.8030701@openssl.org> <20150727215126.GA9715@w1.fi> <55B6B079.9040009@openssl.org> <20150728140938.GA4079@w1.fi> <55B9F5CD.7010901@openssl.org> <20150731175143.GA5276@w1.fi> <55BBC941.2090302@openssl.org> Message-ID: <55BBCE4E.1060903@openssl.org> On 31/07/15 20:15, Matt Caswell wrote: > > > On 31/07/15 18:51, Jouni Malinen wrote: >> This is the relevant part of that commit: >> >> @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s) >> >> if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { >> buf = (unsigned char *)s->init_buf->data; >> -#ifdef OPENSSL_NO_TLSEXT >> + >> p = s->s3->server_random; >> if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { >> s->state = SSL_ST_ERR; >> return -1; >> } >> -#endif >> + >> /* Do the message type and length last */ >> d = p = ssl_handshake_start(s); >> >> >> That ssl_fill_hello_random() call needs to be deleted to fix this issue. >> Based on a quick test, that does indeed fix the EAP-FAST server issue I >> saw. >> > > Duhhh. Your email reminded me that I already fixed this a little while > ago (actually I remembered just after I implemented the fix for a second > time!). It got stuck in our review queue and I forgot about it. I've > just pinged it so hopefully it will become unstuck and I can get this > committed. https://github.com/openssl/openssl/commit/e1e088ec7f2f33c4c4ad31312d62c536441d4358 Matt From waywardgeek at google.com Fri Jul 31 20:42:01 2015 From: waywardgeek at google.com (Bill Cox) Date: Fri, 31 Jul 2015 13:42:01 -0700 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731193542.GB7416@zoho.com> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731193542.GB7416@zoho.com> Message-ID: On Fri, Jul 31, 2015 at 12:35 PM, mancha wrote: > If so, here's my quick & dirty back-of-envelope calculation (mod bound) > for the probability the gcd of two randomly chosen integers x,y is at > most k: > > k p(gcd(x,y)<=k) > - -------------- > 1 60.79% > 2 75.99% > 3 82.75% > 4 86.55% > 5 88.98% > 6 90.67% > 7 91.91% > 8 92.86% > 9 93.61% > 10 94.21% > > As can be seen, the probability is quite high the gcd will be small so > (p-1)(q-1) ~ lcm((p-1)(q-1)) removing the above benefit. > > But it's the end of the week and the neurons need respite so please let > me know if I'm missing something. > You are correct, or at least very close. I was testing for GCD(p-1, q-1) == 4, when I should have been testing for GCD(p-1, q-1) == 2, since p-1 and q-1 are known to be even. Fixing that, I see that the probability of having GCD(p-1, q-1) == 2 for random odd numbers is a bit over 60% in the python runs. This will result most likely in a bit less a 2X runtime penalty for determining the primes. Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl-users at dukhovni.org Fri Jul 31 21:03:18 2015 From: openssl-users at dukhovni.org (Viktor Dukhovni) Date: Fri, 31 Jul 2015 21:03:18 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731193542.GB7416@zoho.com> Message-ID: <20150731210317.GV4347@mournblade.imrryr.org> On Fri, Jul 31, 2015 at 01:42:01PM -0700, Bill Cox wrote: > You are correct, or at least very close. I was testing for GCD(p-1, q-1) > == 4, when I should have been testing for GCD(p-1, q-1) == 2, since p-1 and > q-1 are known to be even. Fixing that, I see that the probability of > having GCD(p-1, q-1) == 2 for random odd numbers is a bit over 60% in the > python runs. This will result most likely in a bit less a 2X runtime > penalty for determining the primes. There's no need for that, just a priori force at least one of then to be 3 mod 4. Then the largest common even factor is necessarily 2. I still see little reason to bother though. My example demostrates a GCD of 28559 * 2 (almost 16 bits), so we can compute d = 1/e mod phi(m) modulo an ~31 bit number, but d is a 1024-bit number, knowing it mod an ~31 bit number does not seem particularly useful. Common factors with considerably more bits are exponentially (correct usage for once) rare. Does this "leak" warrant remediation? How would the attacker know whether any factors of (n-1) are or are not in fact common factos of (p-1) and (q-1) if p and q remain unknown? Is finding sufficiently large factors a tractable problem? -- Viktor. From paul at securecottage.com Fri Jul 31 23:31:08 2015 From: paul at securecottage.com (paul at securecottage.com) Date: Fri, 31 Jul 2015 23:31:08 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731160154.GA2900@zoho.com> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731160154.GA2900@zoho.com> Message-ID: <20150731233108.Horde.L_3gtPaeghlpGXXRQ9JEUw7@bluepacific.oceania.com.au> Hi Mancha, Since p*q-1==(p-1)*(q-1)+(p-1)+q-1) any prime that divides (p-1) and (q-1) will divide all 4 of the terms in the definition of p*q-1. Thus it will be a common factor in the totient. I have checked through the key generation code of the openssl ssl code. I hacked it to report the greatest common divisor of p-1 and q-1. I then ran 100 key generations. It only had greatest common divisors of 2, 4 , 8, and 16. There were no other primes reported besides small powers of 2. So there doesn't seem to be a practical problem with common divisors in the openssl code. Still, I think this is a theoretical problem. There should be a gcd(p-1,q-1)>16 check for the two primes in key generation. Paul Quoting mancha : > On Fri, Jul 31, 2015 at 02:36:03AM +0000, paul at securecottage.com wrote: >> >> Hi there, >> >> I have looked at the RSA protocol a bit and have concluded that >> >> 1) common factors in (p-1) and (q-1) are also in the factorisation of >> (p*q-1). 2) by factoring (p*q-1) you can come up with candidates for >> squares in the totient. 3) you can also come up with d mod >> commonfactor^2 if there is a common factor. >> >> the math is shown in my wikipedia users page math blog at: >> >> https://en.wikipedia.org/wiki/User:Endo999#The_Bad_Stuff_That_Happens_When_There_Are_Common_Factors_Between_.28P-1.29_and_.28Q-1.29 > > [SNIP] > > Hi. How are you finding a common factor f such that f|(p-1) and f|(q-1)? > > Thanks. > > --mancha > > -- https://twitter.com/mancha140 From sneves at dei.uc.pt Fri Jul 31 23:25:31 2015 From: sneves at dei.uc.pt (Samuel Neves) Date: Sat, 1 Aug 2015 00:25:31 +0100 Subject: [openssl-dev] common factors in (p-1) and (q-1) In-Reply-To: <20150731210317.GV4347@mournblade.imrryr.org> References: <20150731023603.Horde.SK5d8m6JL3ew5WeOyBMBZw4@bluepacific.oceania.com.au> <20150731193542.GB7416@zoho.com> <20150731210317.GV4347@mournblade.imrryr.org> Message-ID: <55BC03EB.1000301@dei.uc.pt> On 31-07-2015 22:03, Viktor Dukhovni wrote: > Is finding sufficiently large factors a tractable problem? p-1 will usually have a large prime factor. But for q-1 to have the same prime factor is highly unlikely. The probability that GCD(n1, n2) = d for random n1, n2 is 6/(d^2 pi^2). For RSA-1024 we need at least 256 bits of d leaked to factor n using Coppersmith-style attacks. For that to happen, we need a common factor of at least 128 bits to exist (to leak d mod f^2). This is significantly less likely than Miller-Rabin plain failing (with probability ~2^-80) and selecting a non-prime p or q. Regarding strong primes and their utility, the Rivest-Silverman paper is still worth reading: https://people.csail.mit.edu/rivest/pubs/RS01.version-1999-11-22.pdf From uri at ll.mit.edu Fri Jul 31 23:43:07 2015 From: uri at ll.mit.edu (Blumenthal, Uri - 0553 - MITLL) Date: Fri, 31 Jul 2015 23:43:07 +0000 Subject: [openssl-dev] common factors in (p-1) and (q-1) Message-ID: <20150731234315.17788996.70845.14629@ll.mit.edu> I think adding the recommended check would be beneficial. Considering the frequency of ?key generation, performance impact shouldn't matter all that much.? Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network. ? Original Message ? From: paul at securecottage.com Sent: Friday, July 31, 2015 19:31 To: mancha Reply To: openssl-dev at openssl.org Cc: openssl-dev at openssl.org Subject: Re: [openssl-dev] common factors in (p-1) and (q-1) Hi Mancha, Since p*q-1==(p-1)*(q-1)+(p-1)+q-1) any prime that divides (p-1) and (q-1) will divide all 4 of the terms in the definition of p*q-1. Thus it will be a common factor in the totient. I have checked through the key generation code of the openssl ssl code. I hacked it to report the greatest common divisor of p-1 and q-1. I then ran 100 key generations. It only had greatest common divisors of 2, 4 , 8, and 16. There were no other primes reported besides small powers of 2. So there doesn't seem to be a practical problem with common divisors in the openssl code. Still, I think this is a theoretical problem. There should be a gcd(p-1,q-1)>16 check for the two primes in key generation. Paul Quoting mancha : > On Fri, Jul 31, 2015 at 02:36:03AM +0000, paul at securecottage.com wrote: >> >> Hi there, >> >> I have looked at the RSA protocol a bit and have concluded that >> >> 1) common factors in (p-1) and (q-1) are also in the factorisation of >> (p*q-1). 2) by factoring (p*q-1) you can come up with candidates for >> squares in the totient. 3) you can also come up with d mod >> commonfactor^2 if there is a common factor. >> >> the math is shown in my wikipedia users page math blog at: >> >> https://en.wikipedia.org/wiki/User:Endo999#The_Bad_Stuff_That_Happens_When_There_Are_Common_Factors_Between_.28P-1.29_and_.28Q-1.29 > > [SNIP] > > Hi. How are you finding a common factor f such that f|(p-1) and f|(q-1)? > > Thanks. > > --mancha > > -- https://twitter.com/mancha140 _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4350 bytes Desc: not available URL: From rt at openssl.org Sun Jul 12 11:44:44 2015 From: rt at openssl.org (Joseph Birr-Pixton via RT) Date: Sun, 12 Jul 2015 11:44:44 -0000 Subject: [openssl-dev] [openssl.org #3939] [PATCH] Tests for CVE-2015-1788 In-Reply-To: References: Message-ID: Hi Folks, With the report for CVE-2015-1788 I submitted a patch to improve testing in this area (including a regression test for the specific issue). As far as I can see this hasn't made its way into the repo. So here it is again to ensure it isn't forgotten. Cheers, Joe -------------- next part -------------- A non-text attachment was scrubbed... Name: tests.patch Type: application/octet-stream Size: 482892 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-mod at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod From rt at openssl.org Sun Jul 12 13:05:29 2015 From: rt at openssl.org (Joseph Birr-Pixton via RT) Date: Sun, 12 Jul 2015 13:05:29 -0000 Subject: [openssl-dev] [openssl.org #3939] AutoReply: [PATCH] Tests for CVE-2015-1788 In-Reply-To: References: Message-ID: Apologies, that patch was HTMLised by github. Attached is the actual patch. On 12 July 2015 at 12:44, The default queue via RT wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "[PATCH] Tests for CVE-2015-1788", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #3939]. > > Please include the string: > > [openssl.org #3939] > > in the subject line of all future correspondence about this issue. To do so, > you may reply to this message. > > Thank you, > rt at openssl.org > > ------------------------------------------------------------------------- > Hi Folks, > > With the report for CVE-2015-1788 I submitted a patch to improve > testing in this area (including a regression test for the specific > issue). > > As far as I can see this hasn't made its way into the repo. So here it > is again to ensure it isn't forgotten. > > Cheers, > Joe > -------------- next part -------------- A non-text attachment was scrubbed... Name: tests.patch Type: application/octet-stream Size: 77256 bytes Desc: not available URL: From rt at openssl.org Thu Jul 16 14:02:29 2015 From: rt at openssl.org (Mahender Singh via RT) Date: Thu, 16 Jul 2015 14:02:29 -0000 Subject: [openssl-dev] [openssl.org #3943] Vulnerability Report In-Reply-To: References: Message-ID: Dear Sir . i can see in hackerone your company reward some bounty, maximum 2500$ , my reported bug was fixed, can you tell me i got reward or not. Thank you Regarding Mahender Singh On Wed, Jul 15, 2015 at 12:51 AM, Mahender Singh < mahendersingh2706 at gmail.com> wrote: > Dear Sir > > Glad for your quick and fast response and implementation. I have heard > about your bounty program over Hackerone. As I did ethical work I am hoping > some bounty in good faith from your end. > > Thank you > Regarding > Mahender Singh > > On Wed, Jul 15, 2015 at 12:40 AM, Richard Levitte via RT > wrote: > >> Problem fixed. >> >> Thanks. >> >> Vid Tue, 14 Jul 2015 kl. 18.05.17, skrev mahendersingh2706 at gmail.com: >> > Dear Sir / Madam , >> > >> > >> > This is* Mahender Singh* *Security Researcher* from *India*, >> > i have found bug that i would like to share with your security team, >> > this >> > bug is related server file discloser, i have explain deeply as >> > follows, >> > >> > *Vulnerability* : GIT Config >> > >> > *Vulnerable link *: www.openssl.org >> > >> > *Payload =* .git/config >> > >> > *then final url *= http://www.openssl.org/.git/config >> > >> > >> > I have Attached POC as follow >> > >> > >> > *Refer URL* >> > >> > http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability- >> > with-git-config.aspx >> > >> > https://blog.netspi.com/dumping-git-data-from-misconfigured-web- >> > servers/ >> > >> > https://www.owasp.org/index.php/Top_10_2013-A5 >> > >> > >> > I have given enough details of Vulnerability if you need anything else >> > you >> > can contact me at my mail id mahendersingh2706 at gmail >> > .com >> > >> > Hope you will patch this as soon as. >> > >> > Thank You >> > >> > Regarding >> > *Mahender Singh* >> > *Cyber Security Researcher* >> >> >> -- >> Richard Levitte >> levitte at openssl.org >> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl1.png Type: image/png Size: 517222 bytes Desc: not available URL: From rt at openssl.org Fri Jul 17 13:59:06 2015 From: rt at openssl.org (Viljanen, Miikka via RT) Date: Fri, 17 Jul 2015 13:59:06 -0000 Subject: [openssl-dev] [openssl.org #3101] [PATCH] Add CMP (RFC 4210) implementation In-Reply-To: <20150717134005.GA20830@t60> References: <20140815132905.GA29480@t60> <20150717134005.GA20830@t60> Message-ID: Hello, please find attached an updated version of the patch. The following changes have been made: - patch is now relative to openssl-master branch as of 2015-07-17 - code has been reformatted to fit with the current openssl style - unnecessary ASN1 function declarations have been cleaned up - functions and structures that should not be declared publicly have been moved to private header files - HTTP code now shares as much code as possible with the implementation in OCSP I'm still importing some patches and updating the code, but I wanted to send the current version in already so that you might be able to review the current state. best regards, Miikka _____________________________________________ From: "Viljanen, Miikka (NSN - FI/Espoo)" Sent: Fri, 15 Aug 2014 16:29:05 +0300 To: rt at openssl.org CC: martin.peylo at nsn.com Subject: Re: [openssl.org #3101] [PATCH] Add CMP (RFC 4210) implementation Hi, attached is the latest version of our CMP code. There haven't been any major changes, just some code cleanup and a few minor new features and bugfixes: - added support for setting certificate policy OIDs in the request - added support for RA verified proof of posession - added support for using a TLS connection - fixed a number of memory leaks (thanks Valgrind!) - refactored some small parts of the code and added comments - some POD documentation updates and clarifications The EJBCA CMP test server is not up at the moment as it probably hasn't been used much during the last year, but the Insta test server should be up and usable with the instructions from the previous mail. Something like this, for example (add -proxy 1.2.3.4 and -proxyport 8080 if needed): wget ftp://ftp.openssl.org/snapshot/openssl-1.0.2-stable-SNAP-20140815.tar.gz tar xvfz openssl-1.0.2-stable-SNAP-20140815.tar.gz cd openssl-1.0.2-stable-SNAP-20140815 patch -p1 < /PATH/cmp.patch ./config && make depend && make stacks && make mkdir certs ./apps/openssl genrsa -out certs/cl_key.pem 2048 ./apps/openssl cmp -cmd ir -server pki.certificate.fi:8700 -path pkix/ -user 3078 -pass insta -newkey certs/cl_key.pem -certout certs/cl_cert.pem -subject "/CN=CMP Test User" -recipient "/C=FI/O=Insta Demo/CN=Insta Demo CA" -extracertsout certs/cacert.pem ./apps/openssl x509 -in certs/cl_cert.pem -text best regards, Miikka Index: openssl-1.0.1h-cmp/crypto/err/err_all.c =================================================================== --- openssl-1.0.1h-cmp/crypto/err/err_all.c (revision 750) +++ openssl-1.0.1h-cmp/crypto/err/err_all.c (working copy) @@ -108,6 +108,11 @@ #include #endif +#ifndef OPENSSL_NO_CMP +#include +#include +#endif + void ERR_load_crypto_strings(void) { #ifndef OPENSSL_NO_ERR @@ -164,5 +169,9 @@ #ifndef OPENSSL_NO_JPAKE ERR_load_JPAKE_strings(); #endif +#ifndef OPENSSL_NO_CMP + ERR_load_CMP_strings(); + ERR_load_CRMF_strings(); #endif +#endif } Index: openssl-1.0.1h-cmp/crypto/err/err.c =================================================================== --- openssl-1.0.1h-cmp/crypto/err/err.c (revision 750) +++ openssl-1.0.1h-cmp/crypto/err/err.c (working copy) @@ -156,6 +156,8 @@ {ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, {ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, {ERR_PACK(ERR_LIB_HMAC,0,0) ,"HMAC routines"}, +{ERR_PACK(ERR_LIB_CMP,0,0) ,"CMP routines"}, +{ERR_PACK(ERR_LIB_CRMF,0,0) ,"CRMF routines"}, {0,NULL}, }; @@ -203,6 +205,8 @@ {ERR_R_ENGINE_LIB ,"ENGINE lib"}, {ERR_R_OCSP_LIB ,"OCSP lib"}, {ERR_R_TS_LIB ,"TS lib"}, +{ERR_R_CMP_LIB ,"CMP lib"}, +{ERR_R_CRMF_LIB ,"CRMF lib"}, {ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, {ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, Index: openssl-1.0.1h-cmp/crypto/err/openssl.ec =================================================================== --- openssl-1.0.1h-cmp/crypto/err/openssl.ec (revision 750) +++ openssl-1.0.1h-cmp/crypto/err/openssl.ec (working copy) @@ -35,6 +35,8 @@ L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c L CMS crypto/cms/cms.h crypto/cms/cms_err.c L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c +L CMP crypto/cmp/cmp.h crypto/cmp/cmp_err.c +L CRMF crypto/crmf/crmf.h crypto/crmf/crmf_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE Index: openssl-1.0.1h-cmp/crypto/err/err.h =================================================================== --- openssl-1.0.1h-cmp/crypto/err/err.h (revision 750) +++ openssl-1.0.1h-cmp/crypto/err/err.h (working copy) @@ -198,6 +198,8 @@ #define ERR_LIB_TS 47 #define ERR_LIB_HMAC 48 #define ERR_LIB_JPAKE 49 +#define ERR_LIB_CMP 50 +#define ERR_LIB_CRMF 51 #define ERR_LIB_USER 128 @@ -234,6 +236,8 @@ #define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) #define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) +#define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,(f),(r),__FILE__,__LINE__) +#define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -290,6 +294,8 @@ #define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ #define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ #define ERR_R_TS_LIB ERR_LIB_TS /* 45 */ +#define ERR_R_CMP_LIB ERR_LIB_CMP /* 50 */ +#define ERR_R_CRMF_LIB ERR_LIB_CRMF /* 51 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 Index: openssl-1.0.1h-cmp/crypto/cmp/Makefile =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/Makefile (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/Makefile (revision 765) @@ -0,0 +1,76 @@ +# +# OpenSSL/cmp/Makefile +# + +DIR= cmp +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG= +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) -Wall -DCMP_DEBUG + +GENERAL=Makefile README +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= cmp_asn.c cmp_lib.c cmp_msg.c cmp_vfy.c cmp_ctx.c cmp_err.c cmp_http.c cmp_ses.c +LIBOBJ= cmp_asn.o cmp_lib.o cmp_msg.o cmp_vfy.o cmp_ctx.o cmp_err.o cmp_http.o cmp_ses.o + +SRC= $(LIBSRC) + +EXHEADER= cmp.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + Index: openssl-1.0.1h-cmp/crypto/cmp/cmp.h =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp.h (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp.h (revision 764) @@ -0,0 +1,1363 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ +/* cmp.h + * CMP (RFC 4210) header file for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#ifndef HEADER_CMP_H +#define HEADER_CMP_H + +#include +#include +#include +#include + +#ifdef HAVE_CURL +#include +#endif + +#include + +#define CMP_VERSION 2L + +#ifdef __cplusplus +extern "C" { +#endif + + +/* ########################################################################## * + * ASN.1 DECLARATIONS + * ########################################################################## */ + +/* + RevAnnContent ::= SEQUENCE { + status PKIStatus, + certId CertId, + willBeRevokedAt GeneralizedTime, + badSinceDate GeneralizedTime, + crlDetails Extensions OPTIONAL + -- extra CRL details (e.g., crl number, reason, location, etc.) + } + */ +typedef struct cmp_revanncontent_st + { + ASN1_INTEGER *status; + CRMF_CERTID *certId; + ASN1_GENERALIZEDTIME *willBeRevokedAt; + ASN1_GENERALIZEDTIME *badSinceDate; + X509_EXTENSIONS *crlDetails; + } CMP_REVANNCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_REVANNCONTENT) + +/* + Challenge ::= SEQUENCE { + owf AlgorithmIdentifier OPTIONAL, + + -- MUST be present in the first Challenge; MAY be omitted in + -- any subsequent Challenge in POPODecKeyChallContent (if + -- omitted, then the owf used in the immediately preceding + -- Challenge is to be used). + + witness OCTET STRING, + -- the result of applying the one-way function (owf) to a + -- randomly-generated INTEGER, A. [Note that a different + -- INTEGER MUST be used for each Challenge.] + challenge OCTET STRING + -- the encryption (under the public key for which the cert. + -- request is being made) of Rand, where Rand is specified as + -- Rand ::= SEQUENCE { + -- int INTEGER, + -- - the randomly-generated INTEGER A (above) + -- sender GeneralName + -- - the sender's name (as included in PKIHeader) + -- } + } + */ +typedef struct cmp_challenge_st + { + X509_ALGOR *owf; + ASN1_OCTET_STRING *whitness; + ASN1_OCTET_STRING *challenge; + } CMP_CHALLENGE; +DECLARE_ASN1_FUNCTIONS(CMP_CHALLENGE) +DECLARE_STACK_OF(CMP_CHALLENGE) + +#if 0 +/* the RFC explicitly allows substituting CMPCertificate with X509: + * + CMPCertificate ::= CHOICE { + x509v3PKCert Certificate + } + -- This syntax, while bits-on-the-wire compatible with the + -- standard X.509 definition of "Certificate", allows the + -- possibility of future certificate types (such as X.509 + -- attribute certificates, WAP WTLS certificates, or other kinds + -- of certificates) within this certificate management protocol, + -- should a need ever arise to support such generality. Those + -- implementations that do not foresee a need to ever support + -- other certificate types MAY, if they wish, comment out the + -- above structure and "un-comment" the following one prior to + -- compiling this ASN.1 module. (Note that interoperability + -- with implementations that don't do this will be unaffected by + -- this change.) + + -- CMPCertificate ::= Certificate + */ +#define CMP_CMPCERTIFICATE_X509V3PKCERT 0 +typedef struct cmp_cmpcertificate_st + { + int type; + union + { + X509 *x509v3PKCert; + } value; + } CMP_CMPCERTIFICATE; +DECLARE_ASN1_FUNCTIONS(CMP_CMPCERTIFICATE) +DECLARE_STACK_OF(CMP_CMPCERTIFICATE) +#endif + + +/* + CAKeyUpdAnnContent ::= SEQUENCE { + oldWithNew CMPCertificate, -- old pub signed with new priv + newWithOld CMPCertificate, -- new pub signed with old priv + newWithNew CMPCertificate -- new pub signed with new priv + } + */ +typedef struct cmp_cakeyupdanncontent_st + { + /* the RFC explicitly allows substituting CMPCertificate with X509 */ + X509 *oldWithNew; + X509 *newWithOld; + X509 *newWithNew; + } CMP_CAKEYUPDANNCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_CAKEYUPDANNCONTENT) + +/* declared already here as it will be used in CMP_PKIMESSAGE (nested) and infotype and * value*/ +typedef STACK_OF(CMP_PKIMESSAGE) CMP_PKIMESSAGES; +DECLARE_ASN1_FUNCTIONS(CMP_PKIMESSAGES) + +/* ESS_SIGNING_CERT comes from ts.h, but ESS_SIGNING_CERT_it isn't declared there */ +DECLARE_ASN1_ITEM(ESS_SIGNING_CERT) +DECLARE_STACK_OF(ESS_SIGNING_CERT) + +/* + InfoTypeAndValue ::= SEQUENCE { + infoType OBJECT IDENTIFIER, + infoValue ANY DEFINED BY infoType OPTIONAL + } + */ +typedef struct cmp_infotypeandvalue_st + { + ASN1_OBJECT *infoType; + union + { + char *ptr; + /* NID_id_it_caProtEncCert - CA Protocol Encryption Certificate */ + X509 *caProtEncCert; + /* NID_id_it_signKeyPairTypes - Signing Key Pair Types */ + STACK_OF(X509_ALGOR) *signKeyPairTypes; + /* NID_id_it_encKeyPairTypes - Encryption/Key Agreement Key Pair Types */ + STACK_OF(X509_ALGOR) *encKeyPairTypes; + /* NID_id_it_preferredSymmAlg - Preferred Symmetric Algorithm */ + X509_ALGOR *preferredSymmAlg; + /* NID_id_it_caKeyUpdateInfo - Updated CA Key Pair */ + CMP_CAKEYUPDANNCONTENT *caKeyUpdateInfo; + /* NID_id_it_currentCRL - CRL */ + X509_CRL *currentCRL; + /* NID_id_it_unsupportedOIDs - Unsupported Object Identifiers */ + STACK_OF(ASN1_OBJECT) *unsupportedOIDs; + /* NID_id_it_keyPairParamReq - Key Pair Parameters Request */ + ASN1_OBJECT *keyPairParamReq; + /* NID_id_it_keyPairParamRep - Key Pair Parameters Response */ + X509_ALGOR *keyPairParamRep; + /* NID_id_it_revPassphrase - Revocation Passphrase */ + CRMF_ENCRYPTEDVALUE *revPassphrase; + /* NID_id_it_implicitConfirm - ImplicitConfirm */ + ASN1_NULL *implicitConfirm; + /* NID_id_it_confirmWaitTime - ConfirmWaitTime */ + ASN1_GENERALIZEDTIME *confirmWaitTime; + /* NID_id_it_origPKIMessage - origPKIMessage */ + CMP_PKIMESSAGES *origPKIMessage; + /* NID_id_it_suppLangTags - Supported Language Tags */ + STACK_OF(ASN1_UTF8STRING) *suppLangTagsValue; + /* this is to be used for so far undeclared objects */ + ASN1_TYPE *other; + } infoValue; + } CMP_INFOTYPEANDVALUE; +DECLARE_ASN1_FUNCTIONS(CMP_INFOTYPEANDVALUE) +DECLARE_STACK_OF(CMP_INFOTYPEANDVALUE) + +#if 0 +/* TODO: that should be changed to be a real CMP_PKIFREETEXT type? */ +/* + PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String [RFC3629] (note: each + -- UTF8String MAY include an [RFC3066] language tag + -- to indicate the language of the contained text + -- see [RFC2482] for details) + */ +DECLARE_STACK_OF(ASN1_UTF8STRING) +typedef STACK_OF(ASN1_UTF8STRING) CMP_PKIFREETEXT; +DECLARE_ASN1_FUNCTIONS(CMP_PKIFREETEXT) +#endif + +/* + PKIFailureInfo ::= BIT STRING { + -- since we can fail in more than one way! + -- More codes may be added in the future if/when required. + badAlg (0), + -- unrecognized or unsupported Algorithm Identifier + badMessageCheck (1), + -- integrity check failed (e.g., signature did not verify) + badRequest (2), + -- transaction not permitted or supported + badTime (3), + -- messageTime was not sufficiently close to the system time, + -- as defined by local policy + badCertId (4), + -- no certificate could be found matching the provided criteria + badDataFormat (5), + -- the data submitted has the wrong format + wrongAuthority (6), + -- the authority indicated in the request is different from the + -- one creating the response token + incorrectData (7), + -- the requester's data is incorrect (for notary services) + missingTimeStamp (8), + -- when the timestamp is missing but should be there + -- (by policy) + badPOP (9), + -- the proof-of-possession failed + certRevoked (10), + -- the certificate has already been revoked + certConfirmed (11), + -- the certificate has already been confirmed + wrongIntegrity (12), + -- invalid integrity, password based instead of signature or + -- vice versa + badRecipientNonce (13), + -- invalid recipient nonce, either missing or wrong value + timeNotAvailable (14), + -- the TSA's time source is not available + unacceptedPolicy (15), + -- the requested TSA policy is not supported by the TSA. + unacceptedExtension (16), + -- the requested extension is not supported by the TSA. + addInfoNotAvailable (17), + -- the additional information requested could not be + -- understood or is not available + badSenderNonce (18), + -- invalid sender nonce, either missing or wrong size + badCertTemplate (19), + -- invalid cert. template or missing mandatory information + signerNotTrusted (20), + -- signer of the message unknown or not trusted + transactionIdInUse (21), + -- the transaction identifier is already in use + unsupportedVersion (22), + -- the version of the message is not supported + notAuthorized (23), + -- the sender was not authorized to make the preceding + -- request or perform the preceding action + systemUnavail (24), + -- the request cannot be handled due to system unavailability + systemFailure (25), + -- the request cannot be handled due to system failure + duplicateCertReq (26) + -- certificate cannot be issued because a duplicate + -- certificate already exists + } + */ +#define CMP_PKIFAILUREINFO_badAlg 0 +#define CMP_PKIFAILUREINFO_badMessageCheck 1 +#define CMP_PKIFAILUREINFO_badRequest 2 +#define CMP_PKIFAILUREINFO_badTime 3 +#define CMP_PKIFAILUREINFO_badCertId 4 +#define CMP_PKIFAILUREINFO_badDataFormat 5 +#define CMP_PKIFAILUREINFO_wrongAuthority 6 +#define CMP_PKIFAILUREINFO_incorrectData 7 +#define CMP_PKIFAILUREINFO_missingTimeStamp 8 +#define CMP_PKIFAILUREINFO_badPOP 9 +#define CMP_PKIFAILUREINFO_certRevoked 10 +#define CMP_PKIFAILUREINFO_certConfirmed 11 +#define CMP_PKIFAILUREINFO_wrongIntegrity 12 +#define CMP_PKIFAILUREINFO_badRecipientNonce 13 +#define CMP_PKIFAILUREINFO_timeNotAvailable 14 +#define CMP_PKIFAILUREINFO_unacceptedPolicy 15 +#define CMP_PKIFAILUREINFO_unacceptedExtension 16 +#define CMP_PKIFAILUREINFO_addInfoNotAvailable 17 +#define CMP_PKIFAILUREINFO_badSenderNonce 18 +#define CMP_PKIFAILUREINFO_badCertTemplate 19 +#define CMP_PKIFAILUREINFO_signerNotTrusted 20 +#define CMP_PKIFAILUREINFO_transactionIdInUse 21 +#define CMP_PKIFAILUREINFO_unsupportedVersion 22 +#define CMP_PKIFAILUREINFO_notAuthorized 23 +#define CMP_PKIFAILUREINFO_systemUnavail 24 +#define CMP_PKIFAILUREINFO_systemFailure 25 +#define CMP_PKIFAILUREINFO_duplicateCertReq 26 +#define CMP_PKIFAILUREINFO_MAX 26 +typedef ASN1_BIT_STRING CMP_PKIFAILUREINFO; + +#define CMP_CTX_FAILINFO_badAlg (1 << 0) +#define CMP_CTX_FAILINFO_badMessageCheck (1 << 1) +#define CMP_CTX_FAILINFO_badRequest (1 << 2) +#define CMP_CTX_FAILINFO_badTime (1 << 3) +#define CMP_CTX_FAILINFO_badCertId (1 << 4) +#define CMP_CTX_FAILINFO_badDataFormat (1 << 5) +#define CMP_CTX_FAILINFO_wrongAuthority (1 << 6) +#define CMP_CTX_FAILINFO_incorrectData (1 << 7) +#define CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) +#define CMP_CTX_FAILINFO_badPOP (1 << 9) +#define CMP_CTX_FAILINFO_certRevoked (1 << 10) +#define CMP_CTX_FAILINFO_certConfirmed (1 << 11) +#define CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) +#define CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) +#define CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) +#define CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) +#define CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) +#define CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) +#define CMP_CTX_FAILINFO_badSenderNonce (1 << 18) +#define CMP_CTX_FAILINFO_badCertTemplate (1 << 19) +#define CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) +#define CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) +#define CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) +#define CMP_CTX_FAILINFO_notAuthorized (1 << 23) +#define CMP_CTX_FAILINFO_systemUnavail (1 << 24) +#define CMP_CTX_FAILINFO_systemFailure (1 << 25) +#define CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) + +/* + PKIStatus ::= INTEGER { + accepted (0), + -- you got exactly what you asked for + grantedWithMods (1), + -- you got something like what you asked for; the + -- requester is responsible for ascertaining the differences + rejection (2), + -- you don't get it, more information elsewhere in the message + waiting (3), + -- the request body part has not yet been processed; expect to + -- hear more later (note: proper handling of this status + -- response MAY use the polling req/rep PKIMessages specified + -- in Section 5.3.22; alternatively, polling in the underlying + -- transport layer MAY have some utility in this regard) + revocationWarning (4), + -- this message contains a warning that a revocation is + -- imminent + revocationNotification (5), + -- notification that a revocation has occurred + keyUpdateWarning (6) + -- update already done for the oldCertId specified in + -- CertReqMsg + } + */ +#define CMP_PKISTATUS_accepted 0 +#define CMP_PKISTATUS_grantedWithMods 1 +#define CMP_PKISTATUS_rejection 2 +#define CMP_PKISTATUS_waiting 3 +#define CMP_PKISTATUS_revocationWarning 4 +#define CMP_PKISTATUS_revocationNotification 5 +#define CMP_PKISTATUS_keyUpdateWarning 6 + +typedef ASN1_INTEGER CMP_PKISTATUS; +DECLARE_ASN1_FUNCTIONS(CMP_PKISTATUS) + +/* + CertOrEncCert ::= CHOICE { + certificate [0] CMPCertificate, + encryptedCert [1] EncryptedValue + } + */ +#define CMP_CERTORENCCERT_CERTIFICATE 0 +#define CMP_CERTORENCCERT_ENCRYPTEDCERT 1 +typedef struct cmp_certorenccert_st + { + int type; + union + { + /* the RFC explicitly allows substituting CMPCertificate with X509 */ + X509 *certificate; + CRMF_ENCRYPTEDVALUE *encryptedCert; + } value; + } CMP_CERTORENCCERT; +DECLARE_ASN1_FUNCTIONS(CMP_CERTORENCCERT) + +/* + CertifiedKeyPair ::= SEQUENCE { + certOrEncCert CertOrEncCert, + privateKey [0] EncryptedValue OPTIONAL, + -- see [CRMF] for comment on encoding + publicationInfo [1] PKIPublicationInfo OPTIONAL + } + */ +typedef struct cmp_certifiedkeypair_st + { + CMP_CERTORENCCERT *certOrEncCert; + CRMF_ENCRYPTEDVALUE *privateKey; + CRMF_PKIPUBLICATIONINFO *failInfo; + } CMP_CERTIFIEDKEYPAIR; +DECLARE_ASN1_FUNCTIONS(CMP_CERTIFIEDKEYPAIR) + +/* + PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL + } + */ +typedef struct cmp_pkistatusinfo_st + { + CMP_PKISTATUS *status; +#if 0 + CMP_PKIFREETEXT *statusString; +#endif + STACK_OF(ASN1_UTF8STRING) *statusString; + CMP_PKIFAILUREINFO *failInfo; + } CMP_PKISTATUSINFO; +DECLARE_ASN1_FUNCTIONS(CMP_PKISTATUSINFO) +DECLARE_STACK_OF(CMP_PKISTATUSINFO) + +/* + RevReqContent ::= SEQUENCE OF RevDetails + + RevDetails ::= SEQUENCE { + certDetails CertTemplate, + -- allows requester to specify as much as they can about + -- the cert. for which revocation is requested + -- (e.g., for cases in which serialNumber is not available) + crlEntryDetails Extensions OPTIONAL + -- requested crlEntryExtensions + } +*/ +typedef struct cmp_revdetails_st + { + CRMF_CERTTEMPLATE *certDetails; + X509_EXTENSIONS *crlEntryDetails; + } CMP_REVDETAILS; +DECLARE_ASN1_FUNCTIONS(CMP_REVDETAILS) +DECLARE_STACK_OF(CMP_REVDETAILS) + +/* + RevRepContent ::= SEQUENCE { + status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, + -- in same order as was sent in RevReqContent + revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId + OPTIONAL, + -- IDs for which revocation was requested + -- (same order as status) + crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList + OPTIONAL + -- the resulting CRLs (there may be more than one) + } + */ +typedef struct cmp_revrep_st + { + STACK_OF(CMP_PKISTATUSINFO) *status; + STACK_OF(CRMF_CERTID) *certId; + STACK_OF(X509) *crls; + } CMP_REVREPCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_REVREPCONTENT) + +/* + KeyRecRepContent ::= SEQUENCE { + status PKIStatusInfo, + newSigCert [0] CMPCertificate OPTIONAL, + caCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, + keyPairHist [2] SEQUENCE SIZE (1..MAX) OF CertifiedKeyPair OPTIONAL + } +*/ +typedef struct cmp_keyrecrepcontent_st + { + CMP_PKISTATUSINFO *status; + /* the RFC explicitly allows substituting CMPCertificate with X509 */ + X509 *newSigCert; + STACK_OF(X509) *caCerts; + STACK_OF(CMP_CERTIFIEDKEYPAIR) *keyPairHist; + } CMP_KEYRECREPCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_KEYRECREPCONTENT) + +/* + ErrorMsgContent ::= SEQUENCE { + pKIStatusInfo PKIStatusInfo, + errorCode INTEGER OPTIONAL, + -- implementation-specific error codes + errorDetails PKIFreeText OPTIONAL + -- implementation-specific error details + } + */ +typedef struct cmp_errormsgcontent_st + { + CMP_PKISTATUSINFO *pKIStatusInfo; + ASN1_INTEGER *errorCode; + STACK_OF(ASN1_UTF8STRING) *errorDetails; +#if 0 + CMP_PKIFREETEXT *errorDetails; +#endif + } CMP_ERRORMSGCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_ERRORMSGCONTENT) + +/* + CertConfirmContent ::= SEQUENCE OF CertStatus + + CertStatus ::= SEQUENCE { + certHash OCTET STRING, + -- the hash of the certificate, using the same hash algorithm + -- as is used to create and verify the certificate signature + certReqId INTEGER, + -- to match this confirmation with the corresponding req/rep + statusInfo PKIStatusInfo OPTIONAL + } + */ +typedef struct cmp_certstatus_st + { + ASN1_OCTET_STRING *certHash; + ASN1_INTEGER *certReqId; + CMP_PKISTATUSINFO *statusInfo; + } CMP_CERTSTATUS; +DECLARE_STACK_OF(CMP_CERTSTATUS) +DECLARE_ASN1_SET_OF(CMP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(CMP_CERTSTATUS) + +typedef STACK_OF(CMP_CERTSTATUS) CMP_CERTCONFIRMCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_CERTCONFIRMCONTENT) + +/* + CertResponse ::= SEQUENCE { + certReqId INTEGER, + -- to match this response with corresponding request (a value + -- of -1 is to be used if certReqId is not specified in the + -- corresponding request) + status PKIStatusInfo, + certifiedKeyPair CertifiedKeyPair OPTIONAL, + rspInfo OCTET STRING OPTIONAL + -- analogous to the id-regInfo-utf8Pairs string defined + -- for regInfo in CertReqMsg [CRMF] + } + */ +typedef struct cmp_certresponse_st + { + ASN1_INTEGER *certReqId; + CMP_PKISTATUSINFO *status; + CMP_CERTIFIEDKEYPAIR *certifiedKeyPair; + ASN1_OCTET_STRING *rspInfo; + } CMP_CERTRESPONSE; +DECLARE_ASN1_FUNCTIONS(CMP_CERTRESPONSE) +DECLARE_STACK_OF(CMP_CERTRESPONSE) + +/* + CertRepMessage ::= SEQUENCE { + caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL, + response SEQUENCE OF CertResponse + } + */ +typedef struct cmp_certrepmessage_st + { + /* the RFC explicitly allows substituting CMPCertificate with X509 */ + STACK_OF(X509) *caPubs; + STACK_OF(CMP_CERTRESPONSE) *response; + } CMP_CERTREPMESSAGE; +DECLARE_ASN1_FUNCTIONS(CMP_CERTREPMESSAGE) + +/* the following is from RFC 2986 - PKCS #10 + +Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { + type ATTRIBUTE.&id({IOSet}), + values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) +} + +CertificationRequestInfo ::= SEQUENCE { + version INTEGER { v1(0) } (v1,...), + subject Name, + subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, + attributes [0] Attributes{{ CRIAttributes }} +} + +CertificationRequest ::= SEQUENCE { + certificationRequestInfo CertificationRequestInfo, + signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, + signature BIT STRING +} +*/ +typedef struct pkcs10_attribute_st + { + ASN1_OBJECT *id; + STACK_OF(ASN1_TYPE) *values; + } PKCS10_ATTRIBUTE; +DECLARE_ASN1_FUNCTIONS(PKCS10_ATTRIBUTE) +DECLARE_STACK_OF(PKCS10_ATTRIBUTE) + +typedef struct pkcs10_certificationrequestinfo_st + { + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *subjectPKInfo; + STACK_OF(PKCS10_ATTRIBUTE) attributes; + } PKCS10_CERTIFICATIONREQUESTINFO; +DECLARE_ASN1_FUNCTIONS(PKCS10_CERTIFICATIONREQUESTINFO) + +typedef struct pkcs10_certificationrequest_st + { + PKCS10_CERTIFICATIONREQUESTINFO *certificationRequestInfo; + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + } PKCS10_CERTIFICATIONREQUEST; +DECLARE_ASN1_FUNCTIONS(PKCS10_CERTIFICATIONREQUEST) + +/* + PollReqContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER + } + */ +typedef struct cmp_pollreq_st + { + ASN1_INTEGER *certReqId; + } CMP_POLLREQ; +DECLARE_ASN1_FUNCTIONS(CMP_POLLREQ) +DECLARE_STACK_OF(CMP_POLLREQ) +typedef STACK_OF(CMP_POLLREQ) CMP_POLLREQCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_POLLREQCONTENT) + +/* + PollRepContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER, + checkAfter INTEGER, -- time in seconds + reason PKIFreeText OPTIONAL + } + */ +typedef struct cmp_pollrep_st + { + ASN1_INTEGER *certReqId; + ASN1_INTEGER *checkAfter; + STACK_OF(ASN1_UTF8STRING) *reason; + } CMP_POLLREP; +DECLARE_ASN1_FUNCTIONS(CMP_POLLREP) +DECLARE_STACK_OF(CMP_POLLREP) +typedef STACK_OF(CMP_POLLREP) CMP_POLLREPCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_POLLREPCONTENT) + +/* + PKIHeader ::= SEQUENCE { + pvno INTEGER { cmp1999(1), cmp2000(2) }, + sender GeneralName, + -- identifies the sender + recipient GeneralName, + -- identifies the intended recipient + messageTime [0] GeneralizedTime OPTIONAL, + -- time of production of this message (used when sender + -- believes that the transport will be "suitable"; i.e., + -- that the time will still be meaningful upon receipt) + protectionAlg [1] AlgorithmIdentifier OPTIONAL, + -- algorithm used for calculation of protection bits + senderKID [2] KeyIdentifier OPTIONAL, + recipKID [3] KeyIdentifier OPTIONAL, + -- to identify specific keys used for protection + transactionID [4] OCTET STRING OPTIONAL, + -- identifies the transaction; i.e., this will be the same in + -- corresponding request, response, certConf, and PKIConf + -- messages + senderNonce [5] OCTET STRING OPTIONAL, + recipNonce [6] OCTET STRING OPTIONAL, + -- nonces used to provide replay protection, senderNonce + -- is inserted by the creator of this message; recipNonce + -- is a nonce previously inserted in a related message by + -- the intended recipient of this message + freeText [7] PKIFreeText OPTIONAL, + -- this may be used to indicate context-specific instructions + -- (this field is intended for human consumption) + generalInfo [8] SEQUENCE SIZE (1..MAX) OF + InfoTypeAndValue OPTIONAL + -- this may be used to convey context-specific information + -- (this field not primarily intended for human consumption) + } +*/ +typedef struct cmp_pkiheader_st + { + ASN1_INTEGER *pvno; + GENERAL_NAME *sender; + GENERAL_NAME *recipient; + ASN1_GENERALIZEDTIME *messageTime; /* 0 */ + X509_ALGOR *protectionAlg; /* 1 */ + ASN1_OCTET_STRING *senderKID; /* 2 */ + ASN1_OCTET_STRING *recipKID; /* 3 */ + ASN1_OCTET_STRING *transactionID; /* 4 */ + ASN1_OCTET_STRING *senderNonce; /* 5 */ + ASN1_OCTET_STRING *recipNonce; /* 6 */ + STACK_OF(ASN1_UTF8STRING) *freeText; /* 7 */ + STACK_OF(CMP_INFOTYPEANDVALUE) *generalInfo; /* 8 */ + } CMP_PKIHEADER; +DECLARE_ASN1_FUNCTIONS(CMP_PKIHEADER) + +#define V_CMP_PKIBODY_IR 0 +#define V_CMP_PKIBODY_IP 1 +#define V_CMP_PKIBODY_CR 2 +#define V_CMP_PKIBODY_CP 3 +#define V_CMP_PKIBODY_P10CR 4 +#define V_CMP_PKIBODY_POPDECC 5 +#define V_CMP_PKIBODY_POPDECR 6 +#define V_CMP_PKIBODY_KUR 7 +#define V_CMP_PKIBODY_KUP 8 +#define V_CMP_PKIBODY_KRR 9 +#define V_CMP_PKIBODY_KRP 10 +#define V_CMP_PKIBODY_RR 11 +#define V_CMP_PKIBODY_RP 12 +#define V_CMP_PKIBODY_CCR 13 +#define V_CMP_PKIBODY_CCP 14 +#define V_CMP_PKIBODY_CKUANN 15 +#define V_CMP_PKIBODY_CANN 16 +#define V_CMP_PKIBODY_RANN 17 +#define V_CMP_PKIBODY_CRLANN 18 +#define V_CMP_PKIBODY_PKICONF 19 +#define V_CMP_PKIBODY_NESTED 20 +#define V_CMP_PKIBODY_GENM 21 +#define V_CMP_PKIBODY_GENP 22 +#define V_CMP_PKIBODY_ERROR 23 +#define V_CMP_PKIBODY_CERTCONF 24 +#define V_CMP_PKIBODY_POLLREQ 25 +#define V_CMP_PKIBODY_POLLREP 26 + +typedef STACK_OF(CMP_CHALLENGE) CMP_POPODECKEYCHALLCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_POPODECKEYCHALLCONTENT) + +typedef STACK_OF(ASN1_INTEGER) CMP_POPODECKEYRESPCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_POPODECKEYRESPCONTENT) + +typedef STACK_OF(CMP_REVDETAILS) CMP_REVREQCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_REVREQCONTENT) + +typedef STACK_OF(X509_CRL) CMP_CRLANNCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_CRLANNCONTENT) + +typedef STACK_OF(CMP_INFOTYPEANDVALUE) CMP_GENMSGCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_GENMSGCONTENT) + +typedef STACK_OF(CMP_INFOTYPEANDVALUE) CMP_GENREPCONTENT; +DECLARE_ASN1_FUNCTIONS(CMP_GENREPCONTENT) + +/* + PKIBody ::= CHOICE { -- message-specific body elements + ir [0] CertReqMessages, --Initialization Request + ip [1] CertRepMessage, --Initialization Response + cr [2] CertReqMessages, --Certification Request + cp [3] CertRepMessage, --Certification Response + p10cr [4] CertificationRequest, --imported from [PKCS10] + popdecc [5] POPODecKeyChallContent, --pop Challenge + popdecr [6] POPODecKeyRespContent, --pop Response + kur [7] CertReqMessages, --Key Update Request + kup [8] CertRepMessage, --Key Update Response + krr [9] CertReqMessages, --Key Recovery Request + krp [10] KeyRecRepContent, --Key Recovery Response + rr [11] RevReqContent, --Revocation Request + rp [12] RevRepContent, --Revocation Response + ccr [13] CertReqMessages, --Cross-Cert. Request + ccp [14] CertRepMessage, --Cross-Cert. Response + ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. + cann [16] CertAnnContent, --Certificate Ann. + rann [17] RevAnnContent, --Revocation Ann. + crlann [18] CRLAnnContent, --CRL Announcement + pkiconf [19] PKIConfirmContent, --Confirmation + nested [20] NestedMessageContent, --Nested Message + genm [21] GenMsgContent, --General Message + genp [22] GenRepContent, --General Response + error [23] ErrorMsgContent, --Error Message + certConf [24] CertConfirmContent, --Certificate confirm + pollReq [25] PollReqContent, --Polling request + pollRep [26] PollRepContent --Polling response +*/ +typedef struct cmp_pkibody_st + { + int type; + union + { + CRMF_CERTREQMESSAGES *ir; /* 0 */ + CMP_CERTREPMESSAGE *ip; /* 1 */ + CRMF_CERTREQMESSAGES *cr; /* 2 */ + CMP_CERTREPMESSAGE *cp; /* 3 */ + /* p10cr [4] CertificationRequest, --imported from [PKCS10] */ + PKCS10_CERTIFICATIONREQUEST *p10cr; /* 4 */ + /* popdecc [5] POPODecKeyChallContent, --pop Challenge */ + /* POPODecKeyChallContent ::= SEQUENCE OF Challenge */ + CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */ + /* popdecr [6] POPODecKeyRespContent, --pop Response */ + /* POPODecKeyRespContent ::= SEQUENCE OF INTEGER */ + CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */ + CRMF_CERTREQMESSAGES *kur; /* 7 */ + CMP_CERTREPMESSAGE *kup; /* 8 */ + CRMF_CERTREQMESSAGES *krr; /* 9 */ + + /* krp [10] KeyRecRepContent, --Key Recovery Response */ + CMP_KEYRECREPCONTENT *krp; /* 10 */ + /* rr [11] RevReqContent, --Revocation Request */ + CMP_REVREQCONTENT *rr; /* 11 */ + /* rp [12] RevRepContent, --Revocation Response */ + CMP_REVREPCONTENT *rp; /* 12 */ + /* ccr [13] CertReqMessages, --Cross-Cert. Request */ + CRMF_CERTREQMESSAGES *ccr; /* 13 */ + /* ccp [14] CertRepMessage, --Cross-Cert. Response */ + CMP_CERTREPMESSAGE *ccp; /* 14 */ + /* ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. */ + CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */ + /* cann [16] CertAnnContent, --Certificate Ann. */ + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + X509 *cann; /* 16 */ + /* rann [17] RevAnnContent, --Revocation Ann. */ + CMP_REVANNCONTENT *rann; /* 17 */ + /* crlann [18] CRLAnnContent, --CRL Announcement */ + /* CRLAnnContent ::= SEQUENCE OF CertificateList */ + CMP_CRLANNCONTENT *crlann; + /* PKIConfirmContent ::= NULL */ + /* pkiconf [19] PKIConfirmContent, --Confirmation */ + /* CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL */ + /* CMP_CONFIRMCONTENT *pkiconf; */ + /* NOTE: this should ASN1_NULL according to the RFC but there might be a struct in it when sent from faulty servers... */ + ASN1_TYPE *pkiconf; /* 19 */ + /* nested [20] NestedMessageContent, --Nested Message */ + /* NestedMessageContent ::= PKIMessages */ + CMP_PKIMESSAGES *nested; /* 20 */ + /* genm [21] GenMsgContent, --General Message */ + /* GenMsgContent ::= SEQUENCE OF InfoTypeAndValue */ + CMP_GENMSGCONTENT *genm; /* 21 */ + /* genp [22] GenRepContent, --General Response */ + /* GenRepContent ::= SEQUENCE OF InfoTypeAndValue */ + CMP_GENREPCONTENT *genp; /* 22 */ + /* error [23] ErrorMsgContent, --Error Message */ + CMP_ERRORMSGCONTENT *error; /* 23 */ + /* certConf [24] CertConfirmContent, --Certificate confirm */ + CMP_CERTCONFIRMCONTENT *certConf; /* 24 */ + /* pollReq [25] PollReqContent, --Polling request */ + CMP_POLLREQCONTENT *pollReq; + /* pollRep [26] PollRepContent --Polling response */ + CMP_POLLREPCONTENT *pollRep; + } value; + } CMP_PKIBODY; +DECLARE_ASN1_FUNCTIONS(CMP_PKIBODY) + +/* + PKIProtection ::= BIT STRING + + PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage + + PKIMessage ::= SEQUENCE { + header PKIHeader, + body PKIBody, + protection [0] PKIProtection OPTIONAL, + extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL + } + */ +typedef struct cmp_pkimessage_st + { + CMP_PKIHEADER *header; + CMP_PKIBODY *body; + ASN1_BIT_STRING *protection; /* 0 */ + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + STACK_OF(X509) *extraCerts; /* 1 */ + } CMP_PKIMESSAGE; +DECLARE_ASN1_FUNCTIONS(CMP_PKIMESSAGE) +DECLARE_STACK_OF(CMP_PKIMESSAGE) /* PKIMessages */ + +/* + ProtectedPart ::= SEQUENCE { + header PKIHeader, + body PKIBody + } + */ +typedef struct cmp_protectedpart_st + { + CMP_PKIHEADER *header; + CMP_PKIBODY *body; + } CMP_PROTECTEDPART; +DECLARE_ASN1_FUNCTIONS(CMP_PROTECTEDPART) + +/* this is not defined here as it is already in CRMF: + id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} + PBMParameter ::= SEQUENCE { + salt OCTET STRING, + -- note: implementations MAY wish to limit acceptable sizes + -- of this string to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + iterationCount INTEGER, + -- number of times the OWF is applied + -- note: implementations MAY wish to limit acceptable sizes + -- of this integer to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + } -- or HMAC [RFC2104, RFC2202]) + */ + +/* + TODO: this is not yet defined here - but DH is anyway not used yet + + id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} + DHBMParameter ::= SEQUENCE { + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + } -- or HMAC [RFC2104, RFC2202]) + + */ + +/* The following is not cared for, because it is described in section 5.2.5 + * that this is beyond the scope of CMP + OOBCert ::= CMPCertificate + + OOBCertHash ::= SEQUENCE { + hashAlg [0] AlgorithmIdentifier OPTIONAL, + certId [1] CertId OPTIONAL, + hashVal BIT STRING + -- hashVal is calculated over the DER encoding of the + -- self-signed certificate with the identifier certID. + } + */ + +/* ########################################################################## * + * context DECLARATIONS + * ########################################################################## */ + +typedef void (*cmp_logfn_t)(const char *msg); +typedef int (*cmp_certConfFn_t)(int status, const X509 *cert); + +/* this structure is used to store the context for CMP sessions + * partly using OpenSSL ASN.1 types in order to ease handling it */ +typedef struct cmp_ctx_st + { + /* "reference and secret" for MSG_MAC_ALG */ + ASN1_OCTET_STRING *referenceValue; + ASN1_OCTET_STRING *secretValue; + /* for setting itav for EJBCA in CA mode */ + ASN1_UTF8STRING *regToken; + /* certificate used to identify the server */ + X509 *srvCert; + /* current client certificate used to identify and sign for MSG_SIG_ALG */ + X509 *clCert; + X509 *oldClCert; + /* subject name to be used in the cert template. NB: could also be taken + * from clcert */ + X509_NAME *subjectName; + /* to set in recipient in pkiheader */ + X509_NAME *recipient; + /* names to be added to the cert template as the subjectAltName extension */ + STACK_OF(GENERAL_NAME) *subjectAltNames; + /* whether or not the subjectAltName extension should be set critical */ + int setSubjectAltNameCritical; + /* Stack of CA certificates sent by the CA in a IP message */ + STACK_OF(X509) *caPubs; + /* stack of extraCerts to be included when sending a PKI message */ + STACK_OF(X509) *extraCertsOut; + /* stack of extraCerts received from remote */ + STACK_OF(X509) *extraCertsIn; + /* EVP_PKEY holding the *current* key pair + * Note: this is not an ASN.1 type */ + EVP_PKEY *pkey; + /* *new* CLIENT certificate received from the CA + * TODO: this should be a stack since there could be more than one */ + X509 *newClCert; + /* EVP_PKEY holding the *new* key pair + * Note: this is not an ASN.1 type */ + EVP_PKEY *newPkey; + /* the current transaction ID */ + ASN1_OCTET_STRING *transactionID; + /* last nonce received */ + ASN1_OCTET_STRING *recipNonce; + /* to set implicitConfirm in IR/KUR/CR messges false=0 true!=0 */ + int implicitConfirm; + /* Proof-of-posession mechanism used. Defaults to signature (POPOsignkingKey) */ + int popoMethod; + /* maximum time in secods to wait for an http transfer to complete + * Note: only usable with libcurl! */ + int HttpTimeOut; + /* maximum time to poll the server for a response if a 'waiting' PKIStatus is received */ + int maxPollTime; + /* PKIStatus of last received IP/CP/KUP */ + /* TODO: this should be a stack since there could be more than one */ + int lastPKIStatus; + /* failInfoCode of last received IP/CP/KUP */ + /* TODO: this should be a stack since there could be more than one */ + unsigned long failInfoCode; + STACK_OF(ASN1_UTF8STRING) *lastStatusString; + + /* log callback functions for error and debug messages */ + cmp_logfn_t error_cb, debug_cb; + + /* callback for letting the user check the received certificate and + * reject if necessary */ + cmp_certConfFn_t certConf_cb; + + /* stores for trusted and untrusted (intermediate) certificates */ + X509_STORE *trusted_store; + X509_STORE *untrusted_store; + + /* include root certs from extracerts when validating? Used for 3GPP-style E.7 */ + int permitTAInExtraCertsForIR; + /* stores the server Cert as soon as it's trust chain has been validated */ + X509 *validatedSrvCert; + + /* HTTP transfer related settings */ + char *serverName; + int serverPort; + char *serverPath; + char *proxyName; + int proxyPort; + int lastHTTPCode; + int useTLS; + char *sourceAddress; + + CERTIFICATEPOLICIES *policies; + + } CMP_CTX; + +DECLARE_ASN1_FUNCTIONS(CMP_CTX) + +/* ########################################################################## * + * function DECLARATIONS + * ########################################################################## */ + +/* cmp_msg.c */ +CMP_PKIMESSAGE *CMP_ir_new( CMP_CTX *ctx); +CMP_PKIMESSAGE *CMP_cr_new( CMP_CTX *ctx); +CMP_PKIMESSAGE *CMP_rr_new( CMP_CTX *ctx); +CMP_PKIMESSAGE *CMP_certConf_new( CMP_CTX *ctx); +CMP_PKIMESSAGE *CMP_kur_new( CMP_CTX *ctx); +CMP_PKIMESSAGE *CMP_genm_new( CMP_CTX *ctx); +CMP_PKIMESSAGE *CMP_pollReq_new( CMP_CTX *ctx, int reqId); + +/* cmp_lib.c */ +long CMP_REVREPCONTENT_PKIStatus_get(CMP_REVREPCONTENT *revRep, long reqId); +int CMP_PKIHEADER_set_version(CMP_PKIHEADER *hdr, int version); +int CMP_PKIHEADER_set1_recipient(CMP_PKIHEADER *hdr, const X509_NAME *nm); +int CMP_PKIHEADER_set1_sender(CMP_PKIHEADER *hdr, const X509_NAME *nm); +int CMP_PKIHEADER_set1_transactionID(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *transactionID); +int CMP_PKIHEADER_set1_recipNonce(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *recipNonce); +int CMP_PKIHEADER_set1_senderKID(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *senderKID); +int CMP_PKIHEADER_set_messageTime(CMP_PKIHEADER *hdr); +int CMP_PKIMESSAGE_set_implicitConfirm(CMP_PKIMESSAGE *msg); +int CMP_PKIMESSAGE_check_implicitConfirm(CMP_PKIMESSAGE *msg); +int CMP_PKIHEADER_push0_freeText( CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); +int CMP_PKIHEADER_push1_freeText( CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); +int CMP_PKIHEADER_init(CMP_CTX *ctx, CMP_PKIHEADER *hdr); +ASN1_BIT_STRING *CMP_calc_protection_pbmac(CMP_PKIMESSAGE *pkimessage, const ASN1_OCTET_STRING *secret); +int CMP_PKIMESSAGE_protect(CMP_CTX *ctx, CMP_PKIMESSAGE *msg); +int CMP_CERTSTATUS_set_certHash( CMP_CERTSTATUS *certStatus, const X509 *cert); +int CMP_PKIHEADER_generalInfo_item_push0(CMP_PKIHEADER *hdr, const CMP_INFOTYPEANDVALUE *itav); +int CMP_PKIMESSAGE_genm_item_push0(CMP_PKIMESSAGE *msg, const CMP_INFOTYPEANDVALUE *itav); +int CMP_ITAV_stack_item_push0(STACK_OF(CMP_INFOTYPEANDVALUE) **itav_sk_p, const CMP_INFOTYPEANDVALUE *itav); +long CMP_PKISTATUSINFO_PKIstatus_get( CMP_PKISTATUSINFO *statusInfo); +long CMP_CERTREPMESSAGE_PKIStatus_get( CMP_CERTREPMESSAGE *certRep, long certReqId); +char *CMP_CERTREPMESSAGE_PKIFailureInfoString_get0(CMP_CERTREPMESSAGE *certRep, long certReqId); +STACK_OF(ASN1_UTF8STRING)* CMP_CERTREPMESSAGE_PKIStatusString_get0( CMP_CERTREPMESSAGE *certRep, long certReqId); +CMP_PKIFAILUREINFO *CMP_CERTREPMESSAGE_PKIFailureInfo_get0(CMP_CERTREPMESSAGE *certRep, long certReqId); +X509 *CMP_CERTREPMESSAGE_get_certificate(CMP_CTX *ctx, CMP_CERTREPMESSAGE *certrep); +int CMP_PKIFAILUREINFO_check( ASN1_BIT_STRING *failInfo, int codeBit); +CMP_CERTRESPONSE *CMP_CERTREPMESSAGE_certResponse_get0( CMP_CERTREPMESSAGE *certRep, long certReqId); +int CMP_CERTREPMESSAGE_certType_get( CMP_CERTREPMESSAGE *certRep, long certReqId); +int CMP_PKIMESSAGE_set_bodytype( CMP_PKIMESSAGE *msg, int type); +int CMP_PKIMESSAGE_get_bodytype( CMP_PKIMESSAGE *msg); +char *CMP_PKIMESSAGE_parse_error_msg( CMP_PKIMESSAGE *msg, char *errormsg, int bufsize); +ASN1_OCTET_STRING *CMP_get_cert_subject_key_id(const X509 *cert); +STACK_OF(X509) *CMP_build_cert_chain(X509_STORE *store, X509 *cert); + +/* cmp_vfy.c */ +int CMP_validate_msg(CMP_CTX *ctx, CMP_PKIMESSAGE *msg); + +/* from cmp_http.c */ +int CMP_PKIMESSAGE_http_perform(const CMP_CTX *ctx, const CMP_PKIMESSAGE *msg, CMP_PKIMESSAGE **out); +long CMP_get_http_response_code(const CMP_CTX *ctx); + + +/* from cmp_ses.c */ +X509 *CMP_doInitialRequestSeq(CMP_CTX *ctx); +X509 *CMP_doCertificateRequestSeq(CMP_CTX *ctx); +int CMP_doRevocationRequestSeq(CMP_CTX *ctx); +X509 *CMP_doKeyUpdateRequestSeq(CMP_CTX *ctx); +STACK_OF(CMP_INFOTYPEANDVALUE) *CMP_doGeneralMessageSeq(CMP_CTX *ctx, int nid, char *value); + +/* from cmp_ctx.c */ +CMP_CTX *CMP_CTX_create(void); +int CMP_CTX_init( CMP_CTX *ctx); +int CMP_CTX_set0_trustedStore( CMP_CTX *ctx, X509_STORE *store); +int CMP_CTX_set0_untrustedStore( CMP_CTX *ctx, X509_STORE *store); +void CMP_CTX_delete(CMP_CTX *ctx); +int CMP_CTX_set_error_callback( CMP_CTX *ctx, cmp_logfn_t cb); +int CMP_CTX_set_debug_callback( CMP_CTX *ctx, cmp_logfn_t cb); +int CMP_CTX_set_certConf_callback( CMP_CTX *ctx, cmp_certConfFn_t cb); +int CMP_CTX_set1_referenceValue( CMP_CTX *ctx, const unsigned char *ref, size_t len); +int CMP_CTX_set1_secretValue( CMP_CTX *ctx, const unsigned char *sec, const size_t len); +int CMP_CTX_set1_regToken( CMP_CTX *ctx, const char *regtoken, const size_t len); +/* for backwards compatibility, TODO: remove asap */ +#define CMP_CTX_set1_caCert CMP_CTX_set1_srvCert +int CMP_CTX_set1_srvCert( CMP_CTX *ctx, const X509 *cert); +int CMP_CTX_set1_clCert( CMP_CTX *ctx, const X509 *cert); +int CMP_CTX_set1_oldClCert( CMP_CTX *ctx, const X509 *cert); +int CMP_CTX_set1_subjectName( CMP_CTX *ctx, const X509_NAME *name); +int CMP_CTX_set1_recipient( CMP_CTX *ctx, const X509_NAME *name); +int CMP_CTX_subjectAltName_push1( CMP_CTX *ctx, const GENERAL_NAME *name); +int CMP_CTX_set1_sender( CMP_CTX *ctx, const X509_NAME *name); +X509_NAME* CMP_CTX_sender_get( CMP_CTX *ctx); +STACK_OF(X509)* CMP_CTX_caPubs_get1( CMP_CTX *ctx); +X509 *CMP_CTX_caPubs_pop( CMP_CTX *ctx); +int CMP_CTX_caPubs_num( CMP_CTX *ctx); +int CMP_CTX_set1_caPubs( CMP_CTX *ctx, const STACK_OF(X509) *caPubs); +int CMP_CTX_policyOID_push1( CMP_CTX *ctx, const char *policyOID); + +int CMP_CTX_set1_extraCertsOut( CMP_CTX *ctx, const STACK_OF(X509) *extraCertsOut); +int CMP_CTX_extraCertsOut_push1( CMP_CTX *ctx, const X509 *val); +int CMP_CTX_extraCertsOut_num( CMP_CTX *ctx); +STACK_OF(X509)* CMP_CTX_extraCertsIn_get1( CMP_CTX *ctx); +int CMP_CTX_set1_extraCertsIn( CMP_CTX *ctx, const STACK_OF(X509) *extraCertsIn); +X509 *CMP_CTX_extraCertsIn_pop( CMP_CTX *ctx); +int CMP_CTX_extraCertsIn_num( CMP_CTX *ctx); +int CMP_CTX_loadUntrustedStack(CMP_CTX *ctx, STACK_OF(X509) *stack); + +int CMP_CTX_set1_newClCert( CMP_CTX *ctx, const X509 *cert); +int CMP_CTX_set0_pkey( CMP_CTX *ctx, const EVP_PKEY *pkey); +int CMP_CTX_set1_pkey( CMP_CTX *ctx, const EVP_PKEY *pkey); +int CMP_CTX_set0_newPkey( CMP_CTX *ctx, const EVP_PKEY *pkey); +int CMP_CTX_set1_newPkey( CMP_CTX *ctx, const EVP_PKEY *pkey); +int CMP_CTX_set1_transactionID( CMP_CTX *ctx, const ASN1_OCTET_STRING *id); +int CMP_CTX_set1_senderNonce( CMP_CTX *ctx, const ASN1_OCTET_STRING *nonce); +int CMP_CTX_set1_recipNonce( CMP_CTX *ctx, const ASN1_OCTET_STRING *nonce); +int CMP_CTX_set1_serverName( CMP_CTX *ctx, const char *name); +int CMP_CTX_set1_serverPort( CMP_CTX *ctx, int port); +int CMP_CTX_set1_proxyName( CMP_CTX *ctx, const char *name); +int CMP_CTX_set1_proxyPort( CMP_CTX *ctx, int port); +int CMP_CTX_set1_sourceAddress( CMP_CTX *ctx, const char *ip); +/* for backwards compatibility, TODO: remove asap */ +#define CMP_CTX_set1_timeOut CMP_CTX_set_HttpTimeOut +int CMP_CTX_set1_timeOut( CMP_CTX *ctx, int time); +int CMP_CTX_set1_popoMethod( CMP_CTX *ctx, int method); +int CMP_CTX_set1_serverPath( CMP_CTX *ctx, const char *path); +int CMP_CTX_set_failInfoCode(CMP_CTX *ctx, CMP_PKIFAILUREINFO *failInfo); +unsigned long CMP_CTX_failInfoCode_get(CMP_CTX *ctx); +STACK_OF(ASN1_UTF8STRING) *CMP_CTX_statusString_get( CMP_CTX *ctx); +#define CMP_CTX_OPT_UNSET 0 +#define CMP_CTX_OPT_SET 1 +#define CMP_CTX_OPT_IMPLICITCONFIRM 2 +#define CMP_CTX_OPT_POPMETHOD 3 +#define CMP_CTX_OPT_MAXPOLLTIME 4 +#define CMP_CTX_PERMIT_TA_IN_EXTRACERTS_FOR_IR 5 +#define CMP_CTX_SET_SUBJECTALTNAME_CRITICAL 6 +#define CMP_CTX_USE_TLS 7 +int CMP_CTX_set_option( CMP_CTX *ctx, const int opt, const int val); +#if 0 +int CMP_CTX_push_freeText( CMP_CTX *ctx, const char *text); +#endif + +int CMP_CTX_error_callback(const char *str, size_t len, void *u); +void CMP_printf(const CMP_CTX *ctx, const char *fmt, ...); + +/* BIO definitions */ +#define d2i_CMP_PKIMESSAGE_bio(bp,p) ASN1_d2i_bio_of(CMP_PKIMESSAGE,CMP_PKIMESSAGE_new,d2i_CMP_PKIMESSAGE,bp,p) +#define i2d_CMP_PKIMESSAGE_bio(bp,o) ASN1_i2d_bio_of(CMP_PKIMESSAGE,i2d_CMP_PKIMESSAGE,bp,o) +#define d2i_CMP_PROTECTEDPART_bio(bp,p) ASN1_d2i_bio_of(CMP_PROTECTEDPART,CMP_PROTECTEDPART_new,d2i_CMP_PROTECTEDPART,bp,p) +#define i2d_CMP_PROTECTEDPART_bio(bp,o) ASN1_i2d_bio_of(CMP_PROTECTEDPART,i2d_CMP_PROTECTEDPART,bp,o) + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CMP_strings(void); + +/* Error codes for the CMP functions. */ + +/* Function codes. */ +#define CMP_F_CMP_CALC_PROTECTION_PBMAC 100 +#define CMP_F_CMP_CALC_PROTECTION_SIG 101 +#define CMP_F_CMP_CERTCONF_NEW 102 +#define CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1 103 +#define CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE 104 +#define CMP_F_CMP_CERTREPMESSAGE_PKIFAILUREINFOSTRING_GET0 105 +#define CMP_F_CMP_CERTREPMESSAGE_PKIFAILUREINFO_GET0 106 +#define CMP_F_CMP_CERTREPMESSAGE_PKISTATUSSTRING_GET0 107 +#define CMP_F_CMP_CERTREPMESSAGE_PKISTATUS_GET 108 +#define CMP_F_CMP_CERTSTATUS_SET_CERTHASH 109 +#define CMP_F_CMP_CR_NEW 110 +#define CMP_F_CMP_CTX_CAPUBS_GET1 111 +#define CMP_F_CMP_CTX_CAPUBS_NUM 112 +#define CMP_F_CMP_CTX_CAPUBS_POP 113 +#define CMP_F_CMP_CTX_CREATE 114 +#define CMP_F_CMP_CTX_EXTRACERTSIN_GET1 115 +#define CMP_F_CMP_CTX_EXTRACERTSIN_NUM 116 +#define CMP_F_CMP_CTX_EXTRACERTSIN_POP 117 +#define CMP_F_CMP_CTX_EXTRACERTSOUT_NUM 118 +#define CMP_F_CMP_CTX_EXTRACERTSOUT_PUSH1 119 +#define CMP_F_CMP_CTX_INIT 120 +#define CMP_F_CMP_CTX_SET0_NEWPKEY 121 +#define CMP_F_CMP_CTX_SET0_PKEY 122 +#define CMP_F_CMP_CTX_SET1_CAPUBS 123 +#define CMP_F_CMP_CTX_SET1_CLCERT 124 +#define CMP_F_CMP_CTX_SET1_EXTRACERTSIN 125 +#define CMP_F_CMP_CTX_SET1_EXTRACERTSOUT 126 +#define CMP_F_CMP_CTX_SET1_NEWCLCERT 127 +#define CMP_F_CMP_CTX_SET1_NEWPKEY 128 +#define CMP_F_CMP_CTX_SET1_OLDCLCERT 129 +#define CMP_F_CMP_CTX_SET1_PKEY 130 +#define CMP_F_CMP_CTX_SET1_POPOMETHOD 131 +#define CMP_F_CMP_CTX_SET1_PROXYNAME 132 +#define CMP_F_CMP_CTX_SET1_PROXYPORT 133 +#define CMP_F_CMP_CTX_SET1_RECIPIENT 134 +#define CMP_F_CMP_CTX_SET1_RECIPNONCE 135 +#define CMP_F_CMP_CTX_SET1_REFERENCEVALUE 136 +#define CMP_F_CMP_CTX_SET1_REGTOKEN 137 +#define CMP_F_CMP_CTX_SET1_SECRETVALUE 138 +#define CMP_F_CMP_CTX_SET1_SERVERNAME 139 +#define CMP_F_CMP_CTX_SET1_SERVERPATH 140 +#define CMP_F_CMP_CTX_SET1_SERVERPORT 141 +#define CMP_F_CMP_CTX_SET1_SOURCEADDRESS 142 +#define CMP_F_CMP_CTX_SET1_SRVCERT 143 +#define CMP_F_CMP_CTX_SET1_SUBJECTNAME 144 +#define CMP_F_CMP_CTX_SET1_TRANSACTIONID 145 +#define CMP_F_CMP_CTX_SET_HTTPTIMEOUT 146 +#define CMP_F_CMP_CTX_SUBJECTALTNAME_PUSH1 147 +#define CMP_F_CMP_DOCERTIFICATEREQUESTSEQ 148 +#define CMP_F_CMP_DOGENERALMESSAGESEQ 149 +#define CMP_F_CMP_DOINITIALREQUESTSEQ 150 +#define CMP_F_CMP_DOKEYUPDATEREQUESTSEQ 151 +#define CMP_F_CMP_DOREVOCATIONREQUESTSEQ 152 +#define CMP_F_CMP_GENM_NEW 153 +#define CMP_F_CMP_IR_NEW 154 +#define CMP_F_CMP_KUR_NEW 155 +#define CMP_F_CMP_NEW_HTTP_BIO 156 +#define CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM 157 +#define CMP_F_CMP_PKIMESSAGE_PARSE_ERROR_MSG 158 +#define CMP_F_CMP_PKIMESSAGE_PROTECT 159 +#define CMP_F_CMP_PKISTATUSINFO_PKISTATUS_GET_STRING 160 +#define CMP_F_CMP_POLLREQ_NEW 161 +#define CMP_F_CMP_REVREPCONTENT_PKISTATUS_GET 162 +#define CMP_F_CMP_RR_NEW 163 +#define CMP_F_CMP_VALIDATE_CERT_PATH 164 +#define CMP_F_CMP_VALIDATE_MSG 165 +#define CMP_F_CMP_VERIFY_SIGNATURE 166 +#define CMP_F_PARSE_HTTP_LINE1 167 +#define CMP_F_PKEY_DUP 168 +#define CMP_F_POLLFORRESPONSE 169 +#define CMP_F_SENDCERTCONF 170 + +/* Reason codes. */ +#define CMP_R_ALGORITHM_NOT_SUPPORTED 100 +#define CMP_R_CERTIFICATE_NOT_FOUND 101 +#define CMP_R_CP_NOT_RECEIVED 102 +#define CMP_R_CURL_ERROR 103 +#define CMP_R_ERROR_CALCULATING_PROTECTION 104 +#define CMP_R_ERROR_CREATING_CERTCONF 105 +#define CMP_R_ERROR_CREATING_CR 106 +#define CMP_R_ERROR_CREATING_GENM 107 +#define CMP_R_ERROR_CREATING_IR 108 +#define CMP_R_ERROR_CREATING_KUR 109 +#define CMP_R_ERROR_CREATING_POLLREQ 110 +#define CMP_R_ERROR_CREATING_RR 111 +#define CMP_R_ERROR_DECODING_CERTIFICATE 112 +#define CMP_R_ERROR_DECRYPTING_CERTIFICATE 113 +#define CMP_R_ERROR_DECRYPTING_ENCCERT 114 +#define CMP_R_ERROR_DECRYPTING_KEY 115 +#define CMP_R_ERROR_DECRYPTING_SYMMETRIC_KEY 116 +#define CMP_R_ERROR_NONCES_DO_NOT_MATCH 117 +#define CMP_R_ERROR_PARSING_ERROR_MESSAGE 118 +#define CMP_R_ERROR_PARSING_PKISTATUS 119 +#define CMP_R_ERROR_PROTECTING_MESSAGE 120 +#define CMP_R_ERROR_REQID_NOT_FOUND 121 +#define CMP_R_ERROR_SETTING_CERTHASH 122 +#define CMP_R_ERROR_VALIDATING_PROTECTION 123 +#define CMP_R_FAILED_TO_DECODE_PKIMESSAGE 124 +#define CMP_R_GENP_NOT_RECEIVED 125 +#define CMP_R_INVALID_ARGS 126 +#define CMP_R_INVALID_CONTENT_TYPE 127 +#define CMP_R_INVALID_CONTEXT 128 +#define CMP_R_INVALID_KEY 129 +#define CMP_R_INVALID_PARAMETERS 130 +#define CMP_R_IP_NOT_RECEIVED 131 +#define CMP_R_KUP_NOT_RECEIVED 132 +#define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 133 +#define CMP_R_NO_CERTIFICATE_RECEIVED 134 +#define CMP_R_NO_SECRET_VALUE_GIVEN_FOR_PBMAC 135 +#define CMP_R_NO_TRUSTED_CERTIFICATES_SET 136 +#define CMP_R_NO_VALID_SRVCERT_FOUND 137 +#define CMP_R_NULL_ARGUMENT 138 +#define CMP_R_PKIBODY_ERROR 139 +#define CMP_R_PKICONF_NOT_RECEIVED 140 +#define CMP_R_POLLREP_NOT_RECEIVED 141 +#define CMP_R_REQUEST_REJECTED_BY_CA 142 +#define CMP_R_RP_NOT_RECEIVED 143 +#define CMP_R_SERVER_NOT_REACHABLE 144 +#define CMP_R_SERVER_RESPONSE_ERROR 145 +#define CMP_R_SERVER_RESPONSE_PARSE_ERROR 146 +#define CMP_R_UNABLE_TO_CREATE_CONTEXT 147 +#define CMP_R_UNEXPECTED_PKISTATUS 148 +#define CMP_R_UNKNOWN_ALGORITHM_ID 149 +#define CMP_R_UNKNOWN_CERTTYPE 150 +#define CMP_R_UNKNOWN_PKISTATUS 151 +#define CMP_R_UNSUPPORTED_ALGORITHM 152 +#define CMP_R_UNSUPPORTED_CIPHER 153 +#define CMP_R_UNSUPPORTED_KEY_TYPE 154 +#define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC 155 +#define CMP_R_WRONG_ALGORITHM_OID 156 + +#ifdef __cplusplus +} +#endif +#endif Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_asn.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_asn.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_asn.c (revision 764) @@ -0,0 +1,361 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ +/* cmp_asn.c + * OpenSSL ASN.1 definitions for CMP (RFC 4210) + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + + +#include +#include +#include +#include + +ASN1_SEQUENCE(CMP_REVANNCONTENT) = { + /* CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */ + ASN1_SIMPLE(CMP_REVANNCONTENT, status, ASN1_INTEGER), + ASN1_SIMPLE(CMP_REVANNCONTENT, certId, CRMF_CERTID), + ASN1_SIMPLE(CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME), + ASN1_SIMPLE(CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME), + ASN1_OPT(CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS) +} ASN1_SEQUENCE_END(CMP_REVANNCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(CMP_REVANNCONTENT) + + +ASN1_SEQUENCE(CMP_CHALLENGE) = { + ASN1_OPT(CMP_CHALLENGE, owf, X509_ALGOR), + ASN1_SIMPLE(CMP_CHALLENGE, whitness, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMP_CHALLENGE, challenge, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMP_CHALLENGE) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CHALLENGE) + + +ASN1_ITEM_TEMPLATE(CMP_POPODECKEYCHALLCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_POPODECKEYCHALLCONTENT, CMP_CHALLENGE) +ASN1_ITEM_TEMPLATE_END(CMP_POPODECKEYCHALLCONTENT) + + +ASN1_ITEM_TEMPLATE(CMP_POPODECKEYRESPCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE_END(CMP_POPODECKEYRESPCONTENT) + + +ASN1_SEQUENCE(CMP_CAKEYUPDANNCONTENT) = { + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_SIMPLE(CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_SIMPLE(CMP_CAKEYUPDANNCONTENT, newWithOld, X509), + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_SIMPLE(CMP_CAKEYUPDANNCONTENT, newWithNew, X509) +} ASN1_SEQUENCE_END(CMP_CAKEYUPDANNCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CAKEYUPDANNCONTENT) + + +ASN1_SEQUENCE(CMP_ERRORMSGCONTENT) = { + ASN1_SIMPLE(CMP_ERRORMSGCONTENT, pKIStatusInfo, CMP_PKISTATUSINFO), + ASN1_OPT(CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), + /* CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING so it is used directly */ + ASN1_SEQUENCE_OF_OPT(CMP_ERRORMSGCONTENT, errorDetails, ASN1_UTF8STRING) +} ASN1_SEQUENCE_END(CMP_ERRORMSGCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(CMP_ERRORMSGCONTENT) + +ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.other, ASN1_ANY); +ASN1_ADB(CMP_INFOTYPEANDVALUE) = { + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.caProtEncCert, X509)), + ADB_ENTRY(NID_id_it_signKeyPairTypes,ASN1_SEQUENCE_OF_OPT(CMP_INFOTYPEANDVALUE, infoValue.signKeyPairTypes, X509_ALGOR)), + ADB_ENTRY(NID_id_it_encKeyPairTypes, ASN1_SEQUENCE_OF_OPT(CMP_INFOTYPEANDVALUE, infoValue.encKeyPairTypes, X509_ALGOR)), + ADB_ENTRY(NID_id_it_preferredSymmAlg,ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.preferredSymmAlg, X509_ALGOR)), + ADB_ENTRY(NID_id_it_caKeyUpdateInfo, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.caKeyUpdateInfo, CMP_CAKEYUPDANNCONTENT)), + ADB_ENTRY(NID_id_it_currentCRL, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.currentCRL, X509_CRL)), + ADB_ENTRY(NID_id_it_unsupportedOIDs, ASN1_SEQUENCE_OF_OPT(CMP_INFOTYPEANDVALUE, infoValue.unsupportedOIDs, ASN1_OBJECT)), + ADB_ENTRY(NID_id_it_keyPairParamReq, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.keyPairParamReq, ASN1_OBJECT)), + ADB_ENTRY(NID_id_it_keyPairParamRep, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.keyPairParamRep, X509_ALGOR)), + ADB_ENTRY(NID_id_it_revPassphrase, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.revPassphrase, CRMF_ENCRYPTEDVALUE)), + ADB_ENTRY(NID_id_it_implicitConfirm, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.implicitConfirm, ASN1_NULL)), + ADB_ENTRY(NID_id_it_confirmWaitTime, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.confirmWaitTime, ASN1_GENERALIZEDTIME)), + ADB_ENTRY(NID_id_it_origPKIMessage, ASN1_OPT(CMP_INFOTYPEANDVALUE, infoValue.origPKIMessage, CMP_PKIMESSAGES)), + ADB_ENTRY(NID_id_it_suppLangTags, ASN1_SEQUENCE_OF_OPT(CMP_INFOTYPEANDVALUE, infoValue.suppLangTagsValue, ASN1_UTF8STRING)), +#if 0 + /* this is what CL likes for KUR - not in the RFC */ + ADB_ENTRY(NID_id_smime_aa_signingCertificate, ASN1_SET_OF(CMP_INFOTYPEANDVALUE, infoValue.signingCertificate, ESS_SIGNING_CERT)) + /* this is how signingCertificate should probably be actually used */ + /* ADB_ENTRY(NID_id_smime_aa_signingCertificate, ASN1_SIMPLE(CMP_INFOTYPEANDVALUE, infoValue.signingCertificate, ESS_SIGNING_CERT)) */ +#endif +} ASN1_ADB_END(CMP_INFOTYPEANDVALUE, 0, infoType, 0, &infotypeandvalue_default_tt, NULL); + + +ASN1_SEQUENCE(CMP_INFOTYPEANDVALUE) = { + ASN1_SIMPLE(CMP_INFOTYPEANDVALUE, infoType, ASN1_OBJECT), + ASN1_ADB_OBJECT(CMP_INFOTYPEANDVALUE) +} ASN1_SEQUENCE_END(CMP_INFOTYPEANDVALUE) +IMPLEMENT_ASN1_FUNCTIONS(CMP_INFOTYPEANDVALUE) + + +ASN1_CHOICE(CMP_CERTORENCCERT) = { + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_EXP(CMP_CERTORENCCERT, value.certificate, X509, 0), + ASN1_EXP(CMP_CERTORENCCERT, value.encryptedCert, CRMF_ENCRYPTEDVALUE, 1), +} ASN1_CHOICE_END(CMP_CERTORENCCERT) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CERTORENCCERT) + + +ASN1_SEQUENCE(CMP_CERTIFIEDKEYPAIR) = { + ASN1_SIMPLE(CMP_CERTIFIEDKEYPAIR, certOrEncCert, CMP_CERTORENCCERT), + ASN1_EXP_OPT(CMP_CERTIFIEDKEYPAIR, privateKey, CRMF_ENCRYPTEDVALUE,0), + ASN1_EXP_OPT(CMP_CERTIFIEDKEYPAIR, failInfo, CRMF_PKIPUBLICATIONINFO,1) +} ASN1_SEQUENCE_END(CMP_CERTIFIEDKEYPAIR) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CERTIFIEDKEYPAIR) + + +ASN1_SEQUENCE(CMP_REVDETAILS) = { + ASN1_SIMPLE(CMP_REVDETAILS, certDetails, CRMF_CERTTEMPLATE), + ASN1_OPT(CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) +} ASN1_SEQUENCE_END(CMP_REVDETAILS) +IMPLEMENT_ASN1_FUNCTIONS(CMP_REVDETAILS) + + +ASN1_ITEM_TEMPLATE(CMP_REVREQCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_REVREQCONTENT, CMP_REVDETAILS) +ASN1_ITEM_TEMPLATE_END(CMP_REVREQCONTENT) + + +ASN1_SEQUENCE(CMP_REVREPCONTENT) = { + ASN1_SEQUENCE_OF(CMP_REVREPCONTENT, status, CMP_PKISTATUSINFO), + ASN1_EXP_SEQUENCE_OF_OPT(CMP_REVREPCONTENT, certId, CRMF_CERTID, 0), + ASN1_EXP_SEQUENCE_OF_OPT(CMP_REVREPCONTENT, crls, X509, 1) +} ASN1_SEQUENCE_END(CMP_REVREPCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(CMP_REVREPCONTENT) + + +ASN1_SEQUENCE(CMP_KEYRECREPCONTENT) = { + ASN1_SIMPLE(CMP_KEYRECREPCONTENT, status, CMP_PKISTATUSINFO), + ASN1_EXP_OPT(CMP_KEYRECREPCONTENT, newSigCert, X509, 0), + ASN1_EXP_SEQUENCE_OF_OPT(CMP_KEYRECREPCONTENT, caCerts, X509, 1), + ASN1_EXP_SEQUENCE_OF_OPT(CMP_KEYRECREPCONTENT, keyPairHist, X509, 2) +} ASN1_SEQUENCE_END(CMP_KEYRECREPCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(CMP_KEYRECREPCONTENT) + + +ASN1_ITEM_TEMPLATE(CMP_PKISTATUS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE_END(CMP_PKISTATUS) + +ASN1_SEQUENCE(CMP_PKISTATUSINFO) = { + ASN1_SIMPLE(CMP_PKISTATUSINFO, status, CMP_PKISTATUS), + /* CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING so it is used directly */ + ASN1_SEQUENCE_OF_OPT(CMP_PKISTATUSINFO, statusString, ASN1_UTF8STRING), + /* CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so it is used directly */ + ASN1_OPT(CMP_PKISTATUSINFO, failInfo, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(CMP_PKISTATUSINFO) +IMPLEMENT_ASN1_FUNCTIONS(CMP_PKISTATUSINFO) + + +ASN1_SEQUENCE(CMP_CERTSTATUS) = { + ASN1_SIMPLE(CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMP_CERTSTATUS, certReqId, ASN1_INTEGER), + ASN1_OPT(CMP_CERTSTATUS, statusInfo, CMP_PKISTATUSINFO) +} ASN1_SEQUENCE_END(CMP_CERTSTATUS) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CERTSTATUS) + +/* the PKCS10 structures are untested */ +ASN1_SEQUENCE(PKCS10_ATTRIBUTE) = { + ASN1_SIMPLE(PKCS10_ATTRIBUTE, id, ASN1_OBJECT), + ASN1_SEQUENCE_OF(PKCS10_ATTRIBUTE, values, ASN1_ANY), +} ASN1_SEQUENCE_END(PKCS10_ATTRIBUTE) +IMPLEMENT_ASN1_FUNCTIONS(PKCS10_ATTRIBUTE) + +ASN1_SEQUENCE(PKCS10_CERTIFICATIONREQUESTINFO) = { + ASN1_SIMPLE(PKCS10_CERTIFICATIONREQUESTINFO, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS10_CERTIFICATIONREQUESTINFO, subject, X509_NAME), + ASN1_SIMPLE(PKCS10_CERTIFICATIONREQUESTINFO, subjectPKInfo, X509_PUBKEY), + ASN1_IMP_SET_OF(PKCS10_CERTIFICATIONREQUESTINFO, attributes, PKCS10_ATTRIBUTE, 0), +} ASN1_SEQUENCE_END(PKCS10_CERTIFICATIONREQUESTINFO) +IMPLEMENT_ASN1_FUNCTIONS(PKCS10_CERTIFICATIONREQUESTINFO) + +ASN1_SEQUENCE(PKCS10_CERTIFICATIONREQUEST) = { + ASN1_SIMPLE(PKCS10_CERTIFICATIONREQUEST, certificationRequestInfo, PKCS10_CERTIFICATIONREQUESTINFO), + ASN1_SIMPLE(PKCS10_CERTIFICATIONREQUEST, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(PKCS10_CERTIFICATIONREQUEST, signature, ASN1_BIT_STRING), +} ASN1_SEQUENCE_END(PKCS10_CERTIFICATIONREQUEST) +IMPLEMENT_ASN1_FUNCTIONS(PKCS10_CERTIFICATIONREQUEST) + +ASN1_ITEM_TEMPLATE(CMP_CERTCONFIRMCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_CERTCONFIRMCONTENT, CMP_CERTSTATUS) +ASN1_ITEM_TEMPLATE_END(CMP_CERTCONFIRMCONTENT) + +ASN1_SEQUENCE(CMP_CERTRESPONSE) = { + ASN1_SIMPLE(CMP_CERTRESPONSE, certReqId, ASN1_INTEGER), + ASN1_SIMPLE(CMP_CERTRESPONSE, status, CMP_PKISTATUSINFO), + ASN1_OPT(CMP_CERTRESPONSE, certifiedKeyPair, CMP_CERTIFIEDKEYPAIR), + ASN1_OPT(CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(CMP_CERTRESPONSE) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CERTRESPONSE) + +ASN1_SEQUENCE(CMP_POLLREQ) = { + ASN1_SIMPLE(CMP_POLLREQ, certReqId, ASN1_INTEGER) +} ASN1_SEQUENCE_END(CMP_POLLREQ) +IMPLEMENT_ASN1_FUNCTIONS(CMP_POLLREQ) + +ASN1_ITEM_TEMPLATE(CMP_POLLREQCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_POLLREQCONTENT, CMP_POLLREQ) +ASN1_ITEM_TEMPLATE_END(CMP_POLLREQCONTENT) + +ASN1_SEQUENCE(CMP_POLLREP) = { + ASN1_SIMPLE(CMP_POLLREP, certReqId, ASN1_INTEGER), + ASN1_SIMPLE(CMP_POLLREP, checkAfter, ASN1_INTEGER), + ASN1_SEQUENCE_OF_OPT(CMP_POLLREP, reason, ASN1_UTF8STRING), +} ASN1_SEQUENCE_END(CMP_POLLREP) +IMPLEMENT_ASN1_FUNCTIONS(CMP_POLLREP) + +ASN1_ITEM_TEMPLATE(CMP_POLLREPCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_POLLREPCONTENT, CMP_POLLREP) +ASN1_ITEM_TEMPLATE_END(CMP_POLLREPCONTENT) + +ASN1_SEQUENCE(CMP_CERTREPMESSAGE) = { + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_EXP_SEQUENCE_OF_OPT(CMP_CERTREPMESSAGE, caPubs, X509,1), + ASN1_SEQUENCE_OF(CMP_CERTREPMESSAGE, response, CMP_CERTRESPONSE) +} ASN1_SEQUENCE_END(CMP_CERTREPMESSAGE) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CERTREPMESSAGE) + +ASN1_ITEM_TEMPLATE(CMP_GENMSGCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_GENMSGCONTENT, CMP_INFOTYPEANDVALUE) +ASN1_ITEM_TEMPLATE_END(CMP_GENMSGCONTENT) + +ASN1_ITEM_TEMPLATE(CMP_GENREPCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_GENREPCONTENT, CMP_INFOTYPEANDVALUE) +ASN1_ITEM_TEMPLATE_END(CMP_GENREPCONTENT) + +ASN1_ITEM_TEMPLATE(CMP_CRLANNCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_CRLANNCONTENT, X509_CRL) +ASN1_ITEM_TEMPLATE_END(CMP_CRLANNCONTENT) + +ASN1_CHOICE(CMP_PKIBODY) = { + ASN1_EXP(CMP_PKIBODY, value.ir, CRMF_CERTREQMESSAGES, 0), + ASN1_EXP(CMP_PKIBODY, value.ip, CMP_CERTREPMESSAGE, 1), + ASN1_EXP(CMP_PKIBODY, value.cr, CRMF_CERTREQMESSAGES, 2), + ASN1_EXP(CMP_PKIBODY, value.cp, CMP_CERTREPMESSAGE, 3), + ASN1_EXP(CMP_PKIBODY, value.p10cr, PKCS10_CERTIFICATIONREQUEST, 4), + ASN1_EXP(CMP_PKIBODY, value.popdecc, CMP_POPODECKEYCHALLCONTENT, 5), + ASN1_EXP(CMP_PKIBODY, value.popdecr, CMP_POPODECKEYRESPCONTENT, 6), + ASN1_EXP(CMP_PKIBODY, value.kur, CRMF_CERTREQMESSAGES, 7), + ASN1_EXP(CMP_PKIBODY, value.kup, CMP_CERTREPMESSAGE, 8), + ASN1_EXP(CMP_PKIBODY, value.krr, CRMF_CERTREQMESSAGES, 9), + ASN1_EXP(CMP_PKIBODY, value.krp, CMP_KEYRECREPCONTENT, 10), + ASN1_EXP(CMP_PKIBODY, value.rr, CMP_REVREQCONTENT, 11), + ASN1_EXP(CMP_PKIBODY, value.rp, CMP_REVREPCONTENT, 12), + ASN1_EXP(CMP_PKIBODY, value.ccr, CRMF_CERTREQMESSAGES, 13), + ASN1_EXP(CMP_PKIBODY, value.ccp, CMP_CERTREPMESSAGE, 14), + ASN1_EXP(CMP_PKIBODY, value.ckuann, CMP_CAKEYUPDANNCONTENT, 15), + ASN1_EXP(CMP_PKIBODY, value.cann, X509, 16), + ASN1_EXP(CMP_PKIBODY, value.rann, CMP_REVANNCONTENT, 17), + ASN1_EXP(CMP_PKIBODY, value.crlann, CMP_CRLANNCONTENT, 18), + ASN1_EXP(CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19), + ASN1_EXP(CMP_PKIBODY, value.nested, CMP_PKIMESSAGES, 20), + ASN1_EXP(CMP_PKIBODY, value.genm, CMP_GENMSGCONTENT, 21), + ASN1_EXP(CMP_PKIBODY, value.genp, CMP_GENREPCONTENT, 22), + ASN1_EXP(CMP_PKIBODY, value.error, CMP_ERRORMSGCONTENT, 23), + ASN1_EXP(CMP_PKIBODY, value.certConf, CMP_CERTCONFIRMCONTENT, 24), + ASN1_EXP(CMP_PKIBODY, value.pollReq, CMP_POLLREQCONTENT, 25), + ASN1_EXP(CMP_PKIBODY, value.pollRep, CMP_POLLREPCONTENT, 26), +} ASN1_CHOICE_END(CMP_PKIBODY) +IMPLEMENT_ASN1_FUNCTIONS(CMP_PKIBODY) + +ASN1_SEQUENCE(CMP_PKIHEADER) = { + ASN1_SIMPLE(CMP_PKIHEADER, pvno, ASN1_INTEGER), + ASN1_SIMPLE(CMP_PKIHEADER, sender, GENERAL_NAME), + ASN1_SIMPLE(CMP_PKIHEADER, recipient, GENERAL_NAME), + ASN1_EXP_OPT(CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME,0), + ASN1_EXP_OPT(CMP_PKIHEADER, protectionAlg, X509_ALGOR,1), + ASN1_EXP_OPT(CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING,2), + ASN1_EXP_OPT(CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING,3), + ASN1_EXP_OPT(CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING,4), + ASN1_EXP_OPT(CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING,5), + ASN1_EXP_OPT(CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING,6), + /* CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING so it is used directly */ + ASN1_EXP_SEQUENCE_OF_OPT(CMP_PKIHEADER, freeText, ASN1_UTF8STRING,7), + ASN1_EXP_SEQUENCE_OF_OPT(CMP_PKIHEADER, generalInfo, CMP_INFOTYPEANDVALUE,8) +} ASN1_SEQUENCE_END(CMP_PKIHEADER) +IMPLEMENT_ASN1_FUNCTIONS(CMP_PKIHEADER) + +ASN1_SEQUENCE(CMP_PROTECTEDPART) = { + ASN1_SIMPLE(CMP_PKIMESSAGE, header, CMP_PKIHEADER), + ASN1_SIMPLE(CMP_PKIMESSAGE, body, CMP_PKIBODY) +} ASN1_SEQUENCE_END(CMP_PROTECTEDPART) +IMPLEMENT_ASN1_FUNCTIONS(CMP_PROTECTEDPART); + +ASN1_SEQUENCE(CMP_PKIMESSAGE) = { + ASN1_SIMPLE(CMP_PKIMESSAGE, header, CMP_PKIHEADER), + ASN1_SIMPLE(CMP_PKIMESSAGE, body, CMP_PKIBODY), + ASN1_EXP_OPT(CMP_PKIMESSAGE, protection, ASN1_BIT_STRING,0), + /* CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_EXP_SEQUENCE_OF_OPT(CMP_PKIMESSAGE, extraCerts, X509,1) +} ASN1_SEQUENCE_END(CMP_PKIMESSAGE) +IMPLEMENT_ASN1_FUNCTIONS(CMP_PKIMESSAGE) + +ASN1_ITEM_TEMPLATE(CMP_PKIMESSAGES) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CMP_PKIMESSAGES, CMP_PKIMESSAGE) +ASN1_ITEM_TEMPLATE_END(CMP_PKIMESSAGES) + Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_ctx.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_ctx.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_ctx.c (revision 764) @@ -0,0 +1,1240 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ +/* crypto/cmp/cmp_ctx.c + * CMP (RFC 4210) context functions for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* NAMING + * The 0 version uses the supplied structure pointer directly in the parent and + * it will be freed up when the parent is freed. In the above example crl would + * be freed but rev would not. + * + * The 1 function uses a copy of the supplied structure pointer (or in some + * cases increases its link count) in the parent and so both (x and obj above) + * should be freed up. + */ + +/* OpenSSL ASN.1 macros in CTX struct */ +ASN1_SEQUENCE(CMP_CTX) = { + ASN1_OPT(CMP_CTX, referenceValue, ASN1_OCTET_STRING), + ASN1_OPT(CMP_CTX, secretValue, ASN1_OCTET_STRING), + ASN1_OPT(CMP_CTX, regToken, ASN1_UTF8STRING), + ASN1_OPT(CMP_CTX, srvCert, X509), + ASN1_OPT(CMP_CTX, clCert, X509), + ASN1_OPT(CMP_CTX, oldClCert, X509), + ASN1_OPT(CMP_CTX, subjectName, X509_NAME), + ASN1_SEQUENCE_OF_OPT(CMP_CTX, subjectAltNames, GENERAL_NAME), + ASN1_OPT(CMP_CTX, recipient, X509_NAME), + ASN1_SEQUENCE_OF_OPT(CMP_CTX, caPubs, X509), + ASN1_SEQUENCE_OF_OPT(CMP_CTX, extraCertsOut, X509), + ASN1_SEQUENCE_OF_OPT(CMP_CTX, extraCertsIn, X509), + ASN1_OPT(CMP_CTX, newClCert, X509), + ASN1_OPT(CMP_CTX, transactionID, ASN1_OCTET_STRING), + ASN1_OPT(CMP_CTX, recipNonce, ASN1_OCTET_STRING), + ASN1_OPT(CMP_CTX, validatedSrvCert, X509), + ASN1_SEQUENCE_OF_OPT(CMP_CTX, lastStatusString, ASN1_UTF8STRING), + ASN1_SEQUENCE_OF_OPT(CMP_CTX, policies, POLICYINFO), +} ASN1_SEQUENCE_END(CMP_CTX) +IMPLEMENT_ASN1_FUNCTIONS(CMP_CTX) + +/* ############################################################################ * + * Returns a duplicate of the given stack of X509 certificates. + * ############################################################################ */ +static STACK_OF(X509)* X509_stack_dup(const STACK_OF(X509)* stack) + { + STACK_OF(X509) *newsk = NULL; + int i; + + if (!stack) goto err; + if (!(newsk = sk_X509_new_null())) goto err; + + for (i = 0; i < sk_X509_num(stack); i++) + sk_X509_push(newsk, X509_dup(sk_X509_value(stack, i))); + + return newsk; +err: + return 0; + } + +/* ############################################################################ * + * Creates a copy of the given EVP_PKEY. + * TODO: is there really no other already existing way to do that? + * returns ptr to duplicated EVP_PKEY on success, NULL on error + * ############################################################################ */ +static EVP_PKEY *pkey_dup(const EVP_PKEY *pkey) + { + EVP_PKEY *pkeyDup = EVP_PKEY_new(); + if (!pkeyDup) goto err; + + switch (pkey->type) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + EVP_PKEY_set1_RSA(pkeyDup, pkey->pkey.rsa); + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + EVP_PKEY_set1_DSA(pkeyDup, pkey->pkey.dsa); + break; +#endif +#ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + EVP_PKEY_set1_DH(pkeyDup, pkey->pkey.dh); + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + EVP_PKEY_set1_EC_KEY(pkeyDup, pkey->pkey.ec); + break; +#endif + default: + CMPerr(CMP_F_PKEY_DUP, CMP_R_UNSUPPORTED_KEY_TYPE); + goto err; + } + return pkeyDup; + +err: + if (pkeyDup) EVP_PKEY_free(pkeyDup); + return NULL; + } + +/* ############################################################################ * + * Set certificate store containing root CA certs. + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_CTX_set0_trustedStore( CMP_CTX *ctx, X509_STORE *store) + { + if (!store) return 0; + if (ctx->trusted_store) + X509_STORE_free(ctx->trusted_store); + ctx->trusted_store = store; + return 1; + } + +/* ############################################################################ * + * Set certificate store containing intermediate certificates (for building + * our own cert chain to send in extraCerts). + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_CTX_set0_untrustedStore( CMP_CTX *ctx, X509_STORE *store) + { + if (!store) return 0; + if (ctx->untrusted_store) + X509_STORE_free(ctx->untrusted_store); + ctx->untrusted_store = store; + return 1; + } + +/* ################################################################ * + * Allocates and initializes a CMP_CTX context structure with some + * default values. + * OpenSSL ASN.1 types are initialized to NULL by the call to CMP_CTX_new() + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_init( CMP_CTX *ctx) + { + if (!ctx) + { + CMPerr(CMP_F_CMP_CTX_INIT, CMP_R_INVALID_CONTEXT); + goto err; + } + + /* all other elements are initialized through ASN1 macros */ + ctx->pkey = NULL; + ctx->newPkey = NULL; + ctx->serverName = NULL; + /* serverPath has to be an empty sting if not set since it is not mandatory */ + /* this will be freed by CMP_CTX_delete() */ + ctx->serverPath = OPENSSL_malloc(1); + ctx->serverPath[0] = 0; + ctx->serverPort = 0; + ctx->proxyName = NULL; + ctx->proxyPort = 0; + ctx->implicitConfirm = 0; + ctx->popoMethod = CRMF_POPO_SIGNATURE; + ctx->HttpTimeOut = 2*60; + ctx->setSubjectAltNameCritical = 0; + ctx->sourceAddress = NULL; + ctx->lastHTTPCode = 0; + ctx->useTLS = 0; + + ctx->error_cb = NULL; + ctx->debug_cb = (cmp_logfn_t) puts; + ctx->certConf_cb = NULL; + + ctx->trusted_store = X509_STORE_new(); + ctx->untrusted_store = X509_STORE_new(); + + ctx->maxPollTime = 0; + + ctx->lastPKIStatus = 0; + ctx->failInfoCode = 0; + + ctx->permitTAInExtraCertsForIR = 0; + ctx->validatedSrvCert = NULL; + + /* initialize OpenSSL */ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + ERR_load_crypto_strings(); + + return 1; + +err: + return 0; + } + +/* ################################################################ * + * frees CMP_CTX variables allocated in CMP_CTX_init and calls CMP_CTX_free + * ################################################################ */ +void CMP_CTX_delete(CMP_CTX *ctx) + { + if (!ctx) return; + if (ctx->pkey) EVP_PKEY_free(ctx->pkey); + if (ctx->newPkey) EVP_PKEY_free(ctx->newPkey); + + if (ctx->serverName) OPENSSL_free(ctx->serverName); + if (ctx->serverPath) OPENSSL_free(ctx->serverPath); + if (ctx->proxyName) OPENSSL_free(ctx->proxyName); + if (ctx->trusted_store) X509_STORE_free(ctx->trusted_store); + if (ctx->untrusted_store) X509_STORE_free(ctx->untrusted_store); + + CMP_CTX_free(ctx); + } + +/* ################################################################ * + * creates and initializes a CMP_CTX structure + * returns pointer to created CMP_CTX on success, NULL on error + * ################################################################ */ +CMP_CTX *CMP_CTX_create(void) + { + CMP_CTX *ctx=NULL; + + if( !(ctx = CMP_CTX_new())) goto err; + if( !(CMP_CTX_init(ctx))) goto err; + + return ctx; +err: + CMPerr(CMP_F_CMP_CTX_CREATE, CMP_R_UNABLE_TO_CREATE_CONTEXT); + if (ctx) CMP_CTX_free(ctx); + return NULL; + } + +/* ################################################################ * + * returns latest failInfoCode, -1 on error + * ################################################################ */ +unsigned long CMP_CTX_get_failInfoCode( CMP_CTX *ctx) + { + if (!ctx) goto err; + return ctx->failInfoCode; +err: + return -1; + } + +/* ################################################################ * + * returns the statusString from the last CertRepMessage, NULL on error + * ################################################################ */ +STACK_OF(ASN1_UTF8STRING) *CMP_CTX_statusString_get( CMP_CTX *ctx) + { + if (!ctx) goto err; + return ctx->lastStatusString; +err: + return NULL; + } + +/* ################################################################ * + * Set callback function for checking if the cert is ok or should + * it be rejected. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set_certConf_callback( CMP_CTX *ctx, cmp_certConfFn_t cb) + { + if (!ctx) goto err; + ctx->certConf_cb = cb; + return 1; +err: + return 0; + } + +/* ################################################################ * + * Set a callback function which will receive debug messages. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set_error_callback( CMP_CTX *ctx, cmp_logfn_t cb) + { + if (!ctx) goto err; + ctx->error_cb = cb; + return 1; +err: + return 0; + } + +/* ################################################################ * + * Set a callback function which will receive error messages. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set_debug_callback( CMP_CTX *ctx, cmp_logfn_t cb) + { + if (!ctx) goto err; + ctx->debug_cb = cb; + return 1; +err: + return 0; + } + +/* ################################################################ * + * Set the reference value to be used for identification (i.e. the + * username) when using PBMAC. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_referenceValue( CMP_CTX *ctx, const unsigned char *ref, size_t len) + { + if (!ctx || !ref) + { + CMPerr(CMP_F_CMP_CTX_SET1_REFERENCEVALUE, CMP_R_INVALID_PARAMETERS); + goto err; + } + + if (!ctx->referenceValue) + ctx->referenceValue = ASN1_OCTET_STRING_new(); + + return (ASN1_OCTET_STRING_set(ctx->referenceValue, ref, len)); +err: + return 0; + } + +/* ################################################################ * + * Set the password to be used for protecting messages with PBMAC + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_secretValue( CMP_CTX *ctx, const unsigned char *sec, const size_t len) + { + if (!ctx) goto err; + if (!sec) goto err; + + if (!ctx->secretValue) + ctx->secretValue = ASN1_OCTET_STRING_new(); + + return (ASN1_OCTET_STRING_set(ctx->secretValue, sec, len)); +err: + CMPerr(CMP_F_CMP_CTX_SET1_SECRETVALUE, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the registration token value (the password for EJBCA for example) + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_regToken( CMP_CTX *ctx, const char *regtoken, const size_t len) + { + if (!ctx) goto err; + if (!regtoken) goto err; + + if (!ctx->regToken) + ctx->regToken = ASN1_UTF8STRING_new(); + + return (ASN1_STRING_set(ctx->regToken, regtoken, len)); +err: + CMPerr(CMP_F_CMP_CTX_SET1_REGTOKEN, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Returns the stack of certificates received in a response message. + * The stack is duplicated so the caller must handle freeing it! + * returns pointer to created stack on success, NULL on error + * ################################################################ */ +STACK_OF(X509)* CMP_CTX_extraCertsIn_get1( CMP_CTX *ctx) + { + if (!ctx) goto err; + if (!ctx->extraCertsIn) return 0; + return X509_stack_dup(ctx->extraCertsIn); +err: + CMPerr(CMP_F_CMP_CTX_EXTRACERTSIN_GET1, CMP_R_NULL_ARGUMENT); + return NULL; + } + +/* ################################################################ * + * Pops and returns one certificate from the received extraCerts field + * returns pointer certificate on success, NULL on error + * ################################################################ */ +X509 *CMP_CTX_extraCertsIn_pop( CMP_CTX *ctx) + { + if (!ctx) goto err; + if (!ctx->extraCertsIn) return NULL; + return sk_X509_pop(ctx->extraCertsIn); +err: + CMPerr(CMP_F_CMP_CTX_EXTRACERTSIN_POP, CMP_R_NULL_ARGUMENT); + return NULL; + } + +/* ################################################################ * + * Returns the number of extraCerts received in a response, 0 on error + * TODO: should that return something else on error? + * ################################################################ */ +int CMP_CTX_extraCertsIn_num( CMP_CTX *ctx) + { + if (!ctx) goto err; + if (!ctx->extraCertsIn) return 0; + return sk_X509_num(ctx->extraCertsIn); +err: + CMPerr(CMP_F_CMP_CTX_EXTRACERTSIN_NUM, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Copies the given stack of inbound X509 certificates to extraCertsIn of + * the CMP_CTX structure so that they may be retrieved later. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_extraCertsIn( CMP_CTX *ctx, const STACK_OF(X509) *extraCertsIn) + { + if (!ctx) goto err; + if (!extraCertsIn) goto err; + + /* if there are already inbound extraCerts on the stack delete them */ + if (ctx->extraCertsIn) + { + sk_X509_pop_free(ctx->extraCertsIn, X509_free); + ctx->extraCertsIn = NULL; + } + + if (!(ctx->extraCertsIn = X509_stack_dup(extraCertsIn))) goto err; + + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_EXTRACERTSIN, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Duplicate and push the given X509 certificate to the stack of + * outbound certificates to send in the extraCerts field. + * returns number of pushed certificates on success, 0 on error + * ################################################################ */ +int CMP_CTX_extraCertsOut_push1( CMP_CTX *ctx, const X509 *val) + { + if (!ctx) goto err; + if (!ctx->extraCertsOut && !(ctx->extraCertsOut = sk_X509_new_null())) return 0; + return sk_X509_push(ctx->extraCertsOut, X509_dup((X509*)val)); +err: + CMPerr(CMP_F_CMP_CTX_EXTRACERTSOUT_PUSH1, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ############################################################################ * + * load all the intermediate certificates from the given stack into untrusted_store + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_CTX_loadUntrustedStack(CMP_CTX *ctx, STACK_OF(X509) *stack) + { + int i; + EVP_PKEY *pubkey; + X509 *cert; + + if (!stack) goto err; + if (!ctx->untrusted_store && !( ctx->untrusted_store = X509_STORE_new() )) + goto err; + + for (i = 0; i < sk_X509_num(stack); i++) + { + if(!(cert = sk_X509_value(stack, i))) goto err; + if(!(pubkey = X509_get_pubkey(cert))) continue; + + /* don't add self-signed certs here */ + if (!X509_verify(cert, pubkey)) + X509_STORE_add_cert(ctx->untrusted_store, cert); /* don't fail as adding existing certificate to store would cause error */ + EVP_PKEY_free(pubkey); + } + + return 1; +err: + return 0; + } + +/* ################################################################ * + * Return the number of certificates we have in the outbound + * extraCerts stack, 0 on error + * TODO: should that return something else on error? + * ################################################################ */ +int CMP_CTX_extraCertsOut_num( CMP_CTX *ctx) + { + if (!ctx) goto err; + if (!ctx->extraCertsOut) return 0; + return sk_X509_num(ctx->extraCertsOut); +err: + CMPerr(CMP_F_CMP_CTX_EXTRACERTSOUT_NUM, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Duplicate and set the given stack as the new stack of X509 + * certificates to send out in the extraCerts field. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_extraCertsOut( CMP_CTX *ctx, const STACK_OF(X509) *extraCertsOut) + { + if (!ctx) goto err; + if (!extraCertsOut) goto err; + + if (ctx->extraCertsOut) + { + sk_X509_pop_free(ctx->extraCertsOut, X509_free); + ctx->extraCertsOut = NULL; + } + + if (!(ctx->extraCertsOut = X509_stack_dup(extraCertsOut))) goto err; + + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_EXTRACERTSOUT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * CMP_CTX_policyOID_push1() adds the certificate policy OID given by the + * string to the X509_EXTENSIONS of the certificate template we are + * requesting. + * ################################################################ */ +int CMP_CTX_policyOID_push1( CMP_CTX *ctx, const char *policyOID) +{ + if (!ctx || !policyOID) goto err; + + if (!ctx->policies) + ctx->policies = CERTIFICATEPOLICIES_new(); + if (!ctx->policies) goto err; + + POLICYINFO *pol = POLICYINFO_new(); + if (!pol) goto err; + + pol->policyid = OBJ_txt2obj(policyOID, 1); + sk_POLICYINFO_push(ctx->policies, pol); + + return 1; + +err: + return 0; +} + + +/* ################################################################ * + * Returns a duplicate of the stack received X509 certificates that + * were received in the caPubs field of the last response message. + * returns NULL on error + * ################################################################ */ +STACK_OF(X509)* CMP_CTX_caPubs_get1( CMP_CTX *ctx) + { + if (!ctx) goto err; + if (!ctx->caPubs) return NULL; + return X509_stack_dup(ctx->caPubs); +err: + CMPerr(CMP_F_CMP_CTX_CAPUBS_GET1, CMP_R_NULL_ARGUMENT); + return NULL; + } + +/* ################################################################ * + * Pop one certificate out of the list of certificates received in + * the caPubs field, returns NULL on errror or when the stack is empty + * ################################################################ */ +X509 *CMP_CTX_caPubs_pop( CMP_CTX *ctx) + { + if (!ctx) goto err; + if (!ctx->caPubs) return NULL; + return sk_X509_pop(ctx->caPubs); +err: + CMPerr(CMP_F_CMP_CTX_CAPUBS_POP, CMP_R_NULL_ARGUMENT); + return NULL; + } + +/* ################################################################ * + * Return the number of certificates received in the caPubs field + * of the last response message, 0 on error + * TODO: should that return something else on error? + * ################################################################ */ +int CMP_CTX_caPubs_num( CMP_CTX *ctx) + { + if (!ctx) goto err; + if (!ctx->caPubs) return 0; + return sk_X509_num(ctx->caPubs); +err: + CMPerr(CMP_F_CMP_CTX_CAPUBS_NUM, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Duplciate and copy the given stack of certificates to the given + * CMP_CTX structure so that they may be retrieved later. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_caPubs( CMP_CTX *ctx, const STACK_OF(X509) *caPubs) + { + if (!ctx) goto err; + if (!caPubs) goto err; + + if (ctx->caPubs) + { + sk_X509_pop_free(ctx->caPubs, X509_free); + ctx->caPubs = NULL; + } + + if (!(ctx->caPubs = X509_stack_dup(caPubs))) goto err; + + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_CAPUBS, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Sets the CA certificate that is to be used for verifying response + * messages. Pointer is not consumed. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_srvCert( CMP_CTX *ctx, const X509 *cert) + { + if (!ctx) goto err; + if (!cert) goto err; + + if (ctx->srvCert) + { + X509_free(ctx->srvCert); + ctx->srvCert = NULL; + } + + if (!(ctx->srvCert = X509_dup( (X509*)cert))) goto err; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_SRVCERT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the X509 name of the recipient. Set in the PKIHeader. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_recipient( CMP_CTX *ctx, const X509_NAME *name) + { + if (!ctx) goto err; + if (!name) goto err; + + if (ctx->recipient) + { + X509_NAME_free(ctx->recipient); + ctx->recipient = NULL; + } + + if (!(ctx->recipient = X509_NAME_dup( (X509_NAME*)name))) goto err; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_RECIPIENT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the subject name that will be placed in the certificate + * request. This will be the subject name on the received certificate. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_subjectName( CMP_CTX *ctx, const X509_NAME *name) + { + if (!ctx) goto err; + if (!name) goto err; + + if (ctx->subjectName) + { + X509_NAME_free(ctx->subjectName); + ctx->subjectName = NULL; + } + + if (!(ctx->subjectName = X509_NAME_dup( (X509_NAME*)name))) goto err; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_SUBJECTNAME, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Push a GENERAL_NAME structure that will be added to the CRMF + * request's extensions field to request subject alternative names. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_subjectAltName_push1( CMP_CTX *ctx, const GENERAL_NAME *name) + { + if (!ctx) goto err; + if (!name) goto err; + + if (!ctx->subjectAltNames && !(ctx->subjectAltNames = sk_GENERAL_NAME_new_null())) + goto err; + + if (!sk_GENERAL_NAME_push(ctx->subjectAltNames, GENERAL_NAME_dup( (GENERAL_NAME*)name))) goto err; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SUBJECTALTNAME_PUSH1, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set our own client certificate, used for example in KUR and when + * doing the IR with existing certificate. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_clCert( CMP_CTX *ctx, const X509 *cert) + { + if (!ctx) goto err; + if (!cert) goto err; + + if (ctx->clCert) + { + X509_free(ctx->clCert); + ctx->clCert = NULL; + } + + if (!(ctx->clCert = X509_dup( (X509*)cert))) goto err; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_CLCERT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the old certificate that we are updating in KUR + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_oldClCert( CMP_CTX *ctx, const X509 *cert) + { + if (!ctx) goto err; + if (!cert) goto err; + + if (ctx->oldClCert) + { + X509_free(ctx->oldClCert); + ctx->oldClCert = NULL; + } + + if (!(ctx->oldClCert = X509_dup( (X509*)cert))) goto err; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_OLDCLCERT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * sets the (newly received in IP/KUP/CP) client Certificate to the context + * returns 1 on success, 0 on error + * TODO: this only permits for one client cert to be received... + * ################################################################ */ +int CMP_CTX_set1_newClCert( CMP_CTX *ctx, const X509 *cert) + { + if (!ctx) goto err; + if (!cert) goto err; + + if (ctx->newClCert) + { + X509_free(ctx->newClCert); + ctx->newClCert = NULL; + } + + if (!(ctx->newClCert = X509_dup( (X509*)cert))) goto err; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_NEWCLCERT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the client's private key. This creates a duplicate of the key + * so the given pointer is not used directly. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_pkey( CMP_CTX *ctx, const EVP_PKEY *pkey) + { + EVP_PKEY *pkeyDup = NULL; + if (!ctx) goto err; + if (!pkey) goto err; + + pkeyDup = pkey_dup(pkey);; + return CMP_CTX_set0_pkey(ctx, pkeyDup); + +err: + if (pkeyDup) EVP_PKEY_free(pkeyDup); + CMPerr(CMP_F_CMP_CTX_SET1_PKEY, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the client's current private key. NOTE: this version uses + * the given pointer directly! + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set0_pkey( CMP_CTX *ctx, const EVP_PKEY *pkey) + { + if (!ctx) goto err; + if (!pkey) goto err; + + if (ctx->pkey) + { + EVP_PKEY_free(ctx->pkey); + ctx->pkey = NULL; + } + + ctx->pkey = (EVP_PKEY*) pkey; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET0_PKEY, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set new key pa8r. Used for example when doing Key Update. + * The key is duplicated so the original pointer is not directly used. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_newPkey( CMP_CTX *ctx, const EVP_PKEY *pkey) + { + EVP_PKEY *pkeyDup = NULL; + if (!ctx) goto err; + if (!pkey) goto err; + + pkeyDup = pkey_dup(pkey); + return CMP_CTX_set0_newPkey(ctx, pkeyDup); + +err: + if (pkeyDup) EVP_PKEY_free(pkeyDup); + CMPerr(CMP_F_CMP_CTX_SET1_NEWPKEY, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set new key pair. Used e.g. when doing Key Update. + * NOTE: uses the pointer directly! + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set0_newPkey( CMP_CTX *ctx, const EVP_PKEY *pkey) + { + if (!ctx) goto err; + if (!pkey) goto err; + + if (ctx->newPkey) + { + EVP_PKEY_free(ctx->newPkey); + ctx->newPkey = NULL; + } + + ctx->newPkey = (EVP_PKEY*) pkey; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET0_NEWPKEY, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * sets the given transactionID to the context + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_transactionID( CMP_CTX *ctx, const ASN1_OCTET_STRING *id) + { + if (!ctx) goto err; + if (!id) goto err; + + if (ctx->transactionID) + { + ASN1_OCTET_STRING_free(ctx->transactionID); + ctx->transactionID = NULL; + } + + if (!(ctx->transactionID = ASN1_OCTET_STRING_dup((ASN1_OCTET_STRING *)id))) + return 0; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_TRANSACTIONID, CMP_R_NULL_ARGUMENT); + return 0; + } + + +/* ################################################################ * + * sets the given nonce to be used for the recipNonce in the next message to be + * created. + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_recipNonce( CMP_CTX *ctx, const ASN1_OCTET_STRING *nonce) + { + if (!ctx) goto err; + if (!nonce) goto err; + + if (ctx->recipNonce) + { + ASN1_OCTET_STRING_free(ctx->recipNonce); + ctx->recipNonce = NULL; + } + + if (!(ctx->recipNonce = ASN1_OCTET_STRING_dup((ASN1_OCTET_STRING *)nonce))) + return 0; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_RECIPNONCE, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the hostname of the (HTTP) proxy server to use for all connections + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_proxyName( CMP_CTX *ctx, const char *name) + { + if (!ctx) goto err; + if (!name) goto err; + + if (ctx->proxyName) + { + OPENSSL_free( ctx->proxyName); + ctx->proxyName = NULL; + } + + ctx->proxyName = OPENSSL_malloc( strlen(name)+1); + strcpy( ctx->proxyName, name); + + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_PROXYNAME, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the (HTTP) hostname of the CA server + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_serverName( CMP_CTX *ctx, const char *name) + { + if (!ctx) goto err; + if (!name) goto err; + + if (ctx->serverName) + { + OPENSSL_free( ctx->serverName); + ctx->serverName = NULL; + } + + ctx->serverName = OPENSSL_malloc( strlen(name)+1); + strcpy( ctx->serverName, name); + + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_SERVERNAME, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Sets the proof of possession method to be used when creating a certTemplate + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_popoMethod( CMP_CTX *ctx, int method) + { + if (!ctx) goto err; + + ctx->popoMethod = method; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_POPOMETHOD, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * sets the timeout for the (HTTP) transport mechanism + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set_HttpTimeOut( CMP_CTX *ctx, int time) + { + if (!ctx) goto err; + + ctx->HttpTimeOut = time; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET_HTTPTIMEOUT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * sets the (HTTP) proxy port to be used + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_proxyPort( CMP_CTX *ctx, int port) + { + if (!ctx) goto err; + + ctx->proxyPort = port; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_PROXYPORT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * sets the (HTTP) server port to be used + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_sourceAddress( CMP_CTX *ctx, const char *ip) + { + if (!ctx) goto err; + if (!ip) goto err; + + if (ctx->sourceAddress) + { + OPENSSL_free( ctx->sourceAddress); + ctx->sourceAddress = NULL; + } + + ctx->sourceAddress = OPENSSL_malloc( strlen(ip)+1); + strcpy( ctx->sourceAddress, ip); + + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_SOURCEADDRESS, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * sets the (HTTP) server port to be used + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_serverPort( CMP_CTX *ctx, int port) + { + if (!ctx) goto err; + + ctx->serverPort = port; + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_SERVERPORT, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Sets the HTTP path to be used on the server (e.g "pkix/") + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set1_serverPath( CMP_CTX *ctx, const char *path) + { + if (!ctx) goto err; + + if (ctx->serverPath) + { + /* clear the old value */ + OPENSSL_free( ctx->serverPath); + ctx->serverPath = 0; + } + + if (!path) + { + /* clear the serverPath */ + ctx->serverPath = OPENSSL_malloc(1); + ctx->serverPath[0] = 0; + return 1; + } + + ctx->serverPath = OPENSSL_malloc( strlen(path)+1); + strcpy( ctx->serverPath, path); + + return 1; +err: + CMPerr(CMP_F_CMP_CTX_SET1_SERVERPATH, CMP_R_NULL_ARGUMENT); + return 0; + } + +/* ################################################################ * + * Set the failinfo error code bits in CMP_CTX based on the given + * CMP_PKIFAILUREINFO structure + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set_failInfoCode(CMP_CTX *ctx, CMP_PKIFAILUREINFO *failInfo) + { + int i; + + if (!ctx || !failInfo) return 0; + + ctx->failInfoCode = 0; + for ( i=0; i <= CMP_PKIFAILUREINFO_MAX; i++) + if( ASN1_BIT_STRING_get_bit(failInfo, i)) + ctx->failInfoCode |= 1 << i; + + return 1; + } + +/* ################################################################ * + * Get the failinfo error code bits in CMP_CTX + * returns bitstring in ulong on success, -1 on error + * ################################################################ */ +unsigned long CMP_CTX_failInfoCode_get(CMP_CTX *ctx) + { + if (!ctx) return -1; + return ctx->failInfoCode; + } + +#if 0 +/* ################################################################ * + * pushes a given 0-terminated character string to ctx->freeText + * this is inteded for human consumption + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_push_freeText( CMP_CTX *ctx, const char *text) + { + ASN1_UTF8STRING *utf8string=NULL; + + if (!ctx) goto err; + if (!text) goto err; + + if (!ctx->freeText) + if( !(ctx->freeText = sk_ASN1_UTF8STRING_new())) goto err; + + if( !(utf8string = ASN1_UTF8STRING_new())) goto err; + ASN1_UTF8STRING_set(utf8string, text, strlen(text)); + if( !(sk_ASN1_UTF8STRING_push(ctx->freeText, utf8string) goto err; + return 1;/ +err: + CMP_printf( "ERROR in FILE: %s, LINE: %d\n", __FILE__, __LINE__); + if (utf8string) ASN1_UTF8STRING_free(utf8string); + return 0; + } +#endif + +/* ################################################################ * + * sets a BOOLEAN option of the context to the "val" arg + * returns 1 on success, 0 on error + * ################################################################ */ +int CMP_CTX_set_option( CMP_CTX *ctx, const int opt, const int val) + { + if (!ctx) goto err; + + switch (opt) + { + case CMP_CTX_OPT_IMPLICITCONFIRM: + ctx->implicitConfirm = val; + break; + case CMP_CTX_OPT_POPMETHOD: + ctx->popoMethod = val; + break; + case CMP_CTX_OPT_MAXPOLLTIME: + ctx->maxPollTime = val; + break; + case CMP_CTX_PERMIT_TA_IN_EXTRACERTS_FOR_IR: + ctx->permitTAInExtraCertsForIR = val; + break; + case CMP_CTX_SET_SUBJECTALTNAME_CRITICAL: + ctx->setSubjectAltNameCritical = val; + break; + case CMP_CTX_USE_TLS: + ctx->useTLS = val; + break; + default: + goto err; + } + + return 1; +err: + return 0; + } + +/* ################################################################ * + * Function used for printing debug messages if debug_cb is set + * (CMP_CTX_INIT defaults to puts) + * ################################################################ */ +void CMP_printf(const CMP_CTX *ctx, const char *fmt, ...) + { +#ifdef CMP_DEBUG + va_list arg_ptr; + char buf[1024]; + + if (!ctx || !ctx->debug_cb) return; + + va_start(arg_ptr, fmt); + + vsnprintf(buf, sizeof(buf), fmt, arg_ptr); + ctx->debug_cb(buf); + + va_end(arg_ptr); +#endif + } + +/* ############################################################################ * + * This callback is used to print out the OpenSSL error queue via' + * ERR_print_errors_cb() to the ctx->error_cb() function set by the user + * returns always 1 + * ############################################################################ */ +int CMP_CTX_error_callback(const char *str, size_t len, void *u) + { + CMP_CTX *ctx = (CMP_CTX*) u; + if (ctx && ctx->error_cb) + ctx->error_cb(str); + return 1; + } + Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_err.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_err.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_err.c (revision 764) @@ -0,0 +1,221 @@ +/* crypto/cmp/cmp_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMP,0,reason) + +static ERR_STRING_DATA CMP_str_functs[]= + { +{ERR_FUNC(CMP_F_CMP_CALC_PROTECTION_PBMAC), "CMP_calc_protection_pbmac"}, +{ERR_FUNC(CMP_F_CMP_CALC_PROTECTION_SIG), "CMP_CALC_PROTECTION_SIG"}, +{ERR_FUNC(CMP_F_CMP_CERTCONF_NEW), "CMP_certConf_new"}, +{ERR_FUNC(CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1), "CMP_CERTREPMESSAGE_ENCCERT_GET1"}, +{ERR_FUNC(CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE), "CMP_CERTREPMESSAGE_get_certificate"}, +{ERR_FUNC(CMP_F_CMP_CERTREPMESSAGE_PKIFAILUREINFOSTRING_GET0), "CMP_CERTREPMESSAGE_PKIFailureInfoString_get0"}, +{ERR_FUNC(CMP_F_CMP_CERTREPMESSAGE_PKIFAILUREINFO_GET0), "CMP_CERTREPMESSAGE_PKIFailureInfo_get0"}, +{ERR_FUNC(CMP_F_CMP_CERTREPMESSAGE_PKISTATUSSTRING_GET0), "CMP_CERTREPMESSAGE_PKIStatusString_get0"}, +{ERR_FUNC(CMP_F_CMP_CERTREPMESSAGE_PKISTATUS_GET), "CMP_CERTREPMESSAGE_PKIStatus_get"}, +{ERR_FUNC(CMP_F_CMP_CERTSTATUS_SET_CERTHASH), "CMP_CERTSTATUS_set_certHash"}, +{ERR_FUNC(CMP_F_CMP_CR_NEW), "CMP_cr_new"}, +{ERR_FUNC(CMP_F_CMP_CTX_CAPUBS_GET1), "CMP_CTX_caPubs_get1"}, +{ERR_FUNC(CMP_F_CMP_CTX_CAPUBS_NUM), "CMP_CTX_caPubs_num"}, +{ERR_FUNC(CMP_F_CMP_CTX_CAPUBS_POP), "CMP_CTX_caPubs_pop"}, +{ERR_FUNC(CMP_F_CMP_CTX_CREATE), "CMP_CTX_create"}, +{ERR_FUNC(CMP_F_CMP_CTX_EXTRACERTSIN_GET1), "CMP_CTX_extraCertsIn_get1"}, +{ERR_FUNC(CMP_F_CMP_CTX_EXTRACERTSIN_NUM), "CMP_CTX_extraCertsIn_num"}, +{ERR_FUNC(CMP_F_CMP_CTX_EXTRACERTSIN_POP), "CMP_CTX_extraCertsIn_pop"}, +{ERR_FUNC(CMP_F_CMP_CTX_EXTRACERTSOUT_NUM), "CMP_CTX_extraCertsOut_num"}, +{ERR_FUNC(CMP_F_CMP_CTX_EXTRACERTSOUT_PUSH1), "CMP_CTX_extraCertsOut_push1"}, +{ERR_FUNC(CMP_F_CMP_CTX_INIT), "CMP_CTX_init"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET0_NEWPKEY), "CMP_CTX_set0_newPkey"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET0_PKEY), "CMP_CTX_set0_pkey"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_CAPUBS), "CMP_CTX_set1_caPubs"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_CLCERT), "CMP_CTX_set1_clCert"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_EXTRACERTSIN), "CMP_CTX_set1_extraCertsIn"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_EXTRACERTSOUT), "CMP_CTX_set1_extraCertsOut"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_NEWCLCERT), "CMP_CTX_set1_newClCert"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_NEWPKEY), "CMP_CTX_set1_newPkey"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_OLDCLCERT), "CMP_CTX_SET1_OLDCLCERT"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_PKEY), "CMP_CTX_set1_pkey"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_POPOMETHOD), "CMP_CTX_set1_popoMethod"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_PROXYNAME), "CMP_CTX_set1_proxyName"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_PROXYPORT), "CMP_CTX_set1_proxyPort"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_RECIPIENT), "CMP_CTX_set1_recipient"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_RECIPNONCE), "CMP_CTX_set1_recipNonce"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_REFERENCEVALUE), "CMP_CTX_set1_referenceValue"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_REGTOKEN), "CMP_CTX_set1_regToken"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_SECRETVALUE), "CMP_CTX_set1_secretValue"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_SERVERNAME), "CMP_CTX_set1_serverName"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_SERVERPATH), "CMP_CTX_set1_serverPath"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_SERVERPORT), "CMP_CTX_set1_serverPort"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_SOURCEADDRESS), "CMP_CTX_set1_sourceAddress"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_SRVCERT), "CMP_CTX_set1_srvCert"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_SUBJECTNAME), "CMP_CTX_set1_subjectName"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET1_TRANSACTIONID), "CMP_CTX_set1_transactionID"}, +{ERR_FUNC(CMP_F_CMP_CTX_SET_HTTPTIMEOUT), "CMP_CTX_SET_HTTPTIMEOUT"}, +{ERR_FUNC(CMP_F_CMP_CTX_SUBJECTALTNAME_PUSH1), "CMP_CTX_subjectAltName_push1"}, +{ERR_FUNC(CMP_F_CMP_DOCERTIFICATEREQUESTSEQ), "CMP_doCertificateRequestSeq"}, +{ERR_FUNC(CMP_F_CMP_DOGENERALMESSAGESEQ), "CMP_doGeneralMessageSeq"}, +{ERR_FUNC(CMP_F_CMP_DOINITIALREQUESTSEQ), "CMP_doInitialRequestSeq"}, +{ERR_FUNC(CMP_F_CMP_DOKEYUPDATEREQUESTSEQ), "CMP_doKeyUpdateRequestSeq"}, +{ERR_FUNC(CMP_F_CMP_DOREVOCATIONREQUESTSEQ), "CMP_doRevocationRequestSeq"}, +{ERR_FUNC(CMP_F_CMP_GENM_NEW), "CMP_genm_new"}, +{ERR_FUNC(CMP_F_CMP_IR_NEW), "CMP_ir_new"}, +{ERR_FUNC(CMP_F_CMP_KUR_NEW), "CMP_kur_new"}, +{ERR_FUNC(CMP_F_CMP_NEW_HTTP_BIO), "CMP_NEW_HTTP_BIO"}, +{ERR_FUNC(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM), "CMP_PKIMESSAGE_http_perform"}, +{ERR_FUNC(CMP_F_CMP_PKIMESSAGE_PARSE_ERROR_MSG), "CMP_PKIMESSAGE_parse_error_msg"}, +{ERR_FUNC(CMP_F_CMP_PKIMESSAGE_PROTECT), "CMP_PKIMESSAGE_protect"}, +{ERR_FUNC(CMP_F_CMP_PKISTATUSINFO_PKISTATUS_GET_STRING), "CMP_PKISTATUSINFO_PKISTATUS_GET_STRING"}, +{ERR_FUNC(CMP_F_CMP_POLLREQ_NEW), "CMP_pollReq_new"}, +{ERR_FUNC(CMP_F_CMP_REVREPCONTENT_PKISTATUS_GET), "CMP_REVREPCONTENT_PKIStatus_get"}, +{ERR_FUNC(CMP_F_CMP_RR_NEW), "CMP_rr_new"}, +{ERR_FUNC(CMP_F_CMP_VALIDATE_CERT_PATH), "CMP_VALIDATE_CERT_PATH"}, +{ERR_FUNC(CMP_F_CMP_VALIDATE_MSG), "CMP_validate_msg"}, +{ERR_FUNC(CMP_F_CMP_VERIFY_SIGNATURE), "CMP_VERIFY_SIGNATURE"}, +{ERR_FUNC(CMP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, +{ERR_FUNC(CMP_F_PKEY_DUP), "PKEY_DUP"}, +{ERR_FUNC(CMP_F_POLLFORRESPONSE), "POLLFORRESPONSE"}, +{ERR_FUNC(CMP_F_SENDCERTCONF), "SENDCERTCONF"}, +{0,NULL} + }; + +static ERR_STRING_DATA CMP_str_reasons[]= + { +{ERR_REASON(CMP_R_ALGORITHM_NOT_SUPPORTED),"algorithm not supported"}, +{ERR_REASON(CMP_R_CERTIFICATE_NOT_FOUND) ,"certificate not found"}, +{ERR_REASON(CMP_R_CP_NOT_RECEIVED) ,"cp not received"}, +{ERR_REASON(CMP_R_CURL_ERROR) ,"curl error"}, +{ERR_REASON(CMP_R_ERROR_CALCULATING_PROTECTION),"error calculating protection"}, +{ERR_REASON(CMP_R_ERROR_CREATING_CERTCONF),"error creating certconf"}, +{ERR_REASON(CMP_R_ERROR_CREATING_CR) ,"error creating cr"}, +{ERR_REASON(CMP_R_ERROR_CREATING_GENM) ,"error creating genm"}, +{ERR_REASON(CMP_R_ERROR_CREATING_IR) ,"error creating ir"}, +{ERR_REASON(CMP_R_ERROR_CREATING_KUR) ,"error creating kur"}, +{ERR_REASON(CMP_R_ERROR_CREATING_POLLREQ),"error creating pollreq"}, +{ERR_REASON(CMP_R_ERROR_CREATING_RR) ,"error creating rr"}, +{ERR_REASON(CMP_R_ERROR_DECODING_CERTIFICATE),"error decoding certificate"}, +{ERR_REASON(CMP_R_ERROR_DECRYPTING_CERTIFICATE),"error decrypting certificate"}, +{ERR_REASON(CMP_R_ERROR_DECRYPTING_ENCCERT),"error decrypting enccert"}, +{ERR_REASON(CMP_R_ERROR_DECRYPTING_KEY) ,"error decrypting key"}, +{ERR_REASON(CMP_R_ERROR_DECRYPTING_SYMMETRIC_KEY),"error decrypting symmetric key"}, +{ERR_REASON(CMP_R_ERROR_NONCES_DO_NOT_MATCH),"error nonces do not match"}, +{ERR_REASON(CMP_R_ERROR_PARSING_ERROR_MESSAGE),"error parsing error message"}, +{ERR_REASON(CMP_R_ERROR_PARSING_PKISTATUS),"error parsing pkistatus"}, +{ERR_REASON(CMP_R_ERROR_PROTECTING_MESSAGE),"error protecting message"}, +{ERR_REASON(CMP_R_ERROR_REQID_NOT_FOUND) ,"error reqid not found"}, +{ERR_REASON(CMP_R_ERROR_SETTING_CERTHASH),"error setting certhash"}, +{ERR_REASON(CMP_R_ERROR_VALIDATING_PROTECTION),"error validating protection"}, +{ERR_REASON(CMP_R_FAILED_TO_DECODE_PKIMESSAGE),"failed to decode pkimessage"}, +{ERR_REASON(CMP_R_GENP_NOT_RECEIVED) ,"genp not received"}, +{ERR_REASON(CMP_R_INVALID_ARGS) ,"invalid args"}, +{ERR_REASON(CMP_R_INVALID_CONTENT_TYPE) ,"invalid content type"}, +{ERR_REASON(CMP_R_INVALID_CONTEXT) ,"invalid context"}, +{ERR_REASON(CMP_R_INVALID_KEY) ,"invalid key"}, +{ERR_REASON(CMP_R_INVALID_PARAMETERS) ,"invalid parameters"}, +{ERR_REASON(CMP_R_IP_NOT_RECEIVED) ,"ip not received"}, +{ERR_REASON(CMP_R_KUP_NOT_RECEIVED) ,"kup not received"}, +{ERR_REASON(CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION),"missing key input for creating protection"}, +{ERR_REASON(CMP_R_NO_CERTIFICATE_RECEIVED),"no certificate received"}, +{ERR_REASON(CMP_R_NO_SECRET_VALUE_GIVEN_FOR_PBMAC),"no secret value given for pbmac"}, +{ERR_REASON(CMP_R_NO_TRUSTED_CERTIFICATES_SET),"no trusted certificates set"}, +{ERR_REASON(CMP_R_NO_VALID_SRVCERT_FOUND),"no valid srvcert found"}, +{ERR_REASON(CMP_R_NULL_ARGUMENT) ,"null argument"}, +{ERR_REASON(CMP_R_PKIBODY_ERROR) ,"pkibody error"}, +{ERR_REASON(CMP_R_PKICONF_NOT_RECEIVED) ,"pkiconf not received"}, +{ERR_REASON(CMP_R_POLLREP_NOT_RECEIVED) ,"pollrep not received"}, +{ERR_REASON(CMP_R_REQUEST_REJECTED_BY_CA),"request rejected by ca"}, +{ERR_REASON(CMP_R_RP_NOT_RECEIVED) ,"rp not received"}, +{ERR_REASON(CMP_R_SERVER_NOT_REACHABLE) ,"server not reachable"}, +{ERR_REASON(CMP_R_SERVER_RESPONSE_ERROR) ,"server response error"}, +{ERR_REASON(CMP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, +{ERR_REASON(CMP_R_UNABLE_TO_CREATE_CONTEXT),"unable to create context"}, +{ERR_REASON(CMP_R_UNEXPECTED_PKISTATUS) ,"unexpected pkistatus"}, +{ERR_REASON(CMP_R_UNKNOWN_ALGORITHM_ID) ,"unknown algorithm id"}, +{ERR_REASON(CMP_R_UNKNOWN_CERTTYPE) ,"unknown certtype"}, +{ERR_REASON(CMP_R_UNKNOWN_PKISTATUS) ,"unknown pkistatus"}, +{ERR_REASON(CMP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"}, +{ERR_REASON(CMP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +{ERR_REASON(CMP_R_UNSUPPORTED_KEY_TYPE) ,"unsupported key type"}, +{ERR_REASON(CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC),"unsupported protection alg dhbasedmac"}, +{ERR_REASON(CMP_R_WRONG_ALGORITHM_OID) ,"wrong algorithm oid"}, +{0,NULL} + }; + +#endif + +void ERR_load_CMP_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(CMP_str_functs[0].error) == NULL) + { + ERR_load_strings(0,CMP_str_functs); + ERR_load_strings(0,CMP_str_reasons); + } +#endif + } Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_http.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_http.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_http.c (revision 764) @@ -0,0 +1,945 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ +/* crypto/cmp/cmp_http.c + * HTTP functions for CMP (RFC 4210) for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2013 Miikka Viljanen + * + * HTTP code taken from crypto/ocsp/ocsp_ht.c, written by + * Dr Stephen N Henson (steve at openssl.org) + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#include +#include +#include +#include +#include "e_os.h" +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#ifdef OPENSSL_SYS_SUNOS +#define strtoul (unsigned long)strtol +#endif /* OPENSSL_SYS_SUNOS */ + + +#ifndef HAVE_CURL /* NO curl support, so we use HTTP code from OCSP */ + +typedef BIO CMPBIO; + +/* This code for HTTP was adapted from crypto/ocsp/ocsp_ht.c, OpenSSL version + * 1.0.1e, originally written by Dr Stephen N Henson (steve at openssl.org) for + * the OpenSSL project 2006. + */ + +/* Stateful CMP request code, supporting non-blocking I/O */ + +/* Opaque CMP request status structure */ + +typedef struct cmp_req_ctx_st CMP_REQ_CTX; +struct cmp_req_ctx_st { + int state; /* Current I/O state */ + unsigned char *iobuf; /* Line buffer */ + int iobuflen; /* Line buffer length */ + BIO *io; /* BIO to perform I/O with */ + BIO *mem; /* Memory BIO response is built into */ + unsigned long asn1_len; /* ASN1 length of response */ + }; + +#define CMP_MAX_REQUEST_LENGTH (100 * 1024) +#define CMP_MAX_LINE_LEN 4096; + +/* CMP states */ + +/* If set no reading should be performed */ +#define OHS_NOREAD 0x1000 +/* Error condition */ +#define OHS_ERROR (0 | OHS_NOREAD) +/* First line being read */ +#define OHS_FIRSTLINE 1 +/* MIME headers being read */ +#define OHS_HEADERS 2 +/* CMP initial header (tag + length) being read */ +#define OHS_ASN1_HEADER 3 +/* CMP content octets being read */ +#define OHS_ASN1_CONTENT 4 +/* Request being sent */ +#define OHS_ASN1_WRITE (6 | OHS_NOREAD) +/* Request being flushed */ +#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) +/* Completed */ +#define OHS_DONE (8 | OHS_NOREAD) + +/* from apps.h */ +#ifndef openssl_fdset +#ifdef OPENSSL_SYSNAME_WIN32 +# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) +#else +# define openssl_fdset(a,b) FD_SET(a, b) +#endif +#endif + + +static int parse_http_line1(char *line); + +void CMP_REQ_CTX_free(CMP_REQ_CTX *rctx) + { + if (rctx->mem) + BIO_free(rctx->mem); + if (rctx->iobuf) + OPENSSL_free(rctx->iobuf); + OPENSSL_free(rctx); + } + +int CMP_REQ_CTX_set1_req(CMP_REQ_CTX *rctx, CMP_PKIMESSAGE *req) + { + static const char req_hdr[] = + "Content-Type: application/pkixcmp\r\n" + "Cache-control: no-cache\r\n" + "Content-Length: %d\r\n\r\n"; + if (BIO_printf(rctx->mem, req_hdr, i2d_CMP_PKIMESSAGE(req, NULL)) <= 0) + return 0; + if (i2d_CMP_PKIMESSAGE_bio(rctx->mem, req) <= 0) + return 0; + rctx->state = OHS_ASN1_WRITE; + rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); + return 1; + } + +int CMP_REQ_CTX_add1_header(CMP_REQ_CTX *rctx, + const char *name, const char *value) + { + if (!name) + return 0; + if (BIO_puts(rctx->mem, name) <= 0) + return 0; + if (value) + { + if (BIO_write(rctx->mem, ": ", 2) != 2) + return 0; + if (BIO_puts(rctx->mem, value) <= 0) + return 0; + } + if (BIO_write(rctx->mem, "\r\n", 2) != 2) + return 0; + return 1; + } + +CMP_REQ_CTX *CMP_sendreq_new(BIO *io, char *path, CMP_PKIMESSAGE *req, + int maxline) + { + static const char post_hdr[] = "POST %s HTTP/1.0\r\n"; + + CMP_REQ_CTX *rctx; + rctx = OPENSSL_malloc(sizeof(CMP_REQ_CTX)); + rctx->state = OHS_ERROR; + rctx->mem = BIO_new(BIO_s_mem()); + rctx->io = io; + rctx->asn1_len = 0; + if (maxline > 0) + rctx->iobuflen = maxline; + else + rctx->iobuflen = CMP_MAX_LINE_LEN; + rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); + if (!rctx->iobuf) + return 0; + if (!path) + path = "/"; + + if (BIO_printf(rctx->mem, post_hdr, path) <= 0) + return 0; + + if (req && !CMP_REQ_CTX_set1_req(rctx, req)) + return 0; + + return rctx; + } + +/* Parse the HTTP response. This will look like this: + * "HTTP/1.0 200 OK". We need to obtain the numeric code and + * (optional) informational message. + */ + +static int parse_http_line1(char *line) + { + int retcode; + char *p, *q, *r; + /* Skip to first white space (passed protocol info) */ + + for(p = line; *p && !isspace((unsigned char)*p); p++) + continue; + if(!*p) + { + CMPerr(CMP_F_PARSE_HTTP_LINE1, + CMP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + + /* Skip past white space to start of response code */ + while(*p && isspace((unsigned char)*p)) + p++; + + if(!*p) + { + CMPerr(CMP_F_PARSE_HTTP_LINE1, + CMP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + + /* Find end of response code: first whitespace after start of code */ + for(q = p; *q && !isspace((unsigned char)*q); q++) + continue; + + if(!*q) + { + CMPerr(CMP_F_PARSE_HTTP_LINE1, + CMP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; + } + + /* Set end of response code and start of message */ + *q++ = 0; + + /* Attempt to parse numeric code */ + retcode = strtoul(p, &r, 10); + + if(*r) + return 0; + + /* Skip over any leading white space in message */ + while(*q && isspace((unsigned char)*q)) + q++; + + if(*q) + { + /* Finally zap any trailing white space in message (include + * CRLF) */ + + /* We know q has a non white space character so this is OK */ + for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) + *r = 0; + } + if(retcode != 200) + { + CMPerr(CMP_F_PARSE_HTTP_LINE1, CMP_R_SERVER_RESPONSE_ERROR); + if(!*q) + ERR_add_error_data(2, "Code=", p); + else + ERR_add_error_data(4, "Code=", p, ",Reason=", q); + return 0; + } + + + return 1; + + } + +int CMP_sendreq_nbio(CMP_PKIMESSAGE **presp, CMP_REQ_CTX *rctx) + { + int i, n; + const unsigned char *p; + next_io: + if (!(rctx->state & OHS_NOREAD)) + { + n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); + + if (n <= 0) + { + if (BIO_should_retry(rctx->io)) + return -1; + return 0; + } + + /* Write data to memory BIO */ + + if (BIO_write(rctx->mem, rctx->iobuf, n) != n) + return 0; + } + + switch(rctx->state) + { + + case OHS_ASN1_WRITE: + n = BIO_get_mem_data(rctx->mem, &p); + + i = BIO_write(rctx->io, + p + (n - rctx->asn1_len), rctx->asn1_len); + + if (i <= 0) + { + if (BIO_should_retry(rctx->io)) + return -1; + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len -= i; + + if (rctx->asn1_len > 0) + goto next_io; + + rctx->state = OHS_ASN1_FLUSH; + + (void)BIO_reset(rctx->mem); + + case OHS_ASN1_FLUSH: + + i = BIO_flush(rctx->io); + + if (i > 0) + { + rctx->state = OHS_FIRSTLINE; + goto next_io; + } + + if (BIO_should_retry(rctx->io)) + return -1; + + rctx->state = OHS_ERROR; + return 0; + + case OHS_ERROR: + return 0; + + case OHS_FIRSTLINE: + case OHS_HEADERS: + + /* Attempt to read a line in */ + + next_line: + /* Due to &%^*$" memory BIO behaviour with BIO_gets we + * have to check there's a complete line in there before + * calling BIO_gets or we'll just get a partial read. + */ + n = BIO_get_mem_data(rctx->mem, &p); + if ((n <= 0) || !memchr(p, '\n', n)) + { + if (n >= rctx->iobuflen) + { + rctx->state = OHS_ERROR; + return 0; + } + goto next_io; + } + n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); + + if (n <= 0) + { + if (BIO_should_retry(rctx->mem)) + goto next_io; + rctx->state = OHS_ERROR; + return 0; + } + + /* Don't allow excessive lines */ + if (n == rctx->iobuflen) + { + rctx->state = OHS_ERROR; + return 0; + } + + /* First line */ + if (rctx->state == OHS_FIRSTLINE) + { + if (parse_http_line1((char *)rctx->iobuf)) + { + rctx->state = OHS_HEADERS; + goto next_line; + } + else + { + rctx->state = OHS_ERROR; + return 0; + } + } + else + { + /* Look for blank line: end of headers */ + for (p = rctx->iobuf; *p; p++) + { + if ((*p != '\r') && (*p != '\n')) + break; + } + if (*p) + goto next_line; + + rctx->state = OHS_ASN1_HEADER; + + } + + /* Fall thru */ + + + case OHS_ASN1_HEADER: + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. + */ + n = BIO_get_mem_data(rctx->mem, &p); + if (n < 2) + goto next_io; + + /* Check it is an ASN1 SEQUENCE */ + if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) + { + rctx->state = OHS_ERROR; + return 0; + } + + /* Check out length field */ + if (*p & 0x80) + { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; + n = *p & 0x7F; + /* Not NDEF or excessive length */ + if (!n || (n > 4)) + { + rctx->state = OHS_ERROR; + return 0; + } + p++; + rctx->asn1_len = 0; + for (i = 0; i < n; i++) + { + rctx->asn1_len <<= 8; + rctx->asn1_len |= *p++; + } + + if (rctx->asn1_len > CMP_MAX_REQUEST_LENGTH) + { + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len += n + 2; + } + else + rctx->asn1_len = *p + 2; + + rctx->state = OHS_ASN1_CONTENT; + + /* Fall thru */ + + case OHS_ASN1_CONTENT: + n = BIO_get_mem_data(rctx->mem, &p); + if (n < (int)rctx->asn1_len) + goto next_io; + + + *presp = d2i_CMP_PKIMESSAGE(NULL, &p, rctx->asn1_len); + if (*presp) + { + rctx->state = OHS_DONE; + return 1; + } + + rctx->state = OHS_ERROR; + return 0; + + break; + + case OHS_DONE: + return 1; + + } + + return 0; + } + +/* Blocking CMP request handler: now a special case of non-blocking I/O */ + +CMP_PKIMESSAGE *CMP_sendreq_bio(BIO *b, char *path, CMP_PKIMESSAGE *req) + { + CMP_PKIMESSAGE *resp = NULL; + CMP_REQ_CTX *ctx; + int rv; + + ctx = CMP_sendreq_new(b, path, req, -1); + if (!ctx) return NULL; + + do + { + rv = CMP_sendreq_nbio(&resp, ctx); + } while ((rv == -1) && BIO_should_retry(b)); + + CMP_REQ_CTX_free(ctx); + + if (rv) + return resp; + + return NULL; + } + + +#else /* HAVE_CURL */ + +typedef CURL CMPBIO; + +/* If libcurl is available, we use this code. */ + +typedef struct rdata_s + { + char *memory; + size_t size; + } rdata_t; + +/* ############################################################################ * + * internal function + * + * realloc which doesn't fail when trying to reallocate NULL pointers + * + * returns pointer to (re-)allocate space or NULL on error + * ############################################################################ */ +static void *myrealloc(void *ptr, size_t size) + { + if(ptr) + return realloc(ptr, size); + else + return calloc(1,size); + } + +/* ############################################################################ * + * internal function + * + * used for CURLOPT_WRITEFUNCTION + * + * returns size of written data in bytes + * ############################################################################ */ +static size_t write_data(void *ptr, size_t size, size_t nmemb, void *data) + { + size_t realsize = size * nmemb; + struct rdata_s *mem = (struct rdata_s *) data; + + mem->memory = myrealloc(mem->memory, mem->size + realsize + 1); + if (mem->memory) + { + memcpy(&(mem->memory[mem->size]), ptr, realsize); + mem->size += realsize; + mem->memory[mem->size] = 0; + } + return realsize; + } + +/* ################################################################ * + * internal function + * + * In CMP_CTX we have separate variables for server address and path, + * but libcurl doesn't have a separate function for just setting the + * path. This function simply checks the end of the effective url to + * make sure that the correct path is there, and if it's not set yet + * it will be added. + * + * returns 1 on success, 0 on error + * ################################################################ */ +static int set_http_path(CURL *curl, const CMP_CTX *ctx) + { + char *url = NULL; + int bufsize = 0; + + bufsize = strlen(ctx->serverName) + strlen(ctx->serverPath) + 2; + url = malloc(bufsize); + if (!url) return 0; + + BIO_snprintf(url, bufsize, "%s/%s", ctx->serverName, ctx->serverPath); + curl_easy_setopt(curl, CURLOPT_URL, url); + free(url); + + return 1; + } + + +#endif + + +/* +static uint32_t gethostiplong(const char *host) + { + unsigned char ip[4]; + + BIO_get_host_ip(host, ip); + + return htonl( (unsigned long) + ((unsigned long)ip[0]<<24L)| + ((unsigned long)ip[1]<<16L)| + ((unsigned long)ip[2]<< 8L)| + ((unsigned long)ip[3]) ); + } +*/ + +/* ########################################################################## * + * internal function + * Create a new http connection, with a specified source ip/interface + * returns 1 on success, 0 on error, returns the created bio inside the *bio + * argument + * ########################################################################## */ +static int CMP_new_http_bio( CMPBIO **bio, const CMP_CTX *ctx) + { +#ifndef HAVE_CURL + BIO *cbio = NULL; + + if (!ctx) goto err; + + if (!ctx->proxyName || !ctx->proxyPort) + { + cbio = BIO_new_connect(ctx->serverName); + if (!cbio) goto err; + BIO_set_conn_int_port(cbio, &ctx->serverPort); + } + else + { + cbio = BIO_new_connect(ctx->proxyName); + if (!cbio) goto err; + BIO_set_conn_int_port(cbio, &ctx->proxyPort); + } + + if (ctx->useTLS) + { + OpenSSL_add_ssl_algorithms(); + /* TODO support all versions of SSL / TLS properly */ + SSL_CTX *ctx = SSL_CTX_new(TLSv1_client_method()); + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); + BIO *sbio = BIO_new_ssl(ctx, 1); + cbio = BIO_push(sbio, cbio); + } + + *bio = cbio; + return 1; + + err: + return 0; +#else + struct curl_slist *slist=NULL; + CURL *curl; + + static int curl_initialized = 0; + + if (!ctx) goto err; + + if (curl_initialized == 0) + { + curl_initialized = 1; + curl_global_init(CURL_GLOBAL_ALL); + } + + if (!(curl=curl_easy_init())) goto err; + + slist = curl_slist_append(slist, "Content-Type: application/pkixcmp"); + slist = curl_slist_append(slist, "Cache-control: no-cache"); + slist = curl_slist_append(slist, "Expect:"); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data); + if (ctx->sourceAddress != NULL) + curl_easy_setopt(curl, CURLOPT_INTERFACE, ctx->sourceAddress); + + curl_easy_setopt(curl, CURLOPT_URL, ctx->serverName); + curl_easy_setopt(curl, CURLOPT_PORT, ctx->serverPort); + + curl_easy_setopt(curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); + + if (ctx->proxyName && ctx->proxyPort) + { + curl_easy_setopt(curl, CURLOPT_PROXY, ctx->proxyName); + curl_easy_setopt(curl, CURLOPT_PROXYPORT, ctx->proxyPort); + curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + } + else + { + /* curl will automatically try to get proxy from environment if we don't set this. + * if proxy use is enabled, it will be set in CMP_PKIMESSAGE_http_perform. */ + curl_easy_setopt(curl, CURLOPT_PROXY, ""); /* TODO: that needs to be explicitly documented */ + } + + *bio = curl; + return 1; + + err: + CMPerr(CMP_F_CMP_NEW_HTTP_BIO, CMP_R_CURL_ERROR); + return 0; +#endif + } + +static int CMP_delete_http_bio( CMPBIO *cbio) + { +#ifndef HAVE_CURL + if (cbio) BIO_free_all(cbio); +#else + if (cbio) curl_easy_cleanup(cbio); +#endif + return 1; + } + +/* ################################################################ * + * Send the given PKIMessage msg and place the response in *out. + * returns 1 on success, 0 on error + * on success, returns pointer to received PKIMessage in *out + * ################################################################ */ +#ifndef HAVE_CURL + +int CMP_PKIMESSAGE_http_perform(const CMP_CTX *ctx, const CMP_PKIMESSAGE *msg, CMP_PKIMESSAGE **out) + { + int rv, fd; + fd_set confds; + struct timeval tv; + char *path=0; + size_t pos=0, pathlen=0; + CMPBIO *cbio = 0; + + CMP_new_http_bio(&cbio, ctx); + + if (!cbio || !ctx || !msg || !out) + { + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_NULL_ARGUMENT); + goto err; + } + + if (!ctx->serverName || !ctx->serverPath || !ctx->serverPort) + { + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_NULL_ARGUMENT); + goto err; + } + + if (ctx->HttpTimeOut != 0) + BIO_set_nbio(cbio, 1); + + rv = BIO_do_connect(cbio); + if (rv <= 0 && (ctx->HttpTimeOut == -1 || !BIO_should_retry(cbio))) + { + /* Error connecting */ + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_SERVER_NOT_REACHABLE); + goto err; + } + + if (BIO_get_fd(cbio, &fd) <= 0) + { + /* XXX Can't get fd, is this the right error to return? */ + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_SERVER_NOT_REACHABLE); + goto err; + } + + if (ctx->HttpTimeOut != -1 && rv <= 0) + { + FD_ZERO(&confds); + openssl_fdset(fd, &confds); + tv.tv_usec = 0; + tv.tv_sec = ctx->HttpTimeOut; + rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); + if (rv == 0) + { + // Timed out + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_SERVER_NOT_REACHABLE); + goto err; + } + } + + pathlen = strlen(ctx->serverName) + strlen(ctx->serverPath) + 32; + path = (char*) OPENSSL_malloc(pathlen); + if (!path) goto err; + + /* Section 5.1.2 of RFC 1945 states that the absoluteURI form is only allowed when using a proxy */ + if (ctx->proxyName && ctx->proxyPort) + pos = BIO_snprintf(path, pathlen-1, "http://%s:%d", ctx->serverName, ctx->serverPort); + + /* make sure path includes a forward slash */ + if (ctx->serverPath[0] != '/') path[pos++] = '/'; + + BIO_snprintf(path+pos, pathlen-pos-1, "%s", ctx->serverPath); + + *out = CMP_sendreq_bio(cbio, path, (CMP_PKIMESSAGE*) msg); + + OPENSSL_free(path); + // BIO_reset(cbio); + CMP_delete_http_bio(cbio); + + if (!*out) { + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_FAILED_TO_DECODE_PKIMESSAGE); + goto err; + } + + return 1; + + err: + return 0; + } + +#else /* HAVE_CURL */ + +int CMP_PKIMESSAGE_http_perform(const CMP_CTX *ctx, const CMP_PKIMESSAGE *msg, CMP_PKIMESSAGE **out) + { + unsigned char *derMsg = NULL, *pder = NULL; + char *content_type = NULL; + int derLen = 0; + CURLcode res; + rdata_t rdata = {0,0}; + CMPBIO *curl = NULL; + + CMP_new_http_bio(&curl, ctx); + + if (!curl || !ctx || !msg || !out) + { + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_NULL_ARGUMENT); + goto err; + } + + if (!ctx->serverName || !ctx->serverPath || !ctx->serverPort) + { + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_NULL_ARGUMENT); + goto err; + } + + derLen = i2d_CMP_PKIMESSAGE( (CMP_PKIMESSAGE*) msg, &derMsg); + + set_http_path(curl, ctx); + + /* curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); */ + + /* rdata will contain the data received from the server */ + curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&rdata); + + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (void*) derMsg); + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, derLen); + + /* set timeout for the entire HTTP operation */ + if (ctx->HttpTimeOut != 0) + curl_easy_setopt(curl, CURLOPT_TIMEOUT, ctx->HttpTimeOut); + + res = curl_easy_perform(curl); + + /* free up sent DER message from memory */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (void*) 0); + free(derMsg); + + if (res != CURLE_OK) + { + char num[64]; + + if (res == CURLE_COULDNT_CONNECT + || res == CURLE_COULDNT_RESOLVE_PROXY + || res == CURLE_COULDNT_RESOLVE_HOST + || res == CURLE_SEND_ERROR + || res == CURLE_RECV_ERROR + || res == CURLE_OPERATION_TIMEDOUT + || res == CURLE_INTERFACE_FAILED) + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_SERVER_NOT_REACHABLE); + else if (res != CURLE_OK) + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_CURL_ERROR); + + BIO_snprintf(num, sizeof(num)-1, "%d:", res); + ERR_add_error_data(2, num, curl_easy_strerror(res)); + goto err; + } + + /* verify that Content-type is application/pkixcmp */ + curl_easy_getinfo(curl, CURLINFO_CONTENT_TYPE, &content_type); + if (content_type == NULL || strcmp(content_type, "application/pkixcmp") != 0) + { + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_INVALID_CONTENT_TYPE); + goto err; + } + + pder = (unsigned char*) rdata.memory; + *out = d2i_CMP_PKIMESSAGE( NULL, (const unsigned char**) &pder, rdata.size); + if (*out == 0) + { + CMPerr(CMP_F_CMP_PKIMESSAGE_HTTP_PERFORM, CMP_R_FAILED_TO_DECODE_PKIMESSAGE); + goto err; + } + + if (CURLE_OK != curl_easy_getinfo((CMPBIO*)curl, CURLINFO_RESPONSE_CODE, &ctx->lastHTTPCode)) goto err; + + CMP_delete_http_bio(curl); + + free(rdata.memory); + return 1; + + err: + if (rdata.memory) + free(rdata.memory); + + if (curl) + CMP_delete_http_bio(curl); + return 0; + } +#endif /* HAVE_CURL */ + + +/* ################################################################ * + * Returns the HTTP response code of the last response we got from + * the server. + * returns 0 on error + * ################################################################ */ +long CMP_get_http_response_code(const CMP_CTX *ctx) + { + if (!ctx) return 0; + return ctx->lastHTTPCode; + } Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_lib.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_lib.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_lib.c (revision 764) @@ -0,0 +1,1534 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ +/* crypto/cmp/cmp_lib.c + * CMP (RFC 4210) library functions for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + + /* NAMING + * The 0 version uses the supplied structure pointer directly in the parent and + * it will be freed up when the parent is freed. In the above example crl would + * be freed but rev would not. + * + * The 1 function uses a copy of the supplied structure pointer (or in some + * cases increases its link count) in the parent and so both (x and obj above) + * should be freed up. + */ + +/* ############################################################################ * + * In this file are the functions which set the individual items inside * + * the CMP structures * + * ############################################################################ */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +/* for bio_err */ +#include + +#include +#include + +/* ############################################################################ * + * Sets the protocol version number in PKIHeader. + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_set_version(CMP_PKIHEADER *hdr, int version) + { + if( !hdr) goto err; + + if(! ASN1_INTEGER_set(hdr->pvno, version)) goto err; + + return 1; +err: + return 0; + } + +/* ############################################################################ * + * Set the recipient name of PKIHeader. + * when nm is NULL, recipient is set to an empty string + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_set1_recipient(CMP_PKIHEADER *hdr, const X509_NAME *nm) + { + GENERAL_NAME *gen=NULL; + if( !hdr) goto err; + + gen = GENERAL_NAME_new(); + if( !gen) goto err; + + gen->type = GEN_DIRNAME; + + /* if nm is not set an empty dirname will be set */ + if (nm == NULL) + { + gen->d.directoryName = X509_NAME_new(); + } + else + { + if (!X509_NAME_set(&gen->d.directoryName, (X509_NAME*) nm)) + { + GENERAL_NAME_free(gen); + goto err; + } + } + + if (hdr->recipient) + GENERAL_NAME_free(hdr->recipient); + hdr->recipient = gen; + + return 1; +err: + return 0; + } + +/* ############################################################################ * + * Set the sender name in PKIHeader. + * when nm is NULL, sender is set to an empty string + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_set1_sender(CMP_PKIHEADER *hdr, const X509_NAME *nm) + { + GENERAL_NAME *gen=NULL; + if( !hdr) goto err; + + gen = GENERAL_NAME_new(); + if( !gen) goto err; + + gen->type = GEN_DIRNAME; + + /* if nm is not set an empty dirname will be set */ + if (nm == NULL) + { + gen->d.directoryName = X509_NAME_new(); + } + else { + if (!X509_NAME_set(&gen->d.directoryName, (X509_NAME*) nm)) + { + GENERAL_NAME_free(gen); + goto err; + } + } + if (hdr->sender) + GENERAL_NAME_free(hdr->sender); + hdr->sender = gen; + + return 1; +err: + return 0; + } + +/* ############################################################################ * + * (re-)set given transaction ID in CMP header + * if given *transactionID is NULL, a random one is created with 128 bit + * according to section 5.1.1: + * + * It is RECOMMENDED that the clients fill the transactionID field with + * 128 bits of (pseudo-) random data for the start of a transaction to + * reduce the probability of having the transactionID in use at the + * server. + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_set1_transactionID(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *transactionID) + { +#define TRANSACTIONID_LENGTH 16 + unsigned char *transactionIDuchar=NULL; + + if(!hdr) goto err; + + if(transactionID) + { + if (!(hdr->transactionID = ASN1_OCTET_STRING_dup((ASN1_OCTET_STRING *)transactionID))) goto err; + } + else { + /* generate a random value if none was given */ + if(!(transactionIDuchar = (unsigned char*)OPENSSL_malloc(TRANSACTIONID_LENGTH))) goto err; + RAND_pseudo_bytes(transactionIDuchar, TRANSACTIONID_LENGTH); + + if(hdr->transactionID == NULL) + { + hdr->transactionID = ASN1_OCTET_STRING_new(); + } + if(!(ASN1_OCTET_STRING_set(hdr->transactionID, transactionIDuchar, TRANSACTIONID_LENGTH))) goto err; + + OPENSSL_free(transactionIDuchar); + } + + return 1; +err: + if(transactionIDuchar) + OPENSSL_free(transactionIDuchar); + return 0; + } + +/* ############################################################################ * + * (re-)set random senderNonce to given header + * as in 5.1.1: + * + * senderNonce present + * -- 128 (pseudo-)random bits + * The senderNonce and recipNonce fields protect the PKIMessage against + * replay attacks. The senderNonce will typically be 128 bits of + * (pseudo-) random data generated by the sender, whereas the recipNonce + * is copied from the senderNonce of the previous message in the + * transaction. + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_new_senderNonce(CMP_PKIHEADER *hdr) + { +#define SENDERNONCE_LENGTH 16 + unsigned char senderNonce[SENDERNONCE_LENGTH]; + + if( !hdr) goto err; + + RAND_pseudo_bytes(senderNonce, SENDERNONCE_LENGTH); + + if (hdr->senderNonce == NULL) + { + hdr->senderNonce = ASN1_OCTET_STRING_new(); + } + + if (!(ASN1_OCTET_STRING_set(hdr->senderNonce, senderNonce, SENDERNONCE_LENGTH))) goto err; + + return 1; +err: + return 0; + } + +/* ############################################################################ * + * (re-)sets given recipient nonce to given header + * as per 5.1.1 used to mirror the nonce back to the other side + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_set1_recipNonce(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *recipNonce) + { + if (!hdr) goto err; + if (!recipNonce) goto err; + + if (hdr->recipNonce) + ASN1_OCTET_STRING_free(hdr->recipNonce); + + if (!(hdr->recipNonce = ASN1_OCTET_STRING_dup((ASN1_OCTET_STRING *)recipNonce))) goto err; + + return 1; +err: + return 0; + } + +/* ############################################################################ * + * (re-)set given senderKID to given header + * + * senderKID referenceNum + * -- the reference number which the CA has previously issued + * -- to the end entity (together with the MACing key) + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_set1_senderKID(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *senderKID) + { + if (!hdr) goto err; + if (!senderKID) goto err; + + if (hdr->senderKID) + ASN1_OCTET_STRING_free(hdr->senderKID); + + if (!(hdr->senderKID = ASN1_OCTET_STRING_dup((ASN1_OCTET_STRING *)senderKID))) goto err; + + return 1; +err: + return 0; + } + +/* ############################################################################ + * (re-)set the messageTime to the current system time + * + * as in 5.1.1: + * + * The messageTime field contains the time at which the sender created + * the message. This may be useful to allow end entities to + * correct/check their local time for consistency with the time on a + * central system. + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_set_messageTime(CMP_PKIHEADER *hdr) + { + if (!hdr) goto err; + + if (!hdr->messageTime) + hdr->messageTime = ASN1_GENERALIZEDTIME_new(); + + if (! ASN1_GENERALIZEDTIME_set( hdr->messageTime, time(NULL))) goto err; + return 1; +err: + return 0; + } + +/* ############################################################################ * + * push given ASN1_UTF8STRING to hdr->freeText and consume the given pointer + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_push0_freeText( CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text) + { + if (!hdr) goto err; + if (!text) goto err; + + if (!hdr->freeText) + if (!(hdr->freeText = sk_ASN1_UTF8STRING_new_null())) goto err; + + if (!(sk_ASN1_UTF8STRING_push(hdr->freeText, text))) goto err; + + return 1; +err: + return 0; + } + +/* ############################################################################ * + * push an ASN1_UTF8STRING to hdr->freeText and don't consume the given pointer + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_push1_freeText( CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text) + { + ASN1_UTF8STRING *textDup=NULL; + + if (!hdr) goto err; + if (!text) goto err; + + if( !(textDup = ASN1_UTF8STRING_new())) goto err; + if( !ASN1_STRING_set( textDup, text->data, text->length)) goto err; + + return CMP_PKIHEADER_push0_freeText( hdr, textDup); +err: + if (textDup) ASN1_UTF8STRING_free(textDup); + return 0; + } + +/* ############################################################################ * + * Initialize the given PkiHeader structure with values set in the CMP_CTX structure. + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_init(CMP_CTX *ctx, CMP_PKIHEADER *hdr) + { + if( !hdr) goto err; + if( !ctx) goto err; + + /* set the CMP version */ + CMP_PKIHEADER_set_version( hdr, CMP_VERSION); + + /* in case there is no OLD client cert the sender name is not set (e.g. for IR) */ + if( ctx->clCert) + { + if( !CMP_PKIHEADER_set1_sender( hdr, X509_get_subject_name( (X509*) ctx->clCert))) goto err; + } + else { + if( !CMP_PKIHEADER_set1_sender( hdr, NULL)) goto err; + } + + /* set recipient name either from known server certificate or recipient name in ctx, leave empty if not set in ctx */ + if( ctx->srvCert) + { + if( !CMP_PKIHEADER_set1_recipient( hdr, X509_get_subject_name( (X509*) ctx->srvCert))) goto err; + } + else if( ctx->recipient) + { + if( !CMP_PKIHEADER_set1_recipient( hdr, ctx->recipient)) goto err; + } + else + { + if( !CMP_PKIHEADER_set1_recipient( hdr, NULL)) goto err; + } + + /* set current time as message time */ + if( !CMP_PKIHEADER_set_messageTime(hdr)) goto err; + + if (ctx->recipNonce) + if( !CMP_PKIHEADER_set1_recipNonce(hdr, ctx->recipNonce)) goto err; + + if (ctx->transactionID) + { + if (!CMP_PKIHEADER_set1_transactionID(hdr, ctx->transactionID)) goto err; + } + else { + /* create new transaction ID */ + if (!CMP_PKIHEADER_set1_transactionID(hdr, NULL)) goto err; + CMP_CTX_set1_transactionID(ctx, hdr->transactionID); + } + + if (!CMP_PKIHEADER_new_senderNonce(hdr)) goto err; + +#if 0 + /* + freeText [7] PKIFreeText OPTIONAL, + -- this may be used to indicate context-specific instructions + -- (this field is intended for human consumption) + */ + if( ctx->freeText) + if( !CMP_PKIHEADER_push1_freeText(hdr, ctx->freeText)) goto err; +#endif + + return 1; +err: + return 0; +} + + +/* ############################################################################ * + * also used for verification from cmp_vfy + * + * calculate PBM protection for given PKImessage utilizing the given secret and the + * pbm-parameters set inside the message header's protectionAlg + * + * returns pointer to ASN1_BIT_STRING containing protection on success, NULL on + * error + * ############################################################################ */ +ASN1_BIT_STRING *CMP_calc_protection_pbmac(CMP_PKIMESSAGE *pkimessage, const ASN1_OCTET_STRING *secret) + { + ASN1_BIT_STRING *prot=NULL; + CMP_PROTECTEDPART protPart; + ASN1_STRING *pbmStr=NULL; + ASN1_OBJECT *algorOID=NULL; + + CRMF_PBMPARAMETER *pbm=NULL; + + size_t protPartDerLen; + unsigned int macLen; + unsigned char *protPartDer=NULL; + unsigned char *mac=NULL; + const unsigned char *pbmStrUchar=NULL; + + void *ppval=NULL; + int pptype=0; + + if (!secret) + { + CMPerr(CMP_F_CMP_CALC_PROTECTION_PBMAC, CMP_R_NO_SECRET_VALUE_GIVEN_FOR_PBMAC); + goto err; + } + + protPart.header = pkimessage->header; + protPart.body = pkimessage->body; + protPartDerLen = i2d_CMP_PROTECTEDPART(&protPart, &protPartDer); + + X509_ALGOR_get0( &algorOID, &pptype, &ppval, pkimessage->header->protectionAlg); + + if (NID_id_PasswordBasedMAC == OBJ_obj2nid(algorOID)) + { + /* there is no pmb set in this message */ + if (!ppval) goto err; + + pbmStr = (ASN1_STRING *)ppval; + pbmStrUchar = (unsigned char *)pbmStr->data; + pbm = d2i_CRMF_PBMPARAMETER( NULL, &pbmStrUchar, pbmStr->length); + + if(!(CRMF_passwordBasedMac_new(pbm, protPartDer, protPartDerLen, secret->data, secret->length, &mac, &macLen))) goto err; + } + else { + CMPerr(CMP_F_CMP_CALC_PROTECTION_PBMAC, CMP_R_WRONG_ALGORITHM_OID); + goto err; + } + OPENSSL_free(protPartDer); + + if(!(prot = ASN1_BIT_STRING_new())) goto err; + ASN1_BIT_STRING_set(prot, mac, macLen); + + /* Actually this should not be needed but OpenSSL defaults all bitstrings to be a NamedBitList */ + prot->flags &= ~0x07; + prot->flags |= ASN1_STRING_FLAG_BITS_LEFT; + + /* cleanup */ + if (mac) OPENSSL_free(mac); + return prot; + +err: + if (mac) OPENSSL_free(mac); + + CMPerr(CMP_F_CMP_CALC_PROTECTION_PBMAC, CMP_R_ERROR_CALCULATING_PROTECTION); + if(prot) ASN1_BIT_STRING_free(prot); + if(protPartDer) OPENSSL_free(protPartDer); + return NULL; +} + +/* ############################################################################ * + * only used internally + * + * calculate signature protection for given PKImessage utilizing the given secret key + * and the algorithm parameters set inside the message header's protectionAlg + * + * returns pointer to ASN1_BIT_STRING containing protection on success, NULL on + * error + * ############################################################################ */ +ASN1_BIT_STRING *CMP_calc_protection_sig(CMP_PKIMESSAGE *pkimessage, EVP_PKEY *pkey) + { + ASN1_BIT_STRING *prot=NULL; + CMP_PROTECTEDPART protPart; + ASN1_OBJECT *algorOID=NULL; + + size_t protPartDerLen; + unsigned int macLen; + size_t maxMacLen; + unsigned char *protPartDer=NULL; + unsigned char *mac=NULL; + + void *ppval=NULL; + int pptype=0; + + EVP_MD_CTX *evp_ctx=NULL; + const EVP_MD *md=NULL; + + if (!pkey) + { /* EVP_SignFinal() will check that pkey type is correct for the algorithm */ + CMPerr(CMP_F_CMP_CALC_PROTECTION_SIG, CMP_R_INVALID_KEY); + ERR_add_error_data(1, "pkey was NULL although it is supposed to be used for generating protection"); + goto err; + } + + /* construct data to be signed */ + protPart.header = pkimessage->header; + protPart.body = pkimessage->body; + protPartDerLen = i2d_CMP_PROTECTEDPART(&protPart, &protPartDer); + + X509_ALGOR_get0( &algorOID, &pptype, &ppval, pkimessage->header->protectionAlg); + + if ((md = EVP_get_digestbynid(OBJ_obj2nid(algorOID)))) + { + maxMacLen = EVP_PKEY_size(pkey); + mac = OPENSSL_malloc(maxMacLen); + + /* calculate signature */ + evp_ctx = EVP_MD_CTX_create(); + if (!evp_ctx) goto err; + if (!(EVP_SignInit_ex(evp_ctx, md, NULL))) goto err; + if (!(EVP_SignUpdate(evp_ctx, protPartDer, protPartDerLen))) goto err; + if (!(EVP_SignFinal(evp_ctx, mac, &macLen, pkey))) goto err; + } + else { + CMPerr(CMP_F_CMP_CALC_PROTECTION_SIG, CMP_R_UNKNOWN_ALGORITHM_ID); + goto err; + } + + if(!(prot = ASN1_BIT_STRING_new())) goto err; + ASN1_BIT_STRING_set(prot, mac, macLen); + + /* Actually this should not be needed but OpenSSL defaults all bitstrings to be a NamedBitList */ + prot->flags &= ~0x07; + prot->flags |= ASN1_STRING_FLAG_BITS_LEFT; + + /* cleanup */ + if (evp_ctx) EVP_MD_CTX_destroy(evp_ctx); + if (mac) OPENSSL_free(mac); + if (protPartDer) OPENSSL_free(protPartDer); + return prot; + +err: + if (evp_ctx) EVP_MD_CTX_destroy(evp_ctx); + if (mac) OPENSSL_free(mac); + if (protPartDer) OPENSSL_free(protPartDer); + + CMPerr(CMP_F_CMP_CALC_PROTECTION_SIG, CMP_R_ERROR_CALCULATING_PROTECTION); + if(prot) ASN1_BIT_STRING_free(prot); + return NULL; +} + +/* ############################################################################ * + * internal function + * Create an X509_ALGOR structure for PasswordBasedMAC protection + * returns pointer to X509_ALGOR on success, NULL on error + * TODO: this could take options to configure the pbmac + * ############################################################################ */ +X509_ALGOR *CMP_create_pbmac_algor(void) + { + X509_ALGOR *alg=NULL; + CRMF_PBMPARAMETER *pbm=NULL; + unsigned char *pbmDer=NULL; + int pbmDerLen; + ASN1_STRING *pbmStr=NULL; + + if (!(alg = X509_ALGOR_new())) goto err; + if (!(pbm = CRMF_pbm_new())) goto err; + if (!(pbmStr = ASN1_STRING_new())) goto err; + + pbmDerLen = i2d_CRMF_PBMPARAMETER( pbm, &pbmDer); + + ASN1_STRING_set( pbmStr, pbmDer, pbmDerLen); + OPENSSL_free( pbmDer); + pbmDer = NULL; /* to avoid double free in case there would be a "goto err" inserted behind this point later in development */ + + X509_ALGOR_set0( alg, OBJ_nid2obj(NID_id_PasswordBasedMAC), V_ASN1_SEQUENCE, pbmStr); + pbmStr = NULL; /* pbmStr is not freed explicityly because the pointer was consumed by X509_ALGOR_set0() */ + + CRMF_PBMPARAMETER_free( pbm); + return alg; +err: + if (alg) X509_ALGOR_free(alg); + if (pbm) CRMF_PBMPARAMETER_free( pbm); + if (pbmDer) OPENSSL_free( pbmDer); + return NULL; + } + +/* ############################################################################ * + * determines which kind of protection should be created based on the ctx + * sets this into the protectionAlg field in the message header + * calculates the protection and sets it in the protections filed + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIMESSAGE_protect(CMP_CTX *ctx, CMP_PKIMESSAGE *msg) + { + if(!ctx) goto err; + if(!msg) goto err; + + /* use PasswordBasedMac according to 5.1.3.1 if secretValue is given */ + if (ctx->secretValue) + { + if(!(msg->header->protectionAlg = CMP_create_pbmac_algor())) goto err; + CMP_PKIHEADER_set1_senderKID(msg->header, ctx->referenceValue); + if(!(msg->protection = CMP_calc_protection_pbmac( msg, ctx->secretValue))) + goto err; + } + else { + /* use MSG_SIG_ALG according to 5.1.3.3 if client Certificate and private key is given */ + if (ctx->clCert && ctx->pkey) + { + ASN1_OCTET_STRING *subjKeyIDStr = NULL; + int algNID = 0; + + if (!msg->header->protectionAlg) + msg->header->protectionAlg = X509_ALGOR_new(); + + /* DSA/SHA1 is mandatory for MSG_SIG_ALG (appendix D.2) so SHA-1 is hardcoded here for now */ + /* This could be made configurable via ctx to include SHA-256 etc */ + switch (EVP_PKEY_type(ctx->pkey->type)) + { + case EVP_PKEY_DSA: + algNID = NID_dsaWithSHA1; + break; + case EVP_PKEY_RSA: + algNID = NID_sha1WithRSAEncryption; + break; + default: + CMPerr(CMP_F_CMP_PKIMESSAGE_PROTECT, CMP_R_UNSUPPORTED_KEY_TYPE); + goto err; + } + X509_ALGOR_set0(msg->header->protectionAlg, OBJ_nid2obj(algNID), V_ASN1_NULL, NULL); + + /* set senderKID to keyIdentifier of the used certificate according + * to section 5.1.1 */ + subjKeyIDStr = CMP_get_cert_subject_key_id(ctx->clCert); + if (subjKeyIDStr) + { + CMP_PKIHEADER_set1_senderKID(msg->header, subjKeyIDStr); + ASN1_OCTET_STRING_free(subjKeyIDStr); + } + + if (!(msg->protection = CMP_calc_protection_sig( msg, ctx->pkey))) + goto err; + } + else + { + CMPerr(CMP_F_CMP_PKIMESSAGE_PROTECT, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); + goto err; + } + } + + return 1; + err: + CMPerr(CMP_F_CMP_PKIMESSAGE_PROTECT, CMP_R_ERROR_PROTECTING_MESSAGE); + return 0; + } + +/* ############################################################################ * + * set certificate Hash in certStatus of certConf messages according to 5.3.18. + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_CERTSTATUS_set_certHash( CMP_CERTSTATUS *certStatus, const X509 *cert) + { + unsigned int hashLen; + unsigned char hash[EVP_MAX_MD_SIZE]; + int sigAlgID; + const EVP_MD *md = NULL; + + if (!certStatus) goto err; + if (!cert) goto err; + + /* select hash algorithm, as stated in Appendix F. Compilable ASN.1 Definitions: + * -- the hash of the certificate, using the same hash algorithm + * -- as is used to create and verify the certificate signature */ + sigAlgID = OBJ_obj2nid(cert->sig_alg->algorithm); + if ((md = EVP_get_digestbynid(sigAlgID))) + { + if (!X509_digest(cert, md, hash, &hashLen)) goto err; + if (!certStatus->certHash) + if (!(certStatus->certHash = ASN1_OCTET_STRING_new())) goto err; + if (!ASN1_OCTET_STRING_set(certStatus->certHash, hash, hashLen)) goto err; + } + else + { + CMPerr(CMP_F_CMP_CERTSTATUS_SET_CERTHASH, CMP_R_UNSUPPORTED_ALGORITHM); + goto err; + } + + return 1; + err: + CMPerr(CMP_F_CMP_CERTSTATUS_SET_CERTHASH, CMP_R_ERROR_SETTING_CERTHASH); + return 0; + } + +/* ############################################################################ * + * sets implicitConfirm in the generalInfo field of the PKIMessage header + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIMESSAGE_set_implicitConfirm(CMP_PKIMESSAGE *msg) + { + CMP_INFOTYPEANDVALUE *itav=NULL; + + if (!msg) goto err; + + if (!(itav = CMP_INFOTYPEANDVALUE_new())) goto err; + itav->infoType = OBJ_nid2obj(NID_id_it_implicitConfirm); + itav->infoValue.implicitConfirm = ASN1_NULL_new(); + if (!CMP_PKIHEADER_generalInfo_item_push0( msg->header, itav)) goto err; + return 1; +err: + if (itav) CMP_INFOTYPEANDVALUE_free(itav); + return 0; + } + +/* ############################################################################ + * checks if implicitConfirm in the generalInfo field of the header is set + * + * returns 1 if it is set, 0 if not + * ############################################################################ */ +int CMP_PKIMESSAGE_check_implicitConfirm(CMP_PKIMESSAGE *msg) + { + int itavCount; + int i; + CMP_INFOTYPEANDVALUE *itav=NULL; + + if (!msg) return 0; + + itavCount = sk_CMP_INFOTYPEANDVALUE_num(msg->header->generalInfo); + + for( i=0; i < itavCount; i++) + { + itav = sk_CMP_INFOTYPEANDVALUE_value(msg->header->generalInfo,i); + if (OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm) + return 1; + } + + return 0; + } + +/* ############################################################################ * + * push given itav to message header + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIHEADER_generalInfo_item_push0(CMP_PKIHEADER *hdr, const CMP_INFOTYPEANDVALUE *itav) + { + if( !hdr) goto err; + + if( !CMP_ITAV_stack_item_push0(&hdr->generalInfo, itav)) + goto err; + return 1; +err: + return 0; + } + +/* ############################################################################ * + * push itav to general message + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_PKIMESSAGE_genm_item_push0(CMP_PKIMESSAGE *msg, const CMP_INFOTYPEANDVALUE *itav) + { + if (!msg) goto err; + + if (CMP_PKIMESSAGE_get_bodytype(msg) != V_CMP_PKIBODY_GENM) goto err; + + if (!CMP_ITAV_stack_item_push0( &msg->body->value.genm, itav)) + goto err; + return 1; +err: + return 0; + } + +/* ############################################################################ * + * push given itav to given stack + * + * @itav: a pointer to the infoTypeAndValue item to push on the stack. + * If NULL it will only made sure the stack exists, that might be + * needed for creating an empty general message + * + * returns 1 on success, 0 on error + * ############################################################################ */ +int CMP_ITAV_stack_item_push0(STACK_OF(CMP_INFOTYPEANDVALUE) **itav_sk_p, const CMP_INFOTYPEANDVALUE *itav) + { + int created = 0; + + if (!itav_sk_p) goto err; + + if (!*itav_sk_p) + { + /* not yet created */ + if (!(*itav_sk_p = sk_CMP_INFOTYPEANDVALUE_new_null())) + goto err; + created = 1; + } + if (itav) + { + if (!sk_CMP_INFOTYPEANDVALUE_push(*itav_sk_p, itav)) goto err; + } + return 1; +err: + if (created) + { + sk_CMP_INFOTYPEANDVALUE_pop_free(*itav_sk_p, CMP_INFOTYPEANDVALUE_free); + *itav_sk_p = NULL; + } + return 0; +} + +/* ############################################################################ * + * returns the PKIStatus of the given PKIStatusInfo + * returns -1 on error + * ############################################################################ */ +long CMP_PKISTATUSINFO_PKIstatus_get( CMP_PKISTATUSINFO *statusInfo) + { + if (!statusInfo) return -1; + if (!statusInfo->status) return -1; + return ASN1_INTEGER_get(statusInfo->status); + } + +/* ############################################################################ * + * internal function + * + * convert PKIstatus to human readable string + * + * returns pointer to character array containing a sting representing the + * PKIStatus of the given PKIStatusInfo + * returns NULL on error + * ############################################################################ */ +static char *CMP_PKISTATUSINFO_PKIstatus_get_string( CMP_PKISTATUSINFO *statusInfo) + { + long PKIstatus; + + if (!statusInfo) return 0; + + PKIstatus = CMP_PKISTATUSINFO_PKIstatus_get(statusInfo); + switch (PKIstatus) + { + case CMP_PKISTATUS_accepted: + return "PKIStatus: accepted"; + case CMP_PKISTATUS_grantedWithMods: + return "PKIStatus: granded with mods"; + case CMP_PKISTATUS_rejection: + return "PKIStatus: rejection"; + case CMP_PKISTATUS_waiting: + return "PKIStatus: waiting"; + case CMP_PKISTATUS_revocationWarning: + return "PKIStatus: revocation warning"; + case CMP_PKISTATUS_revocationNotification: + return "PKIStatus: revocation notification"; + case CMP_PKISTATUS_keyUpdateWarning: + return "PKIStatus: key update warning"; + case -1: + default: + CMPerr(CMP_F_CMP_PKISTATUSINFO_PKISTATUS_GET_STRING, CMP_R_ERROR_PARSING_PKISTATUS); + return 0; + } + return 0; + } + +/* ############################################################################ * + * internal function + * + * convert PKIstatus to human readable string + * + * returns pointer to string containing the the PKIFailureInfo + * returns NULL on error + * ############################################################################ */ +static char *CMP_PKISTATUSINFO_PKIFailureInfo_get_string( CMP_PKISTATUSINFO *statusInfo) + { + int i; + + if (!statusInfo) return 0; + for (i=0; i <= CMP_PKIFAILUREINFO_MAX; i++) + { + if (ASN1_BIT_STRING_get_bit(statusInfo->failInfo, i)) + { + switch (i) + { + case CMP_PKIFAILUREINFO_badAlg: + return "PKIFailureInfo: badAlg"; + case CMP_PKIFAILUREINFO_badMessageCheck: + return "PKIFailureInfo: badMessageCheck"; + case CMP_PKIFAILUREINFO_badRequest: + return "PKIFailureInfo: badRequest"; + case CMP_PKIFAILUREINFO_badTime: + return "PKIFailureInfo: badTime"; + case CMP_PKIFAILUREINFO_badCertId: + return "PKIFailureInfo: badCertId"; + case CMP_PKIFAILUREINFO_badDataFormat: + return "PKIFailureInfo: badDataFormat"; + case CMP_PKIFAILUREINFO_wrongAuthority: + return "PKIFailureInfo: wrongAuthority"; + case CMP_PKIFAILUREINFO_incorrectData: + return "PKIFailureInfo: incorrectData"; + case CMP_PKIFAILUREINFO_missingTimeStamp: + return "PKIFailureInfo: missingTimeStamp"; + case CMP_PKIFAILUREINFO_badPOP: + return "PKIFailureInfo: badPOP"; + case CMP_PKIFAILUREINFO_certRevoked: + return "PKIFailureInfo: certRevoked"; + case CMP_PKIFAILUREINFO_certConfirmed: + return "PKIFailureInfo: certConfirmed"; + case CMP_PKIFAILUREINFO_wrongIntegrity: + return "PKIFailureInfo: wrongIntegrity"; + case CMP_PKIFAILUREINFO_badRecipientNonce: + return "PKIFailureInfo: badRecipientNonce"; + case CMP_PKIFAILUREINFO_timeNotAvailable: + return "PKIFailureInfo: timeNotAvailable"; + case CMP_PKIFAILUREINFO_unacceptedPolicy: + return "PKIFailureInfo: unacceptedPolicy"; + case CMP_PKIFAILUREINFO_unacceptedExtension: + return "PKIFailureInfo: unacceptedExtension"; + case CMP_PKIFAILUREINFO_addInfoNotAvailable: + return "PKIFailureInfo: addInfoNotAvailable"; + case CMP_PKIFAILUREINFO_badSenderNonce: + return "PKIFailureInfo: badSenderNonce"; + case CMP_PKIFAILUREINFO_badCertTemplate: + return "PKIFailureInfo: badCertTemplate"; + case CMP_PKIFAILUREINFO_signerNotTrusted: + return "PKIFailureInfo: signerNotTrusted"; + case CMP_PKIFAILUREINFO_transactionIdInUse: + return "PKIFailureInfo: transactionIdInUse"; + case CMP_PKIFAILUREINFO_unsupportedVersion: + return "PKIFailureInfo: unsupportedVersion"; + case CMP_PKIFAILUREINFO_notAuthorized: + return "PKIFailureInfo: notAuthorized"; + case CMP_PKIFAILUREINFO_systemUnavail: + return "PKIFailureInfo: systemUnavail"; + case CMP_PKIFAILUREINFO_systemFailure: + return "PKIFailureInfo: systemFailure"; + case CMP_PKIFAILUREINFO_duplicateCertReq: + return "PKIFailureInfo: duplicateCertReq"; + } + } + } + return 0; + } + +/* ############################################################################ * + * returns the PKIStatus of the given certReqId inside a Rev + * returns -1 on error + * ############################################################################ */ +long CMP_REVREPCONTENT_PKIStatus_get( CMP_REVREPCONTENT *revRep, long reqId) + { + CMP_PKISTATUSINFO *status=NULL; + if (!revRep) return -1; + + if ( (status = sk_CMP_PKISTATUSINFO_value( revRep->status, reqId)) ) + { + return CMP_PKISTATUSINFO_PKIstatus_get(status); + } + + CMPerr(CMP_F_CMP_REVREPCONTENT_PKISTATUS_GET, CMP_R_ERROR_REQID_NOT_FOUND); + return -1; + } + +/* ############################################################################ * + * returns the PKIStatus of the given certReqId inside a CertRepMessage + * returns -1 on error + * ############################################################################ */ +long CMP_CERTREPMESSAGE_PKIStatus_get( CMP_CERTREPMESSAGE *certRep, long certReqId) + { + CMP_CERTRESPONSE *certResponse=NULL; + if (!certRep) return -1; + + if ( (certResponse = CMP_CERTREPMESSAGE_certResponse_get0( certRep, certReqId)) ) + { + return CMP_PKISTATUSINFO_PKIstatus_get(certResponse->status); + } + + CMPerr(CMP_F_CMP_CERTREPMESSAGE_PKISTATUS_GET, CMP_R_ERROR_REQID_NOT_FOUND); + return -1; + } + +/* ############################################################################ * + * returns pointer to PKIFailureInfo of given certRep message + * returns NULL on error or if no matching failInfo was found + * ############################################################################ */ +CMP_PKIFAILUREINFO *CMP_CERTREPMESSAGE_PKIFailureInfo_get0(CMP_CERTREPMESSAGE *certRep, long certReqId) + { + CMP_CERTRESPONSE *certResponse=NULL; + if (!certRep) return NULL; + + if ( (certResponse = CMP_CERTREPMESSAGE_certResponse_get0( certRep, certReqId)) ) + { + if (certResponse->status) + return certResponse->status->failInfo; + } + + CMPerr(CMP_F_CMP_CERTREPMESSAGE_PKIFAILUREINFO_GET0, CMP_R_ERROR_REQID_NOT_FOUND); + return NULL; + } + +/* ############################################################################ * + * returns pointer to PKIFailureInfoString character array of given certRep message + * returns NULL on error or if no matching failInfo was found + * ############################################################################ */ +char *CMP_CERTREPMESSAGE_PKIFailureInfoString_get0(CMP_CERTREPMESSAGE *certRep, long certReqId) + { + CMP_CERTRESPONSE *certResponse=NULL; + if (!certRep) return NULL; + + if ( (certResponse = CMP_CERTREPMESSAGE_certResponse_get0( certRep, certReqId)) ) + { + if (certResponse->status) + return CMP_PKISTATUSINFO_PKIFailureInfo_get_string(certResponse->status); + } + + CMPerr(CMP_F_CMP_CERTREPMESSAGE_PKIFAILUREINFOSTRING_GET0, CMP_R_ERROR_REQID_NOT_FOUND); + return NULL; + } + +/* ############################################################################ * + * returns the status string of the given certReqId inside a CertRepMessage + * returns NULL on error + * ############################################################################ */ +STACK_OF(ASN1_UTF8STRING)* CMP_CERTREPMESSAGE_PKIStatusString_get0( CMP_CERTREPMESSAGE *certRep, long certReqId) + { + CMP_CERTRESPONSE *certResponse=NULL; + if (!certRep) return NULL; + + if ( (certResponse = CMP_CERTREPMESSAGE_certResponse_get0( certRep, certReqId)) ) + { + return certResponse->status->statusString; + } + + CMPerr(CMP_F_CMP_CERTREPMESSAGE_PKISTATUSSTRING_GET0, CMP_R_ERROR_REQID_NOT_FOUND); + return NULL; + } + +/* ############################################################################ * + * checks bits in given PKIFailureInfo + * returns 1 if a given bit is set in a PKIFailureInfo + * 0 if not set + * -1 on error + * PKIFailureInfo ::= ASN1_BIT_STRING + * ############################################################################ */ +int CMP_PKIFAILUREINFO_check( ASN1_BIT_STRING *failInfo, int codeBit) + { + if (!failInfo) return -1; + if ( (codeBit < 0) || (codeBit > CMP_PKIFAILUREINFO_MAX)) return -1; + + return ASN1_BIT_STRING_get_bit( failInfo, codeBit); + } + +/* ############################################################################ * + * returns a pointer to the CertResponse with the given certReqId inside a CertRepMessage + * returns NULL on error or if no CertResponse available + * ############################################################################ */ +CMP_CERTRESPONSE *CMP_CERTREPMESSAGE_certResponse_get0( CMP_CERTREPMESSAGE *certRep, long certReqId) + { + CMP_CERTRESPONSE *certResponse=NULL; + int certRespCount; + int i; + + if( !certRep) return NULL; + + certRespCount = sk_CMP_CERTRESPONSE_num( certRep->response); + + for( i=0; i < certRespCount; i++) + { + /* is it the right certReqId */ + if( certReqId == ASN1_INTEGER_get(sk_CMP_CERTRESPONSE_value(certRep->response,i)->certReqId) ) + { + certResponse = sk_CMP_CERTRESPONSE_value(certRep->response,i); + break; + } + } + + return certResponse; + } + +/* ############################################################################ * + * internal function + * + * returns a pointer to a copy of the Certificate with the given certReqId inside a CertRepMessage + * returns NULL on error or if no Certificate available + * ############################################################################ */ +static X509 *CMP_CERTREPMESSAGE_cert_get1( CMP_CERTREPMESSAGE *certRep, long certReqId) + { + X509 *certCopy=NULL; + CMP_CERTRESPONSE *certResponse=NULL; + + if( !certRep) return NULL; + + if ( (certResponse = CMP_CERTREPMESSAGE_certResponse_get0( certRep, certReqId)) ) + { + certCopy = X509_dup(certResponse->certifiedKeyPair->certOrEncCert->value.certificate); + } + + return certCopy; + } + +/* ############################################################################# * + * internal function + * + * Decrypts the certificate with the given certReqId inside a CertRepMessage and + * this is needed for the indirect PoP method as in section 5.2.8.2 + * + * returns a pointer to the decrypted certificate + * returns NULL on error or if no Certificate available + * ############################################################################# */ +static X509 *CMP_CERTREPMESSAGE_encCert_get1( CMP_CERTREPMESSAGE *certRep, long certReqId, EVP_PKEY *pkey) + { + CRMF_ENCRYPTEDVALUE *encCert = NULL; + X509 *cert = NULL; /* decrypted certificate */ + EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */ + unsigned char *ek = NULL; /* decrypted symmetric encryption key */ + const EVP_CIPHER *cipher = NULL; /* used cipher */ + unsigned char *iv = NULL; /* initial vector for symmetric encryption */ + unsigned char *outbuf = NULL; /* decryption output buffer */ + const unsigned char *p = NULL; /* needed for decoding ASN1 */ + int symmAlg = 0; /* NIDs for symmetric algorithm */ + int n, outlen = 0; + EVP_PKEY_CTX *pkctx = NULL; /* private key context */ + CMP_CERTRESPONSE *certResponse = NULL; + + if ( !(certResponse = CMP_CERTREPMESSAGE_certResponse_get0( certRep, certReqId)) ) + goto err; + + if ( !(encCert = certResponse->certifiedKeyPair->certOrEncCert->value.encryptedCert)) + goto err; + + if ( !(symmAlg = OBJ_obj2nid(encCert->symmAlg->algorithm))) + goto err; + + /* first the symmetric key needs to be decrypted */ + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) && EVP_PKEY_decrypt_init(pkctx)) + { + ASN1_BIT_STRING *encKey = encCert->encSymmKey; + size_t eksize = 0; + + if (EVP_PKEY_decrypt(pkctx, NULL, &eksize, encKey->data, encKey->length) <= 0 + || !(ek = OPENSSL_malloc(eksize)) + || EVP_PKEY_decrypt(pkctx, ek, &eksize, encKey->data, encKey->length) <= 0) + { + CMPerr(CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1, CMP_R_ERROR_DECRYPTING_SYMMETRIC_KEY); + goto err; + } + EVP_PKEY_CTX_free(pkctx); + } + else { + CMPerr(CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1, CMP_R_ERROR_DECRYPTING_KEY); + goto err; + } + + /* select symmetric cipher based on algorithm given in message */ + if (!(cipher = EVP_get_cipherbynid(symmAlg))) + { + CMPerr(CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1, CMP_R_UNSUPPORTED_CIPHER); + goto err; + } + if (!(iv = OPENSSL_malloc(cipher->iv_len))) goto err; + ASN1_TYPE_get_octetstring(encCert->symmAlg->parameter, iv, cipher->iv_len); + + /* d2i_X509 changes the given pointer, so use p for decoding the message and keep the + * original pointer in outbuf so that the memory can be freed later */ + if (!(p = outbuf = OPENSSL_malloc(encCert->encValue->length + cipher->block_size))) goto err; + evp_ctx = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_set_padding(evp_ctx, 0); + + if (!EVP_DecryptInit(evp_ctx, cipher, ek, iv) + || !EVP_DecryptUpdate(evp_ctx, outbuf, &outlen, encCert->encValue->data, encCert->encValue->length) + || !EVP_DecryptFinal(evp_ctx, outbuf+outlen, &n)) + { + CMPerr(CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1, CMP_R_ERROR_DECRYPTING_CERTIFICATE); + goto err; + } + outlen += n; + + /* convert decrypted certificate from DER to internal ASN.1 structure */ + if (!(cert = d2i_X509(NULL, &p, outlen))) + { + CMPerr(CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1, CMP_R_ERROR_DECODING_CERTIFICATE); + goto err; + } + + OPENSSL_free(outbuf); + EVP_CIPHER_CTX_free(evp_ctx); + OPENSSL_free(ek); + OPENSSL_free(iv); + return cert; +err: + CMPerr(CMP_F_CMP_CERTREPMESSAGE_ENCCERT_GET1, CMP_R_ERROR_DECRYPTING_ENCCERT); + if (outbuf) OPENSSL_free(outbuf); + if (evp_ctx) EVP_CIPHER_CTX_free(evp_ctx); + if (ek) OPENSSL_free(ek); + if (iv) OPENSSL_free(iv); + return NULL; + } + +/* ############################################################################ * + * returns the type of the certificate contained in the certificate response + * returns -1 on errror + * ############################################################################ */ +int CMP_CERTREPMESSAGE_certType_get( CMP_CERTREPMESSAGE *certRep, long certReqId) + { + CMP_CERTRESPONSE *certResponse=NULL; + + if( !certRep) return -1; + if( !(certResponse = CMP_CERTREPMESSAGE_certResponse_get0( certRep, certReqId)) ) + return -1; + + return certResponse->certifiedKeyPair->certOrEncCert->type; + } + +/* ############################################################################ * + * returns 1 on success + * returns 0 on error + * ############################################################################ */ +int CMP_PKIMESSAGE_set_bodytype( CMP_PKIMESSAGE *msg, int type) + { + if( !msg) return 0; + + msg->body->type = type; + + return 1; + } + +/* ############################################################################ * + * returns the body type of the given CMP message + * returns -1 on error + * ############################################################################ */ +int CMP_PKIMESSAGE_get_bodytype( CMP_PKIMESSAGE *msg) + { + if( !msg) return -1; + + return msg->body->type; + } + +/* ############################################################################ * + * return pointer to human readable error message string created out of the + * information extracted from given error message + * returns NULL on error + * ############################################################################ */ +char *CMP_PKIMESSAGE_parse_error_msg( CMP_PKIMESSAGE *msg, char *errormsg, int bufsize) + { + char *status, *failureinfo; + + if( !msg) return NULL; + if( CMP_PKIMESSAGE_get_bodytype(msg) != V_CMP_PKIBODY_ERROR) return NULL; + + status = CMP_PKISTATUSINFO_PKIstatus_get_string(msg->body->value.error->pKIStatusInfo); + if (!status) + { + CMPerr(CMP_F_CMP_PKIMESSAGE_PARSE_ERROR_MSG, CMP_R_ERROR_PARSING_ERROR_MESSAGE); + return NULL; + } + + /* PKIFailureInfo is optional */ + failureinfo = CMP_PKISTATUSINFO_PKIFailureInfo_get_string(msg->body->value.error->pKIStatusInfo); + + STACK_OF(ASN1_UTF8STRING) *details = msg->body->value.error->pKIStatusInfo->statusString; + ASN1_UTF8STRING *str = 0; + if (details && sk_ASN1_UTF8STRING_num(details) > 0) + str = sk_ASN1_UTF8STRING_value(details, 0); + + if (failureinfo && str && str->data) { + BIO_snprintf(errormsg, bufsize, "%s, %s: %s", status, failureinfo, + str->data); + } + else if (failureinfo) + BIO_snprintf(errormsg, bufsize, "%s, %s", status, failureinfo); + else + BIO_snprintf(errormsg, bufsize, "%s", status); + + return errormsg; + } + +/* ############################################################################ * + * Retrieve the returned certificate from the given certrepmessage. + * returns NULL if not found + * TODO: create another function handing multiple certreps when 2 certificates + * had been requested + * ############################################################################ */ +X509 *CMP_CERTREPMESSAGE_get_certificate(CMP_CTX *ctx, CMP_CERTREPMESSAGE *certrep) + { + X509 *newClCert = NULL; + int repNum = 0; + + /* Get the certReqId of the first certresponse. Need to do it this way instead + * of just using certReqId==0, because in error cases the server might reply with a certReqId + * of -1... */ + if (sk_CMP_CERTRESPONSE_num(certrep->response) > 0) + repNum = ASN1_INTEGER_get(sk_CMP_CERTRESPONSE_value(certrep->response, 0)->certReqId); + + CMP_CTX_set_failInfoCode(ctx, CMP_CERTREPMESSAGE_PKIFailureInfo_get0(certrep, repNum)); + + ctx->lastPKIStatus = CMP_CERTREPMESSAGE_PKIStatus_get( certrep, repNum); + switch (ctx->lastPKIStatus) + { + case CMP_PKISTATUS_waiting: + goto err; + break; + + case CMP_PKISTATUS_grantedWithMods: + CMP_printf( ctx, "WARNING: got \"grantedWithMods\""); + + case CMP_PKISTATUS_accepted: + /* if we received a certificate then place it to ctx->newClCert and return, + * if the cert is encrypted then we first decrypt it. */ + switch (CMP_CERTREPMESSAGE_certType_get(certrep, repNum)) + { + case CMP_CERTORENCCERT_CERTIFICATE: + if( !(newClCert = CMP_CERTREPMESSAGE_cert_get1(certrep,repNum))) + { + CMPerr(CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE, CMP_R_CERTIFICATE_NOT_FOUND); + goto err; + } + break; + /* certificate encrypted for PoP using indirect method according to section 5.2.8.2 */ + case CMP_CERTORENCCERT_ENCRYPTEDCERT: + if( !(newClCert = CMP_CERTREPMESSAGE_encCert_get1(certrep,repNum,ctx->newPkey))) + { + CMPerr(CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE, CMP_R_CERTIFICATE_NOT_FOUND); + goto err; + } + break; + default: + CMPerr(CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE, CMP_R_UNKNOWN_CERTTYPE); + goto err; + } + break; + + /* get all information in case of a rejection before going to error */ + case CMP_PKISTATUS_rejection: { + char *failInfoString = NULL; + char *statusString = NULL; + int statusLen = 0; + ASN1_UTF8STRING *status = NULL; + STACK_OF(ASN1_UTF8STRING) *strstack = CMP_CERTREPMESSAGE_PKIStatusString_get0(certrep, repNum); + + CMPerr(CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE, CMP_R_REQUEST_REJECTED_BY_CA); + + failInfoString = CMP_CERTREPMESSAGE_PKIFailureInfoString_get0(certrep, repNum); + if (failInfoString) + /* initialize status string with human readable failure info */ + statusString = OPENSSL_strdup(failInfoString); + else + statusString = OPENSSL_strdup(""); + + statusLen = strlen(statusString)+18; + statusString = OPENSSL_realloc(statusString, statusLen); + strcat(statusString, ", statusString: \""); /* length = 17 */ + + while ((status = sk_ASN1_UTF8STRING_pop(strstack))) + { + statusLen += strlen((char*)status->data)+1; + statusString = OPENSSL_realloc(statusString, statusLen); + if (!statusString) goto err; + strcat(statusString, (char*)status->data); + strcat(statusString, " "); + } + + strcat(statusString, "\""); + ERR_add_error_data(1, statusString); + + goto err; + break; + } + + case CMP_PKISTATUS_revocationWarning: + case CMP_PKISTATUS_revocationNotification: + case CMP_PKISTATUS_keyUpdateWarning: + CMPerr(CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE, CMP_R_NO_CERTIFICATE_RECEIVED); + goto err; + break; + + default: { + STACK_OF(ASN1_UTF8STRING) *strstack = CMP_CERTREPMESSAGE_PKIStatusString_get0(certrep, 0); + ASN1_UTF8STRING *status = NULL; + + CMPerr(CMP_F_CMP_CERTREPMESSAGE_GET_CERTIFICATE, CMP_R_UNKNOWN_PKISTATUS); + while ((status = sk_ASN1_UTF8STRING_pop(strstack))) + ERR_add_error_data(3, "statusString=\"", status->data, "\""); + + CMP_printf( ctx, "ERROR: unknown pkistatus %ld", CMP_CERTREPMESSAGE_PKIStatus_get( certrep, repNum)); + goto err; + break; + } + } + + return newClCert; +err: + return NULL; + } + +/* ################################################################ * + * Builds up the certificate chain of cert as high up as possible using + * the given X509_STORE containing all possible intermediate certificates and + * optionally the (possible) trust anchor(s). + * + * Intended use of this function is to find all the certificates below the trust + * anchor needed to verify an EE's own certificate. Those are supposed to be + * included in the ExtraCerts field of every first sent message of an tansaction + * when MSG_SIG_ALG is utilized. + * + * NOTE: This creates duplicates of each certificate, + * so when the stack is no longer needed it should be freed with + * sk_X509_pop_free() + * NOTE: in case there are more than one possibilities for certificates up the + * chain, OpenSSL seems to take the first one, check X509_verify_cert() for + * details. + * + * returns a pointer to a stack of (duplicated) X509 certificates containing: + * - the EE certificate given in the function arguments (cert) + * - all intermediate certificates up the chain towards the trust anchor + * - the trust anchor if it was included in the store + * returns NULL on error + * ################################################################ */ +STACK_OF(X509) *CMP_build_cert_chain(X509_STORE *store, X509 *cert) + { + STACK_OF(X509) *chain = NULL, *chainDup = NULL; + X509_STORE_CTX *csc = NULL; + int i=0; + + if (!store || !cert) goto err; + + csc = X509_STORE_CTX_new(); + if (!csc) goto err; + + /* chainDup to store the duplicated certificates */ + chainDup = sk_X509_new_null(); + if (!chainDup) goto err; + + X509_STORE_set_flags(store, 0); /* clear all flags, e.g. do not check CRLs */ + if(!X509_STORE_CTX_init(csc,store,cert,NULL)) + goto err; + + X509_verify_cert(csc); /* ignore return value as it would fail without trust anchor given in store */ + + chain = X509_STORE_CTX_get_chain(csc); + for (i = 0; i < sk_X509_num(chain); i++) + { + X509 *certDup = X509_dup( sk_X509_value(chain, i) ); + sk_X509_push(chainDup, certDup); + } + + X509_STORE_CTX_free(csc); + + return chainDup; + +err: + if (csc) X509_STORE_CTX_free(csc); + if (chainDup) sk_X509_free(chainDup); + return NULL; + } + +/* ############################################################################ + * this function is inteded to be used only within the CMP library although it is + * included in cmp.h + * + * Returns the subject key identifier of the given certificate + * returns NULL on error, respecively when none was found. + * ############################################################################ */ +ASN1_OCTET_STRING *CMP_get_cert_subject_key_id(const X509 *cert) + { + unsigned char *subjKeyIDStrDer = NULL; + X509_EXTENSION *ex = NULL; + int subjKeyIDLoc = -1; + + if(!cert) goto err; + + subjKeyIDLoc = X509_get_ext_by_NID( (X509*) cert, NID_subject_key_identifier, -1); + if (subjKeyIDLoc == -1) goto err; + + /* found a subject key ID */ + if(!(ex = sk_X509_EXTENSION_value( cert->cert_info->extensions, subjKeyIDLoc))) goto err; + + subjKeyIDStrDer = ex->value->data; + return d2i_ASN1_OCTET_STRING( NULL, (const unsigned char **) &subjKeyIDStrDer, ex->value->length); +err: + return NULL; + } Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_msg.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_msg.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_msg.c (revision 764) @@ -0,0 +1,533 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ +/* crypto/cmp/cmp_msg.c + * Functions for creating CMP (RFC 4210) messages for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2014 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include + +/* ############################################################################ + * Takes a stack of GENERAL_NAMEs and adds them to the given extension stack. + * this is used to setting subject alternate names to a certTemplate + * + * returns 1 on success, 0 on error + * ############################################################################ */ +static int add_altname_extensions(X509_EXTENSIONS **extensions, STACK_OF(GENERAL_NAME) *altnames, int critical) + { + X509_EXTENSION *ext = NULL; + unsigned char *der = NULL; + int derlen = 0; + ASN1_OCTET_STRING *str = NULL;; + + if(!extensions) goto err; + if(!altnames) goto err; + + if(!(str = ASN1_OCTET_STRING_new())) goto err; + + if(!(ASN1_seq_pack_GENERAL_NAME(altnames, i2d_GENERAL_NAME, &der, &derlen))) goto err; + + if(!ASN1_STRING_set(str, der, derlen)) goto err; + if(!X509_EXTENSION_create_by_NID(&ext, NID_subject_alt_name, critical, str)) goto err; + + ASN1_OCTET_STRING_free(str); + OPENSSL_free(der); + + if(!X509v3_add_ext(extensions, ext, 0)) goto err; + + X509_EXTENSION_free(ext); + + return 1; +err: + if (ext) X509_EXTENSION_free(ext); + return 0; + } + +/* ############################################################################ + * Takes a CERTIFICATEPOLICIES structure and adds it to the given extension stack. + * this is used to setting certificate policy OIDs to a certTemplate + * + * returns 1 on success, 0 on error + * ############################################################################ */ +static int add_policy_extensions(X509_EXTENSIONS **extensions, CERTIFICATEPOLICIES *policies) + { + X509_EXTENSION *ext = NULL; + unsigned char *der = NULL; + int derlen = 0; + ASN1_OCTET_STRING *str = NULL; + + if(!extensions || !policies) goto err; + + if(!(str = ASN1_OCTET_STRING_new())) goto err; + + derlen = i2d_CERTIFICATEPOLICIES(policies, &der); + if(!ASN1_STRING_set(str, der, derlen)) goto err; + if(!X509_EXTENSION_create_by_NID(&ext, NID_certificate_policies, 1, str)) goto err; + + ASN1_OCTET_STRING_free(str); + OPENSSL_free(der); + + if(!X509v3_add_ext(extensions, ext, 0)) goto err; + + X509_EXTENSION_free(ext); + + return 1; +err: + if (ext) X509_EXTENSION_free(ext); + return 0; + } + +/* ############################################################################ + * Adds the certificates to the extraCerts fields in the given message. For + * this it tries to build the certificate chain of our client cert (ctx->clCert) + * by using certificates in ctx->untrusted_store. If no untrusted store is set, + * it will at least place the client certificate into extraCerts. + * Additionally all the certificates explicitly specified to be sent out + * (i.e. ctx->extraCertsOut) are added to the stack. + * + * Note: it will NOT put the trust anchor in the extraCerts - unless it would be + * in the untrusted store. + * + * returns 1 on success, 0 on error + * ############################################################################ */ +static int add_extraCerts(CMP_CTX *ctx, CMP_PKIMESSAGE *msg) + { + int i; + + if (!ctx) goto err; + if (!msg) goto err; + if (!msg->extraCerts && !(msg->extraCerts = sk_X509_new_null())) goto err; + + /* add any additional certificates from ctx->extraCertsOut */ + for (i = 0; i < sk_X509_num(ctx->extraCertsOut); i++) + sk_X509_push(msg->extraCerts, X509_dup(sk_X509_value(ctx->extraCertsOut, i))); + + if (ctx->clCert) + { + /* if we have untrusted store, try to add all the intermediate certs and our own */ + if (ctx->untrusted_store) + { + STACK_OF(X509) *chain = CMP_build_cert_chain(ctx->untrusted_store, ctx->clCert); + int i; + for(i = 0; i < sk_X509_num(chain); i++) + { + X509 *cert = sk_X509_value(chain, i); + sk_X509_push(msg->extraCerts, cert); + } + sk_X509_free(chain); /* only frees the stack, not the content */ + } else { + /* Make sure that at least our own cert gets sent */ + sk_X509_push(msg->extraCerts, X509_dup(ctx->clCert)); + } + } + + return 1; + +err: + return 0; + } + +/* ############################################################################ * + * Creates a new polling request PKIMessage for the given request ID + * returns a pointer to the PKIMessage on success, NULL on error + * ############################################################################ */ +CMP_PKIMESSAGE * CMP_pollReq_new( CMP_CTX *ctx, int reqId) + { + CMP_PKIMESSAGE *msg = NULL; + CMP_POLLREQ *preq = NULL; + if (!ctx) goto err; + + if (!(msg = CMP_PKIMESSAGE_new())) goto err; + if( !CMP_PKIHEADER_init( ctx, msg->header)) goto err; + CMP_PKIMESSAGE_set_bodytype( msg, V_CMP_PKIBODY_POLLREQ); + + if(!(preq = CMP_POLLREQ_new())) goto err; + /* TODO support multiple cert request ids to poll */ + ASN1_INTEGER_set(preq->certReqId, reqId); + if (!(msg->body->value.pollReq = sk_CMP_POLLREQ_new_null())) + goto err; + + sk_CMP_POLLREQ_push(msg->body->value.pollReq, preq); + + if(!CMP_PKIMESSAGE_protect(ctx, msg)) goto err; + + return msg; +err: + CMPerr(CMP_F_CMP_POLLREQ_NEW, CMP_R_ERROR_CREATING_POLLREQ); + if (msg) CMP_PKIMESSAGE_free(msg); + return NULL; + } + +/* ############################################################################ * + * Create a new Initial Request PKIMessage based on the settings in given ctx + * returns a pointer to the PKIMessage on success, NULL on error + * ############################################################################ */ +CMP_PKIMESSAGE * CMP_ir_new( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *msg=NULL; + CRMF_CERTREQMSG *certReq0=NULL; + X509_EXTENSIONS *extensions = NULL; + X509_NAME *subject=NULL; + + if (!ctx) goto err; + + /* for authentication we need either a reference value/secret or external identity certificate (E.7) and private key */ + if (!((ctx->referenceValue && ctx->secretValue) || (ctx->pkey && ctx->clCert))) goto err; + + /* new key pair for new Certificate must be set */ + if (!ctx->newPkey) goto err; + + if (!(msg = CMP_PKIMESSAGE_new())) goto err; + if (!CMP_PKIHEADER_init( ctx, msg->header)) goto err; + + if (ctx->implicitConfirm) + if (! CMP_PKIMESSAGE_set_implicitConfirm(msg)) goto err; + CMP_PKIMESSAGE_set_bodytype( msg, V_CMP_PKIBODY_IR); + + if (ctx->subjectName) + subject = ctx->subjectName; + else if (ctx->clCert && sk_GENERAL_NAME_num(ctx->subjectAltNames) <= 0) + /* get subject name from existing certificate (E.7) */ + subject = X509_get_subject_name(ctx->clCert); + else + subject = NULL; + + if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0) + /* According to RFC5280, subjectAltName MUST be critical if subject is null */ + add_altname_extensions(&extensions, ctx->subjectAltNames, ctx->setSubjectAltNameCritical || subject == NULL); + + if (ctx->policies) + add_policy_extensions(&extensions, ctx->policies); + + if (!(msg->body->value.ir = sk_CRMF_CERTREQMSG_new_null())) goto err; + if (!(certReq0 = CRMF_cr_new(0L, ctx->newPkey, subject, extensions))) goto err; + sk_CRMF_CERTREQMSG_push( msg->body->value.ir, certReq0); + /* TODO: here also the optional 2nd certreqmsg could be pushed to the stack */ + + /* sets the id-regCtrl-regToken to regInfo (not described in RFC, but EJBCA + * in CA mode might insist on that) */ + if (ctx->regToken) + if (!CRMF_CERTREQMSG_set1_regInfo_regToken(certReq0, ctx->regToken)) goto err; + + CRMF_CERTREQMSG_calc_and_set_popo( certReq0, ctx->newPkey, ctx->popoMethod); + + add_extraCerts(ctx, msg); + if (!CMP_PKIMESSAGE_protect(ctx, msg)) goto err; + + /* cleanup */ + if (extensions) sk_X509_EXTENSION_pop_free(extensions, X509_EXTENSION_free); + + return msg; + +err: + CMPerr(CMP_F_CMP_IR_NEW, CMP_R_ERROR_CREATING_IR); + if (extensions) sk_X509_EXTENSION_pop_free(extensions, X509_EXTENSION_free); + if (msg) CMP_PKIMESSAGE_free(msg); + return NULL; + } + +/* ############################################################################ * + * Creates a new Revocation Request PKIMessage based on the settings in ctx + * returns a pointer to the PKIMessage on success, NULL on error + * ############################################################################ */ +CMP_PKIMESSAGE * CMP_rr_new( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *msg=NULL; + CRMF_CERTTEMPLATE *certTpl=NULL; + X509_NAME *subject=NULL; + CMP_REVDETAILS *rd=NULL; + + if (!ctx) goto err; + if (!ctx->clCert) goto err; + if (!ctx->pkey) goto err; + + if (!(msg = CMP_PKIMESSAGE_new())) goto err; + if (!CMP_PKIHEADER_init( ctx, msg->header)) goto err; + CMP_PKIMESSAGE_set_bodytype( msg, V_CMP_PKIBODY_RR); + + if (!(msg->body->value.rr = sk_CMP_REVDETAILS_new_null())) goto err; + if (!(rd = CMP_REVDETAILS_new())) goto err; + sk_CMP_REVDETAILS_push( msg->body->value.rr, rd); + + if (!(certTpl = CRMF_CERTTEMPLATE_new())) goto err; + rd->certDetails = certTpl; + + /* Set the subject from the previous certificate */ + if (!(subject = X509_get_subject_name(ctx->clCert))) goto err; + X509_NAME_set(&certTpl->subject, subject); + X509_PUBKEY_set(&certTpl->publicKey, ctx->pkey); + if (!(certTpl->serialNumber = ASN1_INTEGER_dup(ctx->clCert->cert_info->serialNumber))) goto err; + X509_NAME_set(&certTpl->issuer, ctx->clCert->cert_info->issuer); + + /* TODO: the Revocation Passphrase according to section 5.3.19.9 could be set here if set in ctx */ + + if(!CMP_PKIMESSAGE_protect(ctx, msg)) goto err; + + return msg; + +err: + CMPerr(CMP_F_CMP_RR_NEW, CMP_R_ERROR_CREATING_RR); + if (msg) CMP_PKIMESSAGE_free(msg); + + return NULL; + } + +/* ############################################################################ * + * Creates a new Certificate Request PKIMessage based on the settings in ctx + * returns a pointer to the PKIMessage on success, NULL on error + * ############################################################################ */ +CMP_PKIMESSAGE * CMP_cr_new( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *msg=NULL; + CRMF_CERTREQMSG *certReq0=NULL; + X509_NAME *subject=NULL; + + if (!ctx) goto err; + /* for authentication we need either a reference value/secret for MSG_MAC_ALG + * or existing certificate and private key for MSG_SIG_ALG */ + if (!((ctx->referenceValue && ctx->secretValue) || (ctx->pkey && ctx->clCert))) goto err; + if (!ctx->pkey) goto err; + + if (ctx->subjectName) + subject = ctx->subjectName; + else if (ctx->clCert) /* get subject name from existing certificate */ + subject = X509_get_subject_name(ctx->clCert); + else + goto err; + + if (!(msg = CMP_PKIMESSAGE_new())) goto err; + if (!CMP_PKIHEADER_init( ctx, msg->header)) goto err; + if (ctx->implicitConfirm) + if (! CMP_PKIMESSAGE_set_implicitConfirm(msg)) goto err; + CMP_PKIMESSAGE_set_bodytype( msg, V_CMP_PKIBODY_CR); + + if (!(msg->body->value.cr = sk_CRMF_CERTREQMSG_new_null())) goto err; + if (!(certReq0 = CRMF_cr_new(0L, ctx->pkey, subject, NULL))) goto err; + sk_CRMF_CERTREQMSG_push( msg->body->value.cr, certReq0); + /* TODO: here also the optional 2nd certreqmsg could be pushed to the stack */ + + CRMF_CERTREQMSG_calc_and_set_popo( certReq0, ctx->pkey, ctx->popoMethod); + + add_extraCerts(ctx, msg); + if (!CMP_PKIMESSAGE_protect(ctx, msg)) goto err; + + return msg; + +err: + CMPerr(CMP_F_CMP_CR_NEW, CMP_R_ERROR_CREATING_CR); + if (msg) CMP_PKIMESSAGE_free(msg); + return NULL; + } + +/* ############################################################################ * + * Creates a new Key Update Request PKIMessage based on the settings in ctx + * returns a pointer to the PKIMessage on success, NULL on error + * TODO: the differentiation between certificate used to sign the CMP messages + * and the certificate to update should be improved - so far only the clCert + * could be updated + * ############################################################################ */ +CMP_PKIMESSAGE * CMP_kur_new( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *msg=NULL; + CRMF_CERTREQMSG *certReq0=NULL; + X509_EXTENSIONS *extensions = NULL; + X509_NAME *subject=NULL; + + if (!ctx) goto err; + /* for authentication we need either a reference value/secret for MSG_MAC_ALG + * or existing certificate and private key for MSG_SIG_ALG */ + if (!((ctx->referenceValue && ctx->secretValue) || (ctx->pkey && ctx->clCert))) goto err; + if (!ctx->newPkey) goto err; + + if (!(msg = CMP_PKIMESSAGE_new())) goto err; + if (!CMP_PKIHEADER_init( ctx, msg->header)) goto err; + if (ctx->implicitConfirm) + if (! CMP_PKIMESSAGE_set_implicitConfirm( msg)) goto err; + CMP_PKIMESSAGE_set_bodytype( msg, V_CMP_PKIBODY_KUR); + + if (ctx->subjectName) + subject = ctx->subjectName; + else + subject = X509_get_subject_name( (X509*) ctx->clCert); /* TODO: from certificate to be renewed */ + + if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0) + /* According to RFC5280, subjectAltName MUST be critical if subject is null */ + add_altname_extensions(&extensions, ctx->subjectAltNames, ctx->setSubjectAltNameCritical || subject == NULL); + + if (ctx->policies) + add_policy_extensions(&extensions, ctx->policies); + + if (!(msg->body->value.kur = sk_CRMF_CERTREQMSG_new_null())) goto err; + if (!(certReq0 = CRMF_cr_new(0L, ctx->newPkey, subject, extensions))) goto err; + sk_CRMF_CERTREQMSG_push( msg->body->value.kur, certReq0); + /* TODO: here also the optional 2nd certreqmsg could be pushed to the stack */ + + /* setting OldCertId according to D.6: + 7. regCtrl OldCertId SHOULD be used */ + + if (ctx->oldClCert) + CRMF_CERTREQMSG_set1_control_oldCertId( certReq0, ctx->oldClCert); + else + CRMF_CERTREQMSG_set1_control_oldCertId( certReq0, ctx->clCert); + + + CRMF_CERTREQMSG_calc_and_set_popo( certReq0, ctx->newPkey, ctx->popoMethod); + + add_extraCerts(ctx, msg); + if (!CMP_PKIMESSAGE_protect(ctx, msg)) goto err; + + if (extensions) sk_X509_EXTENSION_pop_free(extensions, X509_EXTENSION_free); + + return msg; + +err: + CMPerr(CMP_F_CMP_KUR_NEW, CMP_R_ERROR_CREATING_KUR); + if (msg) CMP_PKIMESSAGE_free(msg); + if (extensions) sk_X509_EXTENSION_pop_free(extensions, X509_EXTENSION_free); + return NULL; + } + +/* ############################################################################ * + * Creates a new Certificate Confirmation PKIMessage + * returns a pointer to the PKIMessage on success, NULL on error + * TODO: handle both possible certificates when signing and encrypting + * certificates have been requested/received + * ############################################################################ */ +CMP_PKIMESSAGE * CMP_certConf_new( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *msg=NULL; + CMP_CERTSTATUS *certStatus=NULL; + + if (!ctx) goto err; + /* for authentication we need either a reference value/secret for MSG_MAC_ALG + * or existing certificate and private key for MSG_SIG_ALG */ + if (!((ctx->referenceValue && ctx->secretValue) || (ctx->pkey && ctx->clCert))) goto err; + if (!ctx->newClCert) goto err; /* in this case we wouldn't have received a certificate */ + + if (!(msg = CMP_PKIMESSAGE_new())) goto err; + if (!CMP_PKIHEADER_init( ctx, msg->header)) goto err; + CMP_PKIMESSAGE_set_bodytype( msg, V_CMP_PKIBODY_CERTCONF); + if (!(msg->body->value.certConf = sk_CMP_CERTSTATUS_new_null())) goto err; + + if (!(certStatus = CMP_CERTSTATUS_new())) goto err; + if (!sk_CMP_CERTSTATUS_push( msg->body->value.certConf, certStatus)) goto err; + /* set the # of the certReq */ + ASN1_INTEGER_set(certStatus->certReqId,0L); + /* -- the hash of the certificate, using the same hash algorithm + * -- as is used to create and verify the certificate signature */ + CMP_CERTSTATUS_set_certHash( certStatus, ctx->newClCert); + + /* execute the callback function set in ctx which can be used to examine a + * certificate and reject it */ + if (ctx->certConf_cb && ctx->newClCert && ctx->certConf_cb(ctx->lastPKIStatus, ctx->newClCert) == 0) + { + certStatus->statusInfo = CMP_PKISTATUSINFO_new(); + ASN1_INTEGER_set(certStatus->statusInfo->status, CMP_PKISTATUS_rejection); + CMP_printf(ctx, "INFO: rejecting certificate."); + } + + if (!CMP_PKIMESSAGE_protect(ctx, msg)) goto err; + + return msg; + +err: + CMPerr(CMP_F_CMP_CERTCONF_NEW, CMP_R_ERROR_CREATING_CERTCONF); + if (msg) CMP_PKIMESSAGE_free(msg); + + return NULL; + } + +/* ############################################################################ * + * Creates a new General Message with an empty itav stack + * returns a pointer to the PKIMessage on success, NULL on error + * ############################################################################ */ +CMP_PKIMESSAGE *CMP_genm_new( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *msg=NULL; + + if (!ctx) goto err; + + if (!(msg = CMP_PKIMESSAGE_new())) goto err; + if (!CMP_PKIHEADER_init( ctx, msg->header)) goto err; + CMP_PKIMESSAGE_set_bodytype( msg, V_CMP_PKIBODY_GENM); + if (!(msg->body->value.genm = sk_CMP_INFOTYPEANDVALUE_new_null())) goto err; /* initialize with empty stack */ + + if (!CMP_PKIMESSAGE_protect(ctx, msg)) goto err; + + return msg; + +err: + CMPerr(CMP_F_CMP_GENM_NEW, CMP_R_ERROR_CREATING_GENM); + if (msg) CMP_PKIMESSAGE_free(msg); + return NULL; + } + Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_ses.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_ses.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_ses.c (revision 764) @@ -0,0 +1,866 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ + /* crypto/cmp/cmp_ses.c + * Functions to do CMP (RFC 4210) message sequences for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#include + +#include +#include +#include +#include +#include +#include + +#include + +/* XXX this is here to fool the openssl perl script that checks errors codes strictly + * without func() the macro below would cause the script to complain */ +#if 0 +static void func() { } +#endif +/* adds connection error information to OpenSSL error queue */ +#define ADD_HTTP_ERROR_INFO(cmp_f_func, errcode, msg)\ + if (ERR_GET_REASON(ERR_peek_last_error()) != CMP_R_NULL_ARGUMENT\ + && ERR_GET_REASON(ERR_peek_last_error()) != CMP_R_SERVER_NOT_REACHABLE)\ + CMPerr(cmp_f_func, errcode);\ + else\ + add_error_data("unable to send "msg); + +/* ############################################################################ * + * table used to translate PKIMessage body type number into a printable string + * ############################################################################ */ +static char *V_CMP_TABLE[] = { + "IR", + "IP", + "CR", + "CP", + "P10CR", + "POPDECC", + "POPDECR", + "KUR", + "KUP", + "KRR", + "KRP", + "RR", + "RP", + "CCR", + "CCP", + "CKUANN", + "CANN", + "RANN", + "CRLANN", + "PKICONF", + "NESTED", + "GENM", + "GENP", + "ERROR", + "CERTCONF", + "POLLREQ", + "POLLREP", +}; + +#define MSG_TYPE_STR(type) \ + (((unsigned int) (type) < sizeof(V_CMP_TABLE)/sizeof(V_CMP_TABLE[0])) \ + ? V_CMP_TABLE[(unsigned int)(type)] : "unknown") + +/* ############################################################################ * + * internal function + * + * Prints error data of the given CMP_PKIMESSAGE into a buffer specified by out + * and returns pointer to the buffer. + * ############################################################################ */ +static char *PKIError_data(CMP_PKIMESSAGE *msg, char *out, int outsize) + { + char tempbuf[1024]; + switch (CMP_PKIMESSAGE_get_bodytype(msg)) + { + case V_CMP_PKIBODY_ERROR: + BIO_snprintf(out, outsize, "bodytype=%d, error=\"%s\"", + V_CMP_PKIBODY_ERROR, + CMP_PKIMESSAGE_parse_error_msg( msg, tempbuf, sizeof(tempbuf))); + break; + case -1: + BIO_snprintf(out, outsize, "received NO message"); + break; + default: + BIO_snprintf(out, outsize, "received unexpected message of type '%s'", MSG_TYPE_STR(CMP_PKIMESSAGE_get_bodytype( msg))); + break; + } + return out; + } + +/* ############################################################################ * + * internal function + * + * Adds text to the extra error data field of the last error in openssl's error + * queue. ERR_add_error_data() simply overwrites the previous contents of the error + * data, while this function can be used to add a string to the end of it. + * ############################################################################ */ +static void add_error_data(const char *txt) + { + const char *current_error=NULL; + ERR_peek_last_error_line_data(NULL, NULL, ¤t_error, NULL); + ERR_add_error_data(3, current_error, ":", txt); + } + +/* ############################################################################ * + * internal function + * + * When a 'waiting' PKIStatus has been received, this function is used to attempt + * to poll for a response message. + * + * A maxPollTime timeout can be set in the context. The function will continue + * to poll until the timeout is reached and then poll a last time even when that + * is before the "checkAfter" sent by the server. If ctx->maxPollTime is 0, the + * timeout is disabled. + * + * returns 1 on success, returns received PKIMESSAGE in *msg argument + * returns 0 on error or when timeout is reached without a received messsage + * + * TODO handle multiple pollreqs for multiple certificates + * ############################################################################ */ +static int pollForResponse(CMP_CTX *ctx, CMP_CERTREPMESSAGE *certrep, CMP_PKIMESSAGE **msg) + { + int maxTimeLeft = ctx->maxPollTime; + CMP_PKIMESSAGE *preq = NULL; + CMP_PKIMESSAGE *prep = NULL; + CMP_POLLREP *pollRep = NULL; + + CMP_printf(ctx, "INFO: Received 'waiting' PKIStatus, attempting to poll server for response."); + for (;;) + { + if(!(preq = CMP_pollReq_new(ctx, 0))) goto err; /* TODO: this only handles one certificate request so far */ + + + CMP_printf(ctx, "INFO: Sending polling request..."); + /* immediately send the first pollReq */ + if (! (CMP_PKIMESSAGE_http_perform(ctx, preq, &prep))) + { + /* set message to error stack */ + ADD_HTTP_ERROR_INFO(CMP_F_POLLFORRESPONSE, CMP_R_POLLREP_NOT_RECEIVED, "pollReq"); + goto err; + } + + /* handle potential pollRep */ + if (CMP_PKIMESSAGE_get_bodytype(prep) == V_CMP_PKIBODY_POLLREP) + { + int checkAfter; + if(!(pollRep = sk_CMP_POLLREP_value(prep->body->value.pollRep, 0))) goto err; /* TODO: this only handles one certificate request so far */ + checkAfter = ASN1_INTEGER_get(pollRep->checkAfter); + /* TODO: print OPTIONAL reason (PKIFreeText) from message */ + CMP_printf(ctx, "INFO: Received polling response, waiting checkAfter = %ld seconds before sending another polling request...", checkAfter); + + if (ctx->maxPollTime != 0) + { /* timout is set in context */ + if (maxTimeLeft == 0) goto err; /* timeout reached */ + if (maxTimeLeft > checkAfter) + { + maxTimeLeft -= checkAfter; + } + else + { + checkAfter = maxTimeLeft; /* poll a last time just when the set timeout will be reached */ + maxTimeLeft = 0; + } + } + + CMP_PKIMESSAGE_free(prep); + CMP_PKIMESSAGE_free(preq); + sleep(checkAfter); + } + else break; /* final success */ + } + if (!prep) goto err; + + CMP_PKIMESSAGE_free(preq); + *msg = prep; + + return 1; +err: + CMP_PKIMESSAGE_free(preq); + CMP_PKIMESSAGE_free(prep); + return 0; + } + +/* ############################################################################ * + * send certConf for IR, CR or KUR sequences + * returns 1 on success, 0 on error + * ############################################################################ */ +static int sendCertConf( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *certConf=NULL; + CMP_PKIMESSAGE *PKIconf=NULL; + + /* crate Certificate Confirmation - certConf */ + if (!(certConf = CMP_certConf_new(ctx))) goto err; + + CMP_printf( ctx, "INFO: Sending Certificate Confirm"); + if (! (CMP_PKIMESSAGE_http_perform(ctx, certConf, &PKIconf))) + { + ADD_HTTP_ERROR_INFO(CMP_F_SENDCERTCONF, CMP_R_PKICONF_NOT_RECEIVED, "certConf"); + goto err; + } + + /* make sure the received messagetype indicates an PKIconf message */ + if (CMP_PKIMESSAGE_get_bodytype(PKIconf) != V_CMP_PKIBODY_PKICONF) + { + char errmsg[256]; + CMPerr(CMP_F_SENDCERTCONF, CMP_R_PKIBODY_ERROR); + ERR_add_error_data(1, PKIError_data( PKIconf, errmsg, sizeof(errmsg))); + goto err; + } + + /* validate message protection */ + if (CMP_validate_msg(ctx, PKIconf)) + { + CMP_printf( ctx,"SUCCESS: validating protection of incoming message"); + } + else + { + CMPerr(CMP_F_SENDCERTCONF, CMP_R_ERROR_VALIDATING_PROTECTION); + goto err; + } + + /* compare received nonce with the one sent in certConf */ + if (PKIconf->header->recipNonce) + { + if(ASN1_OCTET_STRING_cmp(certConf->header->senderNonce, PKIconf->header->recipNonce)) + { + CMPerr(CMP_F_SENDCERTCONF, CMP_R_ERROR_NONCES_DO_NOT_MATCH); + goto err; + } + } /* it's not clear from the RFC whether recipNonce MUST be set or not */ + + CMP_PKIMESSAGE_free(certConf); + CMP_PKIMESSAGE_free(PKIconf); + return 1; +err: + if (certConf) CMP_PKIMESSAGE_free(certConf); + if (PKIconf) CMP_PKIMESSAGE_free(PKIconf); + return 0; + } + +/* ############################################################################ * + * internal function + * + * saves error information from PKIStatus field of a certrepmessage into the ctx + * TODO: in case we would get multiple certreps, this function would need to be + * extended to save the status from each one + * ############################################################################ */ +static void save_certrep_statusInfo(CMP_CTX *ctx, CMP_CERTREPMESSAGE *certrep) + { + CMP_CERTRESPONSE *resp=NULL; + int i = 0; + + if (sk_CMP_CERTRESPONSE_num(certrep->response) > 0 && + (resp = sk_CMP_CERTRESPONSE_value(certrep->response, 0)) && + resp->status != NULL) + { + CMP_CTX_set_failInfoCode(ctx, resp->status->failInfo); + ctx->lastPKIStatus = CMP_PKISTATUSINFO_PKIstatus_get(resp->status); + + if (!ctx->lastStatusString) + ctx->lastStatusString = sk_ASN1_UTF8STRING_new_null(); + + if (ctx->lastStatusString) + { + for (i = 0; i < sk_ASN1_UTF8STRING_num(resp->status->statusString); i++) + { + ASN1_UTF8STRING *str = sk_ASN1_UTF8STRING_value(resp->status->statusString, i); + sk_ASN1_UTF8STRING_push(ctx->lastStatusString, ASN1_STRING_dup(str)); + } + } + } + } + +/* ############################################################################ * + * do the full sequence for IR, including IR, IP, certConf, PKIconf and + * potential polling + * + * All options need to be set in the context. + * + * TODO: another function to request two certificates at once should be created + * + * returns pointer to received certificate, NULL if none was received + * ############################################################################ */ +X509 *CMP_doInitialRequestSeq( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *ir=NULL; + CMP_PKIMESSAGE *ip=NULL; + + /* check if all necessary options are set */ + if (!ctx || !ctx->newPkey || + /* for authentication we need either reference/secret or external + * identity certificate and private key, the server name/cert might not be + * known here yet especiallaly in case of E.7 */ + (!(ctx->referenceValue && ctx->secretValue) && /* MSG_MAC_ALG */ + !(ctx->pkey && ctx->clCert)) ) + { /* MSG_SIG_ALG for E.7 */ + CMPerr(CMP_F_CMP_DOINITIALREQUESTSEQ, CMP_R_INVALID_ARGS); + goto err; + } + + /* create Initialization Request - ir */ + if (!(ir = CMP_ir_new(ctx))) goto err; + + CMP_printf(ctx, "INFO: Sending Initialization Request"); + if (! (CMP_PKIMESSAGE_http_perform(ctx, ir, &ip))) + { + ADD_HTTP_ERROR_INFO(CMP_F_CMP_DOINITIALREQUESTSEQ, CMP_R_IP_NOT_RECEIVED, "ir"); + goto err; + } + + /* catch if the received messagetype does not indicate an IP message (e.g. error)*/ + if (CMP_PKIMESSAGE_get_bodytype(ip) != V_CMP_PKIBODY_IP) + { + char errmsg[256]; + CMPerr(CMP_F_CMP_DOINITIALREQUESTSEQ, CMP_R_PKIBODY_ERROR); + ERR_add_error_data(1, PKIError_data(ip, errmsg, sizeof(errmsg))); + goto err; + } + + save_certrep_statusInfo(ctx, ip->body->value.ip); + + /* validate message protection */ + if (CMP_validate_msg(ctx, ip)) + { + CMP_printf( ctx, "SUCCESS: validating protection of incoming message"); + } else { + CMPerr(CMP_F_CMP_DOINITIALREQUESTSEQ, CMP_R_ERROR_VALIDATING_PROTECTION); + goto err; + } + + /* compare received nonce with the one sent in IR */ + if (ip->header->recipNonce) + { + if(ASN1_OCTET_STRING_cmp(ir->header->senderNonce, ip->header->recipNonce)) + { + /* senderNonce != recipNonce (sic although there is no "!" in the if) */ + CMPerr(CMP_F_CMP_DOINITIALREQUESTSEQ, CMP_R_ERROR_NONCES_DO_NOT_MATCH); + goto err; + } + } /* it's not clear from the RFC whether recipNonce MUST be set or not */ + CMP_CTX_set1_recipNonce(ctx, ip->header->senderNonce); /* store for setting in the next msg */ + + /* make sure the PKIStatus for the *first* CERTrepmessage indicates a certificate was granted */ + /* TODO handle second CERTrepmessages if two would have sent */ + if (CMP_CERTREPMESSAGE_PKIStatus_get( ip->body->value.ip, 0) == CMP_PKISTATUS_waiting) + if (!pollForResponse(ctx, ip->body->value.ip, &ip)) + { + CMPerr(CMP_F_CMP_DOINITIALREQUESTSEQ, CMP_R_IP_NOT_RECEIVED); + ERR_add_error_data(1, "received 'waiting' pkistatus but polling failed"); + goto err; + } + + if (!(ctx->newClCert = CMP_CERTREPMESSAGE_get_certificate(ctx, ip->body->value.ip))) goto err; + + /* if the CA returned certificates in the caPubs field, copy them + * to the context so that they can be retrieved if necessary + * + * section 5.3.2: + * Note that if the PKI + * Message Protection is "shared secret information" (see Section + * 5.1.3), then any certificate transported in the caPubs field may be + * directly trusted as a root CA certificate by the initiator. */ + + if (ip->body->value.ip->caPubs) + CMP_CTX_set1_caPubs(ctx, ip->body->value.ip->caPubs); + + /* copy any received extraCerts to ctx->extraCertsIn so they can be retrieved */ + if (ip->extraCerts) + CMP_CTX_set1_extraCertsIn(ctx, ip->extraCerts); + + /* check if implicit confirm is set in generalInfo and send certConf if not */ + if (!CMP_PKIMESSAGE_check_implicitConfirm(ip)) + if (!sendCertConf(ctx)) goto err; + + CMP_PKIMESSAGE_free(ir); + CMP_PKIMESSAGE_free(ip); + return ctx->newClCert; + +err: + if (ir) CMP_PKIMESSAGE_free(ir); + if (ip) CMP_PKIMESSAGE_free(ip); + + /* print out openssl and cmp errors to error_cb if it's set */ + if (ctx&&ctx->error_cb) ERR_print_errors_cb(CMP_CTX_error_callback, (void*) ctx); + return NULL; + } + + +/* ############################################################################ * + * do the full sequence for RR, including RR, RP and potential polling + * + * All options need to be set in the context. + * + * TODO: this function can only revoke one certifcate so far, should be possible + * for several according to 5.3.9 + * TODO: this actually revokes the current clCertificate - it might be desired + * to revoke another certificate the EE posesses. + * + * The RFC is vague in which PKIStatus should be returned by the server, so we + * take "accepted, grantedWithMods, revocationWaring, revocationNotification" + * as information that the certifcate was revoked, "rejection" as information + * that the revocation was rejected and don't expect "waiting, keyUpdateWarning" + * (which are handled as error) + * + * returns according to PKIStatus received, 0 on error + * accepted (1) + * grantedWithMods (2) + * rejection (3) (this is not an error!) + * revocationWarning (5) + * revocationNotification (6) + * ############################################################################ */ +int CMP_doRevocationRequestSeq( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *rr=NULL; + CMP_PKIMESSAGE *rp=NULL; + int pkiStatus = 0; + + if (!ctx || !ctx->serverName || !ctx->pkey || + !ctx->clCert || !(ctx->srvCert || ctx->trusted_store)) + { + CMPerr(CMP_F_CMP_DOREVOCATIONREQUESTSEQ, CMP_R_INVALID_ARGS); + goto err; + } + + if (! (rr = CMP_rr_new(ctx))) goto err; + + CMP_printf( ctx, "INFO: Sending Revocation Request"); + if (! (CMP_PKIMESSAGE_http_perform(ctx, rr, &rp))) + { + ADD_HTTP_ERROR_INFO(CMP_F_CMP_DOREVOCATIONREQUESTSEQ, CMP_R_RP_NOT_RECEIVED, "rr"); + goto err; + } + + /* make sure the received messagetype indicates an RP message */ + if (CMP_PKIMESSAGE_get_bodytype( rp) != V_CMP_PKIBODY_RP) + { + char errmsg[256]; + CMPerr(CMP_F_CMP_DOREVOCATIONREQUESTSEQ, CMP_R_PKIBODY_ERROR); + ERR_add_error_data(1, PKIError_data( rp, errmsg, sizeof(errmsg))); + goto err; + } + + /* validate message protection */ + if (CMP_validate_msg(ctx, rp)) + { + CMP_printf( ctx, "SUCCESS: validating protection of incoming message"); + } + else + { + CMPerr(CMP_F_CMP_DOREVOCATIONREQUESTSEQ, CMP_R_ERROR_VALIDATING_PROTECTION); + goto err; + } + + /* compare received nonce with the one sent in RR */ + if (rp->header->recipNonce) + { + if(ASN1_OCTET_STRING_cmp(rr->header->senderNonce, rp->header->recipNonce)) + { + /* senderNonce != recipNonce (sic although there is no "!" in the if) */ + CMPerr(CMP_F_CMP_DOREVOCATIONREQUESTSEQ, CMP_R_ERROR_NONCES_DO_NOT_MATCH); + goto err; + } + } /* it's not clear from the RFC whether recipNonce MUST be set or not */ + + + /* evaluate PKIStatus field */ + switch (pkiStatus = CMP_REVREPCONTENT_PKIStatus_get( rp->body->value.rp, 0)) + { + case CMP_PKISTATUS_accepted: + CMP_printf( ctx, "INFO: revocation accepted (PKIStatus=accepted)"); + break; + case CMP_PKISTATUS_grantedWithMods: + CMP_printf( ctx, "INFO: revocation accepted (PKIStatus=grantedWithMods)"); + break; + case CMP_PKISTATUS_rejection: + CMP_printf( ctx, "INFO: revocation rejected (PKIStatus=rejection)"); + break; + case CMP_PKISTATUS_revocationWarning: + CMP_printf( ctx, "INFO: revocation accepted (PKIStatus=revocationWarning)"); + break; + case CMP_PKISTATUS_revocationNotification: + CMP_printf( ctx, "INFO: revocation accepted (PKIStatus=revocationNotification)"); + break; + case CMP_PKISTATUS_waiting: + case CMP_PKISTATUS_keyUpdateWarning: + CMPerr(CMP_F_CMP_DOREVOCATIONREQUESTSEQ, CMP_R_UNEXPECTED_PKISTATUS); + goto err; + default: + CMPerr(CMP_F_CMP_DOREVOCATIONREQUESTSEQ, CMP_R_UNKNOWN_PKISTATUS); + goto err; + } + + CMP_PKIMESSAGE_free(rr); + CMP_PKIMESSAGE_free(rp); + return (pkiStatus+1); +err: + if (ctx&&ctx->error_cb) ERR_print_errors_cb(CMP_CTX_error_callback, (void*) ctx); + if (rr) CMP_PKIMESSAGE_free(rr); + if (rp) CMP_PKIMESSAGE_free(rp); + return 0; + } + + +/* ############################################################################ * + * do the full sequence for CR, including CR, CP, certConf, PKIconf and + * potential polling + * + * All options need to be set in the context. + * + * TODO: another function to request two certificates at once should be created + * + * returns pointer to received certificate, NULL if non was received + * ############################################################################ */ +X509 *CMP_doCertificateRequestSeq( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *cr=NULL; + CMP_PKIMESSAGE *cp=NULL; + + /* check if all necessary options are set */ + if (!ctx || !ctx->pkey || + (!(ctx->referenceValue && ctx->secretValue) && /* MSG_MAC_ALG */ + !(ctx->pkey && ctx->clCert && (ctx->srvCert || ctx->trusted_store))) /* MSG_SIG_ALG */ + ) + { + CMPerr(CMP_F_CMP_DOCERTIFICATEREQUESTSEQ, CMP_R_INVALID_ARGS); + goto err; + } + + /* create Certificate Request - cr */ + if (! (cr = CMP_cr_new(ctx))) goto err; + + CMP_printf( ctx, "INFO: Sending Certificate Request"); + if (! (CMP_PKIMESSAGE_http_perform(ctx, cr, &cp))) + { + ADD_HTTP_ERROR_INFO(CMP_F_CMP_DOCERTIFICATEREQUESTSEQ, CMP_R_CP_NOT_RECEIVED, "cr"); + goto err; + } + + /* make sure the received messagetype indicates an CP message */ + if (CMP_PKIMESSAGE_get_bodytype( cp) != V_CMP_PKIBODY_CP) + { + char errmsg[256]; + CMPerr(CMP_F_CMP_DOCERTIFICATEREQUESTSEQ, CMP_R_PKIBODY_ERROR); + ERR_add_error_data(1, PKIError_data( cp, errmsg, sizeof(errmsg))); + goto err; + } + + save_certrep_statusInfo(ctx, cp->body->value.cp); + + /* validate message protection */ + if (CMP_validate_msg(ctx, cp)) + { + CMP_printf( ctx, "SUCCESS: validating protection of incoming message"); + } else { + CMPerr(CMP_F_CMP_DOCERTIFICATEREQUESTSEQ, CMP_R_ERROR_VALIDATING_PROTECTION); + goto err; + } + + /* compare received nonce with the one sent in CR */ + if (cp->header->recipNonce) + { + if(ASN1_OCTET_STRING_cmp(cr->header->senderNonce, cp->header->recipNonce)) + { + /* senderNonce != recipNonce (sic although there is no "!" in the if) */ + CMPerr(CMP_F_CMP_DOCERTIFICATEREQUESTSEQ, CMP_R_ERROR_NONCES_DO_NOT_MATCH); + goto err; + } + } /* it's not clear from the RFC whether recipNonce MUST be set or not */ + CMP_CTX_set1_recipNonce(ctx, cp->header->senderNonce); /* store for setting in the next msg */ + + /* evaluate PKIStatus field */ + if (CMP_CERTREPMESSAGE_PKIStatus_get( cp->body->value.cp, 0) == CMP_PKISTATUS_waiting) + if (!pollForResponse(ctx, cp->body->value.cp, &cp)) + { + CMPerr(CMP_F_CMP_DOCERTIFICATEREQUESTSEQ, CMP_R_CP_NOT_RECEIVED); + ERR_add_error_data(1, "received 'waiting' pkistatus but polling failed"); + goto err; + } + + if (!(ctx->newClCert = CMP_CERTREPMESSAGE_get_certificate(ctx, cp->body->value.cp))) goto err; + + /* copy any received extraCerts to ctx->etraCertsIn so they can be retrieved */ + if (cp->extraCerts) + CMP_CTX_set1_extraCertsIn(ctx, cp->extraCerts); + + /* check if implicit confirm is set in generalInfo and send certConf if not */ + if (!CMP_PKIMESSAGE_check_implicitConfirm(cp)) + if (!sendCertConf(ctx)) goto err; + + CMP_PKIMESSAGE_free(cr); + CMP_PKIMESSAGE_free(cp); + return ctx->newClCert; + +err: + if (cr) CMP_PKIMESSAGE_free(cr); + if (cp) CMP_PKIMESSAGE_free(cp); + + /* print out openssl and cmp errors to error_cb if it's set */ + if (ctx&&ctx->error_cb) ERR_print_errors_cb(CMP_CTX_error_callback, (void*) ctx); + return NULL; + } + +/* ############################################################################ * + * do the full sequence for KUR, including KUR, KUP, certConf, PKIconf and + * potential polling + * + * All options need to be set in the context. + * + * NB: the ctx->newKey can be set *by the user* as the same as the current key + * as per section 5.3.5: + * An update is a replacement + * certificate containing either a new subject public key or the current + * subject public key (although the latter practice may not be + * appropriate for some environments). + * + * TODO: another function to request two certificates at once should be created + * + * returns pointer to received certificate, NULL if non was received + * ############################################################################ */ +X509 *CMP_doKeyUpdateRequestSeq( CMP_CTX *ctx) + { + CMP_PKIMESSAGE *kur=NULL; + CMP_PKIMESSAGE *kup=NULL; + + /* check if all necessary options are set */ + if (!ctx || !ctx->newPkey || + (!(ctx->referenceValue && ctx->secretValue) && /* MSG_MAC_ALG */ + !(ctx->pkey && ctx->clCert && (ctx->srvCert || ctx->trusted_store)))) /* MSG_SIG_ALG */ + { + CMPerr(CMP_F_CMP_DOKEYUPDATEREQUESTSEQ, CMP_R_INVALID_ARGS); + goto err; + } + + /* create Key Update Request - kur */ + if (! (kur = CMP_kur_new(ctx))) goto err; + + CMP_printf( ctx, "INFO: Sending Key Update Request"); + if (! (CMP_PKIMESSAGE_http_perform(ctx, kur, &kup))) + { + ADD_HTTP_ERROR_INFO(CMP_F_CMP_DOKEYUPDATEREQUESTSEQ, CMP_R_KUP_NOT_RECEIVED, "kur"); + goto err; + } + + /* make sure the received messagetype indicates an KUP message */ + if (CMP_PKIMESSAGE_get_bodytype( kup) != V_CMP_PKIBODY_KUP) + { + char errmsg[256]; + CMPerr(CMP_F_CMP_DOKEYUPDATEREQUESTSEQ, CMP_R_PKIBODY_ERROR); + ERR_add_error_data(1, PKIError_data( kup, errmsg, sizeof(errmsg))); + goto err; + } + + save_certrep_statusInfo(ctx, kup->body->value.kup); + + /* validate message protection */ + if (CMP_validate_msg(ctx, kup)) + { + CMP_printf( ctx, "SUCCESS: validating protection of incoming message"); + } else { + CMPerr(CMP_F_CMP_DOKEYUPDATEREQUESTSEQ, CMP_R_ERROR_VALIDATING_PROTECTION); + goto err; + } + + /* compare received nonce with the one sent in KUR */ + if (kup->header->recipNonce) + { + if(ASN1_OCTET_STRING_cmp(kur->header->senderNonce, kup->header->recipNonce)) + { + /* senderNonce != recipNonce (sic although there is no "!" in the if) */ + CMPerr(CMP_F_CMP_DOKEYUPDATEREQUESTSEQ, CMP_R_ERROR_NONCES_DO_NOT_MATCH); + goto err; + } + } /* it's not clear from the RFC whether recipNonce MUST be set or not */ + CMP_CTX_set1_recipNonce(ctx, kup->header->senderNonce); /* store for setting in the next msg */ + + /* evaluate PKIStatus field */ + if (CMP_CERTREPMESSAGE_PKIStatus_get( kup->body->value.kup, 0) == CMP_PKISTATUS_waiting) + { + if (!pollForResponse(ctx, kup->body->value.kup, &kup)) { + CMPerr(CMP_F_CMP_DOKEYUPDATEREQUESTSEQ, CMP_R_KUP_NOT_RECEIVED); + ERR_add_error_data(1, "received 'waiting' pkistatus but polling failed"); + goto err; + } + } + + if (!(ctx->newClCert = CMP_CERTREPMESSAGE_get_certificate(ctx, kup->body->value.kup))) goto err; + + /* copy received capubs to the context */ + if (kup->body->value.kup->caPubs) + CMP_CTX_set1_caPubs(ctx, kup->body->value.kup->caPubs); + + /* copy any received extraCerts to ctx->etraCertsIn so they can be retrieved */ + if (kup->extraCerts) + CMP_CTX_set1_extraCertsIn(ctx, kup->extraCerts); + + /* check if implicit confirm is set in generalInfo and send certConf if not */ + if (!CMP_PKIMESSAGE_check_implicitConfirm(kup)) + if (!sendCertConf(ctx)) goto err; + + CMP_PKIMESSAGE_free(kur); + CMP_PKIMESSAGE_free(kup); + return ctx->newClCert; + +err: + if (kur) CMP_PKIMESSAGE_free(kur); + if (kup) CMP_PKIMESSAGE_free(kup); + + /* print out openssl and cmp errors to error_cb if it's set */ + if (ctx&&ctx->error_cb) ERR_print_errors_cb(CMP_CTX_error_callback, (void*) ctx); + return NULL; + } + +/* ############################################################################ * + * Sends a general message to the server to request information specified in the + * InfoType and Value (itav) given in the nid (section 5.3.19 and E.5). + * + * all obtions besides the single ITAV and it's value to be sent need to be set + * in the context. + * + * TODO: this could take multiple nids to have several ITAVs in the Genm + * + * returns pointer to stack of ITAVs received in the answer or NULL on error + * ############################################################################ */ +STACK_OF(CMP_INFOTYPEANDVALUE) *CMP_doGeneralMessageSeq( CMP_CTX *ctx, int nid, char *value) + { + CMP_PKIMESSAGE *genm=NULL; + CMP_PKIMESSAGE *genp=NULL; + CMP_INFOTYPEANDVALUE *itav=NULL; + STACK_OF(CMP_INFOTYPEANDVALUE) *rcvdItavs=NULL; + + /* check if all necessary options are set */ + if (!ctx || (!(ctx->referenceValue && ctx->secretValue) && /* MSG_MAC_ALG */ + !(ctx->pkey && ctx->clCert && (ctx->srvCert || ctx->trusted_store)))) /* MSG_SIG_ALG */ + { + CMPerr(CMP_F_CMP_DOGENERALMESSAGESEQ, CMP_R_INVALID_ARGS); + goto err; + } + + /* crate GenMsgContent - genm*/ + if (! (genm = CMP_genm_new(ctx))) goto err; + + /* set itav - TODO: let this function take a STACK of ITAV as arguments */ + itav = CMP_INFOTYPEANDVALUE_new(); + itav->infoType = OBJ_nid2obj(nid); + itav->infoValue.ptr = value; + CMP_PKIMESSAGE_genm_item_push0( genm, itav); + + CMP_printf( ctx, "INFO: Sending General Message"); + if (! (CMP_PKIMESSAGE_http_perform(ctx, genm, &genp))) + { + ADD_HTTP_ERROR_INFO(CMP_F_CMP_DOGENERALMESSAGESEQ, CMP_R_GENP_NOT_RECEIVED, "genm"); + goto err; + } + + /* make sure the received messagetype indicates an GENP message */ + if (CMP_PKIMESSAGE_get_bodytype(genp) != V_CMP_PKIBODY_GENP) + { + char errmsg[256]; + CMPerr(CMP_F_CMP_DOGENERALMESSAGESEQ, CMP_R_PKIBODY_ERROR); + ERR_add_error_data(1, PKIError_data( genp, errmsg, sizeof(errmsg))); + goto err; + } + + /* validate message protection */ + if (CMP_validate_msg(ctx, genp)) + { + CMP_printf( ctx, "SUCCESS: validating protection of incoming message"); + } else { + CMPerr(CMP_F_CMP_DOGENERALMESSAGESEQ, CMP_R_ERROR_VALIDATING_PROTECTION); + goto err; + } + + /* compare received nonce with the one sent in genm */ + if (genp->header->recipNonce) + { + if(ASN1_OCTET_STRING_cmp(genm->header->senderNonce, genp->header->recipNonce)) + { + CMPerr(CMP_F_CMP_DOGENERALMESSAGESEQ, CMP_R_ERROR_NONCES_DO_NOT_MATCH); + goto err; + } + } /* it's not clear from the RFC whether recipNonce MUST be set or not */ + + /* the received stack of itavs shouldn't be freed with the message */ + rcvdItavs = genp->body->value.genp; + genp->body->value.genp = NULL; + + CMP_PKIMESSAGE_free(genm); + CMP_PKIMESSAGE_free(genp); + + return rcvdItavs; + +err: + if (genm) CMP_PKIMESSAGE_free(genm); + if (genp) CMP_PKIMESSAGE_free(genp); + + /* print out openssl and cmp errors to error_cb if it's set */ + if (ctx&&ctx->error_cb) ERR_print_errors_cb(CMP_CTX_error_callback, (void*) ctx); + return NULL; + } + Index: openssl-1.0.1h-cmp/crypto/cmp/cmp_vfy.c =================================================================== --- openssl-1.0.1h-cmp/crypto/cmp/cmp_vfy.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/cmp/cmp_vfy.c (revision 764) @@ -0,0 +1,484 @@ +/* vim: set noet ts=4 sts=4 sw=4: */ +/* crypto/cmp/cmp_vfy.c + * Functions to verify CMP (RFC 4210) messages for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#include +#include +#include +#include +#include + +/* ############################################################################ * + * internal function + * + * validate a message protected by signature according to section 5.1.3.3 + * (sha1+RSA/DSA or any other algorithm supported by OpenSSL) + * returns 0 on error + * ############################################################################ */ +static int CMP_verify_signature( CMP_PKIMESSAGE *msg, X509 *cert) + { + EVP_MD_CTX *ctx=NULL; + CMP_PROTECTEDPART protPart; + int ret=0; + EVP_MD *digest=NULL; + EVP_PKEY *pubkey=NULL; + + size_t protPartDerLen=0; + unsigned char *protPartDer=NULL; + + if (!msg || !cert) return 0; + + pubkey = X509_get_pubkey((X509*) cert); + if (!pubkey) return 0; + + /* create the DER representation of protected part */ + protPart.header = msg->header; + protPart.body = msg->body; + protPartDerLen = i2d_CMP_PROTECTEDPART(&protPart, &protPartDer); + + /* verify prtotection of protected part */ + ctx = EVP_MD_CTX_create(); + if(!(digest = (EVP_MD *)EVP_get_digestbynid(OBJ_obj2nid(msg->header->protectionAlg->algorithm)))) goto notsup; + EVP_VerifyInit_ex(ctx, digest, NULL); + EVP_VerifyUpdate(ctx, protPartDer, protPartDerLen); + ret = EVP_VerifyFinal(ctx, msg->protection->data, msg->protection->length, pubkey); + + /* cleanup */ + EVP_MD_CTX_destroy(ctx); + OPENSSL_free(protPartDer); + EVP_PKEY_free(pubkey); + return ret; +notsup: + CMPerr(CMP_F_CMP_VERIFY_SIGNATURE, CMP_R_ALGORITHM_NOT_SUPPORTED); + return 0; + } + +/* ############################################################################ * + * internal function + * + * Validates a message protected with PBMAC + * ############################################################################ */ +static int CMP_verify_MAC( CMP_PKIMESSAGE *msg, const ASN1_OCTET_STRING *secret) + { + ASN1_BIT_STRING *protection=NULL; + int valid = 0; + + /* generate expected protection for the message */ + if (!(protection = CMP_calc_protection_pbmac( msg, secret))) + goto err; /* failed to generate protection string! */ + + valid = M_ASN1_BIT_STRING_cmp( protection, msg->protection) == 0; + ASN1_BIT_STRING_free(protection); + return valid; +err: + return 0; + } + +/* ############################################################################ * + * internal function + * + * Attempt to validate certificate path. returns 1 if the path was + * validated successfully and 0 if not. + * ############################################################################ */ +int CMP_validate_cert_path(X509_STORE *trusted_store, X509_STORE *untrusted_store, X509 *cert) + { + int ret=0,valid=0; + X509_STORE_CTX *csc=NULL; + STACK_OF(X509) *untrusted_stack=NULL; + + if (!cert) goto end; + + if (!trusted_store) + { + CMPerr(CMP_F_CMP_VALIDATE_CERT_PATH, CMP_R_NO_TRUSTED_CERTIFICATES_SET); + goto end; + } + + /* A cert callback could be used to do additional checking, policies for example.*/ + /* X509_STORE_set_verify_cb(trusted_store, CMP_cert_callback); */ + + if (!(csc = X509_STORE_CTX_new())) goto end; + + /* note: there doesn't seem to be a good way to get a stack of all + * the certs in an X509_STORE, so we need to try and find the chain + * of intermediate certs here. */ + if (untrusted_store) + untrusted_stack = CMP_build_cert_chain(untrusted_store, cert); + + X509_STORE_set_flags(trusted_store, 0); + if(!X509_STORE_CTX_init(csc, trusted_store, cert, untrusted_stack)) + goto end; + + /* CRLs could be handled here */ + /* if (crls) X509_STORE_CTX_set0_crls(csc, crls); */ + + valid=X509_verify_cert(csc); + + X509_STORE_CTX_free(csc); + + ret=0; + + end: + if (untrusted_stack) + sk_X509_pop_free(untrusted_stack, X509_free); + + if (valid > 0) + { + ret = 1; + } + + return(ret); + } + +#if 0 +/* ############################################################################ * + * NOTE: This is only needed if/when we want to do additional checking on the certificates! + * It is not currently used. + * + * This is called for every valid certificate. Here we could add additional checks, + * for policies for example. + * ############################################################################ */ +int CMP_cert_callback(int ok, X509_STORE_CTX *ctx) + { + int cert_error = X509_STORE_CTX_get_error(ctx); + X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); + + if (!ok) + { + switch(cert_error) + { + case X509_V_ERR_NO_EXPLICIT_POLICY: + /* policies_print(NULL, ctx); */ + case X509_V_ERR_CERT_HAS_EXPIRED: + + /* since we are just checking the certificates, it is + * ok if they are self signed. But we should still warn + * the user. + */ + + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + /* Continue after extension errors too */ + case X509_V_ERR_INVALID_CA: + case X509_V_ERR_INVALID_NON_CA: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_PURPOSE: + case X509_V_ERR_CRL_HAS_EXPIRED: + case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: + ok = 1; + + } + + return ok; + } + +#if 0 + /* TODO: we could check policies here too */ + if (cert_error == X509_V_OK && ok == 2) + policies_print(NULL, ctx); +#endif + + return(ok); + } +#endif + + +/* ############################################################################ * + * internal function + * + * Find server certificate by: + * - first see if we can find it in trusted store + * - then try to find it in untrusted store + * - then search for certs with matching name in extraCerts + * - if only one match found, return that + * - if more than one, try to find a cert with the matching senderKID if available + * - if keyID is not available, return first cert found + * returns pointer to found server Certificate on success + * returns NULL on error or when no certificate could be found + * ############################################################################ */ +static X509 *findSrvCert(CMP_CTX *ctx, CMP_PKIMESSAGE *msg) + { + X509 *srvCert = NULL; + X509_STORE_CTX *csc = NULL; + X509_OBJECT obj; + STACK_OF(X509) *found_certs = NULL; + int n; + + if(!(csc = X509_STORE_CTX_new())) return NULL; + + /* first attempt lookup in trusted_store */ + if (X509_STORE_CTX_init(csc, ctx->trusted_store, NULL, NULL)) + { + if (X509_STORE_get_by_subject(csc, X509_LU_X509, msg->header->sender->d.directoryName, &obj)) + { + srvCert = obj.data.x509; + X509_STORE_CTX_free(csc); + return srvCert; + } + } + + /* attempt lookup in untrusted_store */ + if (X509_STORE_CTX_init(csc, ctx->untrusted_store, NULL, NULL)) + { + if (X509_STORE_get_by_subject(csc, X509_LU_X509, msg->header->sender->d.directoryName, &obj)) + { + srvCert = obj.data.x509; + X509_STORE_CTX_free(csc); + return srvCert; + } + } + + /* not found in trusted_store, so look through extraCerts */ + if(!(found_certs = sk_X509_new_null())) return NULL; + + for (n = 0; n < sk_X509_num(msg->extraCerts); n++) + { + X509 *cert = sk_X509_value(msg->extraCerts, n); + X509_NAME *name = NULL; + if (!cert) continue; + name = X509_get_subject_name(cert); + + if (name && !X509_NAME_cmp(name, msg->header->sender->d.directoryName)) + sk_X509_push(found_certs, cert); + } + + /* if found exactly one cert, we'll use that */ + if (sk_X509_num(found_certs) == 1) + srvCert = sk_X509_pop(found_certs); + + /* found more than one with a matching name, so try to search + through the found certs by key ID if we have it. if not, + just return first one. */ + else if (sk_X509_num(found_certs) > 1) + { + if (msg->header->senderKID) { + for (n = 0; n < sk_X509_num(found_certs); n++) + { + X509 *cert = sk_X509_value(found_certs, n); + ASN1_OCTET_STRING *cert_keyid = NULL; + + if (!(cert_keyid = CMP_get_cert_subject_key_id(cert))) return NULL; + + if (!ASN1_OCTET_STRING_cmp(cert_keyid, msg->header->senderKID)) + { + srvCert = cert; + break; + } + } + } + + if (!srvCert) + { + /* key id not available or we didn't find a cert with matching keyID. + * -> return the first one with matching name */ + srvCert = sk_X509_pop(found_certs); + } + } + + sk_X509_free(found_certs); + + return srvCert; + } + + +/* ############################################################################ * + * internal function + * + * Creates a new certificate store and adds all the self-signed certificates from + * the given stack to the store. + * ############################################################################ */ +static X509_STORE *createTempTrustedStore(STACK_OF(X509) *stack) + { + X509_STORE *store = X509_STORE_new(); + int i; + + if (!store) goto err; + + for (i = 0; i < sk_X509_num(stack); i++) + { + X509 *cert = sk_X509_value(stack, i); + EVP_PKEY *pubkey = X509_get_pubkey(cert); + + if (pubkey && X509_verify(cert, pubkey)) + X509_STORE_add_cert(store, cert); + + EVP_PKEY_free(pubkey); + } + + return store; + + err: + return NULL; + } + +/* ############################################################################ + * Validates the protection of the given PKIMessage using either password + * based mac or a signature algorithm. In the case of signature algorithm, the + * certificate can be provided in ctx->srvCert or it is taken from + * extraCerts and validate against ctx->trusted_store utilizing + * ctx->untrusted_store and extraCerts. + * + * If ctx->permitTAInExtraCertsForIR is true, the trust anchor may be taken from + * the extraCerts field when a self-signed certificate is found there which can + * be used to validate the issued certificate returned in IP. This is according + * to the need given in 3GPP TS 33.310. + * + * returns 1 on success, 0 on error or validation failed + * ############################################################################ */ +int CMP_validate_msg(CMP_CTX *ctx, CMP_PKIMESSAGE *msg) + { + X509 *srvCert = ctx->srvCert; + int srvCert_valid = 0; + int nid = 0; + ASN1_OBJECT *algorOID=NULL; + + if (!msg->header->protectionAlg) + /* unprotected message */ + return 0; + + /* determine the nid for the used protection algorithm */ + X509_ALGOR_get0( &algorOID, NULL, NULL, msg->header->protectionAlg); + nid = OBJ_obj2nid(algorOID); + + switch (nid) + { + /* 5.1.3.1. Shared Secret Information */ + case NID_id_PasswordBasedMAC: + return CMP_verify_MAC(msg, ctx->secretValue); + + /* TODO: 5.1.3.2. DH Key Pairs */ + case NID_id_DHBasedMac: + CMPerr(CMP_F_CMP_VALIDATE_MSG, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC); + break; + + /* 5.1.3.3. Signature */ + /* TODO: should that better whitelist DSA/RSA etc.? -> check all possible options from OpenSSL, should there be a makro? */ + default: + if (!srvCert) { + /* if we've already found and validated a server cert, and it matches the sender name, + * we will use that, this is used for PKIconf where the server + * certificate and others could be missing from the extraCerts */ + if (ctx->validatedSrvCert && + !X509_NAME_cmp(X509_get_subject_name(ctx->validatedSrvCert), msg->header->sender->d.directoryName)) + { + srvCert = ctx->validatedSrvCert; + srvCert_valid = 1; + } + else + { + /* load the provided extraCerts to help with cert path validation */ + CMP_CTX_loadUntrustedStack(ctx, msg->extraCerts); + + /* try to find the server certificate from 1) trusted_store 2) untrusted_store 3) extaCerts*/ + srvCert = findSrvCert(ctx, msg); + + /* validate the that the found server Certificate is trusted */ + srvCert_valid = CMP_validate_cert_path(ctx->trusted_store, ctx->untrusted_store, srvCert); + + /* do an exceptional handling for 3GPP */ + if (!srvCert_valid) + { + /* For IP: when the ctxOption is set, extract the Trust Anchor from + * ExtraCerts, provided that there is a self-signed certificate + * which can be used to validate the issued certificate - refer to 3GPP TS 33.310 */ + + if (ctx->permitTAInExtraCertsForIR && CMP_PKIMESSAGE_get_bodytype(msg) == V_CMP_PKIBODY_IP) + { + X509_STORE *tempStore = createTempTrustedStore(msg->extraCerts); + /* TODO: check that issued certificates can validate against + * trust achnor - and then exclusively use this CA */ + srvCert_valid = CMP_validate_cert_path(tempStore, ctx->untrusted_store, srvCert); + + if (srvCert_valid) + { + /* verify that our received certificate can also be validated with the same + * trusted store as srvCert */ + X509 *newClCert = CMP_CERTREPMESSAGE_get_certificate(ctx, msg->body->value.ip); + if (newClCert) + srvCert_valid = CMP_validate_cert_path(tempStore, ctx->untrusted_store, newClCert); + } + + X509_STORE_free(tempStore); + } + } + } + + /* verification failed if no valid server cert was found */ + if (!srvCert_valid) + { + CMPerr(CMP_F_CMP_VALIDATE_MSG, CMP_R_NO_VALID_SRVCERT_FOUND); + return 0; + } + + /* store trusted server cert for future messages in this interaction */ + ctx->validatedSrvCert = srvCert; + } + return CMP_verify_signature(msg, srvCert); + } + return 0; + } + Index: openssl-1.0.1h-cmp/crypto/crmf/Makefile =================================================================== --- openssl-1.0.1h-cmp/crypto/crmf/Makefile (revision 0) +++ openssl-1.0.1h-cmp/crypto/crmf/Makefile (revision 765) @@ -0,0 +1,76 @@ +# +# OpenSSL/crmf/Makefile +# + +DIR= crmf +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) -Wall -DCRMF_DEBUG + +GENERAL=Makefile README +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= crmf_asn.c crmf_lib.c crmf_pbm.c crmf_msg.c crmf_err.c +LIBOBJ= crmf_asn.o crmf_lib.o crmf_pbm.o crmf_msg.o crmf_err.o + +SRC= $(LIBSRC) + +EXHEADER= crmf.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + Index: openssl-1.0.1h-cmp/crypto/crmf/crmf.h =================================================================== --- openssl-1.0.1h-cmp/crypto/crmf/crmf.h (revision 0) +++ openssl-1.0.1h-cmp/crypto/crmf/crmf.h (revision 764) @@ -0,0 +1,626 @@ +/* vim: set cino={1s noet ts=4 sts=4 sw=4: */ +/* crypto/crmf/crmf.h + * Header file for CRMF (RFC 4211) for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#ifndef HEADER_CRMF_H +#define HEADER_CRMF_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* +Attributes ::= SET OF Attribute +=> X509_ATTRIBUTE + +PrivateKeyInfo ::= SEQUENCE { + version INTEGER, + privateKeyAlgorithm AlgorithmIdentifier, + privateKey OCTET STRING, + attributes [0] IMPLICIT Attributes OPTIONAL +} +*/ +typedef struct crmf_privatekeyinfo_st + { + ASN1_INTEGER *version; + X509_ALGOR *AlgorithmIdentifier; + ASN1_OCTET_STRING *privateKey; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + } CRMF_PRIVATEKEYINFO; +DECLARE_ASN1_FUNCTIONS(CRMF_PRIVATEKEYINFO) + + +/* section 4.2.1 Private Key Info Content Type + id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21} + +EncKeyWithID ::= SEQUENCE { + privateKey PrivateKeyInfo, + identifier CHOICE { + string UTF8String, + generalName GeneralName + } OPTIONAL +} +*/ +typedef struct crmf_enckeywithid_identifier_st + { + int type; + union + { + ASN1_UTF8STRING *string; + GENERAL_NAME *generalName; + } value; + } CRMF_ENCKEYWITHID_IDENTIFIER; + DECLARE_ASN1_FUNCTIONS(CRMF_ENCKEYWITHID_IDENTIFIER) + +typedef struct crmf_enckeywithid_st + { + CRMF_PRIVATEKEYINFO *privateKey; + CRMF_ENCKEYWITHID_IDENTIFIER *identifier; /* [0] */ + } CRMF_ENCKEYWITHID; +DECLARE_ASN1_FUNCTIONS(CRMF_ENCKEYWITHID) + +/* +CertId ::= SEQUENCE { + issuer GeneralName, + serialNumber INTEGER } + */ +typedef struct crmf_certid_st + { + GENERAL_NAME *issuer; + ASN1_INTEGER *serialNumber; + } CRMF_CERTID; +DECLARE_ASN1_FUNCTIONS(CRMF_CERTID) +DECLARE_STACK_OF(CRMF_CERTID) + +/* +EncryptedValue ::= SEQUENCE { + intendedAlg [0] AlgorithmIdentifier OPTIONAL, + -- the intended algorithm for which the value will be used + symmAlg [1] AlgorithmIdentifier OPTIONAL, + -- the symmetric algorithm used to encrypt the value + encSymmKey [2] BIT STRING OPTIONAL, + -- the (encrypted) symmetric key used to encrypt the value + keyAlg [3] AlgorithmIdentifier OPTIONAL, + -- algorithm used to encrypt the symmetric key + valueHint [4] OCTET STRING OPTIONAL, + -- a brief description or identifier of the encValue content + -- (may be meaningful only to the sending entity, and used only + -- if EncryptedValue might be re-examined by the sending entity + -- in the future) + encValue BIT STRING } + -- the encrypted value itself +*/ +typedef struct crmf_encrypetedvalue_st + { + X509_ALGOR *intendedAlg; /* 0 */ + X509_ALGOR *symmAlg; /* 1 */ + ASN1_BIT_STRING *encSymmKey; /* 2 */ + X509_ALGOR *keyAlg; /* 3 */ + ASN1_OCTET_STRING *valueHint; /* 4 */ + ASN1_BIT_STRING *encValue; + } CRMF_ENCRYPTEDVALUE; +DECLARE_ASN1_FUNCTIONS(CRMF_ENCRYPTEDVALUE) + +/* +EncryptedKey ::= CHOICE { + encryptedValue EncryptedValue, -- Deprecated + envelopedData [0] EnvelopedData } + */ +typedef struct crmf_encryptedkey_st + { + int type; + union + { + CRMF_ENCRYPTEDVALUE *encryptedValue; /* Deprecated */ + /* TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be somehow taken from crypto/cms which exists now - this is not used anywhere so far */ + ASN1_NULL *envelopedData; + } value; + } CRMF_ENCRYPTEDKEY; +DECLARE_ASN1_FUNCTIONS(CRMF_ENCRYPTEDKEY) + +/* +PKIArchiveOptions ::= CHOICE { + encryptedPrivKey [0] EncryptedKey, + -- the actual value of the private key + keyGenParameters [1] KeyGenParameters, + -- parameters that allow the private key to be re-generated + archiveRemGenPrivKey [2] BOOLEAN } + -- set to TRUE if sender wishes receiver to archive the private + -- key of a key pair that the receiver generates in response to + -- this request; set to FALSE if no archival is desired. +*/ +typedef struct crmf_pkiarchiveoptions_st + { + int type; + union + { + CRMF_ENCRYPTEDKEY *encryptedPrivKey; /* 0 */ + ASN1_OCTET_STRING *keyGenParameters; /* KeyGenParameters ::= OCTET STRING */ /* 1 */ + ASN1_BOOLEAN *archiveRemGenPrivKey; /* 2 */ + } value; + } CRMF_PKIARCHIVEOPTIONS; +DECLARE_ASN1_FUNCTIONS(CRMF_PKIARCHIVEOPTIONS) +CRMF_PKIARCHIVEOPTIONS *CRMF_PKIARCHIVEOPTIONS_dup( CRMF_PKIARCHIVEOPTIONS *pkiPubInfo); + +/* +SinglePubInfo ::= SEQUENCE { + pubMethod INTEGER { + dontCare (0), + x500 (1), + web (2), + ldap (3) }, + pubLocation GeneralName OPTIONAL } + */ +typedef struct crmf_singlepubinfo_st + { + ASN1_INTEGER *pubMethod; + GENERAL_NAME *pubLocation; + } CRMF_SINGLEPUBINFO; +DECLARE_ASN1_FUNCTIONS(CRMF_SINGLEPUBINFO) + +/* +PKIPublicationInfo ::= SEQUENCE { +action INTEGER { + dontPublish (0), + pleasePublish (1) }, +pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } + -- pubInfos MUST NOT be present if action is "dontPublish" + -- (if action is "pleasePublish" and pubInfos is omitted, + -- "dontCare" is assumed) +*/ +typedef struct crmf_pkipublicationinfo_st + { + ASN1_INTEGER *action; + CRMF_SINGLEPUBINFO *pubinfos; + } CRMF_PKIPUBLICATIONINFO; +DECLARE_ASN1_FUNCTIONS(CRMF_PKIPUBLICATIONINFO) +CRMF_PKIPUBLICATIONINFO *CRMF_PKIPUBLICATIONINFO_dup( CRMF_PKIPUBLICATIONINFO *pkiPubInfo); + +/* +PKMACValue ::= SEQUENCE { +algId AlgorithmIdentifier, +-- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13} +-- parameter value is PBMParameter +value BIT STRING } +*/ +typedef struct crmf_pkmacvalue_st + { + X509_ALGOR *algId; + ASN1_BIT_STRING *value; + } CRMF_PKMACVALUE; +DECLARE_ASN1_FUNCTIONS(CRMF_PKMACVALUE) + +/* +SubsequentMessage ::= INTEGER { + encrCert (0), + -- requests that resulting certificate be encrypted for the + -- end entity (following which, POP will be proven in a + -- confirmation message) + challengeResp (1) } + -- requests that CA engage in challenge-response exchange with + -- end entity in order to prove private key possession + +POPOPrivKey ::= CHOICE { + thisMessage [0] BIT STRING, -- Deprecated + -- possession is proven in this message (which contains the private + -- key itself (encrypted for the CA)) + subsequentMessage [1] SubsequentMessage, + -- possession will be proven in a subsequent message + dhMAC [2] BIT STRING, -- Deprecated + agreeMAC [3] PKMACValue, + encryptedKey [4] EnvelopedData } +*/ +#define CRMF_POPOPRIVKEY_THISMESSAGE 0 +#define CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 +#define CRMF_POPOPRIVKEY_DHMAC 2 +#define CRMF_POPOPRIVKEY_AGREEMAC 3 +#define CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 + +#define CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 +#define CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 + +typedef struct crmf_popoprivkey_st + { + int type; + union + { + ASN1_BIT_STRING *thisMessage; /* Deprecated */ /* 0 */ + ASN1_INTEGER *subsequentMessage; /* 1 */ + ASN1_BIT_STRING *dhMAC; /* 2 */ + CRMF_PKMACVALUE *agreeMAC; /* 3 */ + /* TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be somehow taken from crypto/cms which exists now - this is not used anywhere so far */ + ASN1_NULL *encryptedKey; /* 4 */ + } value; + } CRMF_POPOPRIVKEY; +DECLARE_ASN1_FUNCTIONS(CRMF_POPOPRIVKEY) + +/* +PBMParameter ::= SEQUENCE { + salt OCTET STRING, + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + iterationCount INTEGER, + -- number of times the OWF is applied + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], +} -- or HMAC [HMAC, RFC2202]) +*/ +typedef struct crmf_pbmparameter_st + { + ASN1_OCTET_STRING *salt; + X509_ALGOR *owf; + ASN1_INTEGER *iterationCount; + X509_ALGOR *mac; + } CRMF_PBMPARAMETER; +DECLARE_ASN1_FUNCTIONS(CRMF_PBMPARAMETER) + +/* +POPOSigningKeyInput ::= SEQUENCE { + authInfo CHOICE { + sender [0] GeneralName, + -- used only if an authenticated identity has been + -- established for the sender (e.g., a DN from a + -- previously-issued and currently-valid certificate) + publicKeyMAC PKMACValue }, + -- used if no authenticated GeneralName currently exists for + -- the sender; publicKeyMAC contains a password-based MAC + -- on the DER-encoded value of publicKey + publicKey SubjectPublicKeyInfo } -- from CertTemplate +*/ +typedef struct crmf_poposigningkeyinput_authinfo_st + { + int type; + union + { + GENERAL_NAME *sender; /* 0 */ + CRMF_PKMACVALUE *publicKeyMAC; /* 1 */ + } value; + } CRMF_POPOSIGNINGKEYINPUT_AUTHINFO; +DECLARE_ASN1_FUNCTIONS(CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) + +typedef struct crmf_poposigningkeyinput_st + { + CRMF_POPOSIGNINGKEYINPUT_AUTHINFO *authinfo; + X509_PUBKEY *publicKey; + } CRMF_POPOSIGNINGKEYINPUT; +DECLARE_ASN1_FUNCTIONS(CRMF_POPOSIGNINGKEYINPUT) + +/* +POPOSigningKey ::= SEQUENCE { + poposkInput [0] POPOSigningKeyInput OPTIONAL, + algorithmIdentifier AlgorithmIdentifier, + signature BIT STRING } + */ +typedef struct crmf_poposigningkey_st + { + CRMF_POPOSIGNINGKEYINPUT *poposkInput; + X509_ALGOR *algorithmIdentifier; + ASN1_BIT_STRING *signature; + } CRMF_POPOSIGNINGKEY; +DECLARE_ASN1_FUNCTIONS(CRMF_POPOSIGNINGKEY) + +/* +ProofOfPossession ::= CHOICE { + raVerified [0] NULL, + -- used if the RA has already verified that the requester is in + -- possession of the private key + signature [1] POPOSigningKey, + keyEncipherment [2] POPOPrivKey, + keyAgreement [3] POPOPrivKey } + */ +#define CRMF_PROOFOFPOSESSION_RAVERIFIED 0 +#define CRMF_PROOFOFPOSESSION_SIGNATURE 1 +#define CRMF_PROOFOFPOSESSION_KEYENCIPHERMENT 2 +#define CRMF_PROOFOFPOSESSION_KEYAGREEMENT 3 +typedef struct crmf_proofofpossesion_st + { + int type; + union + { + ASN1_NULL *raVerified; /* 0 */ + CRMF_POPOSIGNINGKEY *signature; /* 1 */ + CRMF_POPOPRIVKEY *keyEncipherment; /* 2 */ + CRMF_POPOPRIVKEY *keyAgreement; /* 3 */ + } value; + } CRMF_PROOFOFPOSSESION; +DECLARE_ASN1_FUNCTIONS(CRMF_PROOFOFPOSSESION) + +/* +OptionalValidity ::= SEQUENCE { + notBefore [0] Time OPTIONAL, + notAfter [1] Time OPTIONAL } -- at least one MUST be present + */ +typedef struct crmf_optionalvalidity_st + { + ASN1_TIME *notBefore; /* 0 */ + ASN1_TIME *notAfter; /* 1 */ + } CRMF_OPTIONALVALIDITY; +DECLARE_ASN1_FUNCTIONS(CRMF_OPTIONALVALIDITY) + +/* +CertTemplate ::= SEQUENCE { + version [0] Version OPTIONAL, + serialNumber [1] INTEGER OPTIONAL, + signingAlg [2] AlgorithmIdentifier OPTIONAL, + issuer [3] Name OPTIONAL, + validity [4] OptionalValidity OPTIONAL, + subject [5] Name OPTIONAL, + publicKey [6] SubjectPublicKeyInfo OPTIONAL, + issuerUID [7] UniqueIdentifier OPTIONAL, + subjectUID [8] UniqueIdentifier OPTIONAL, + extensions [9] Extensions OPTIONAL } + */ + +typedef struct crmf_certtemplate_st + { + ASN1_INTEGER *version; /* 0 */ + /* serialNumber MUST be omitted. This field is assigned by the CA + * during certificate creation. */ + ASN1_INTEGER *serialNumber; /* 1 */ + /* signingAlg MUST be omitted. This field is assigned by the CA + * during certificate creation. */ + X509_ALGOR *signingAlg; /* 2 */ + X509_NAME *issuer; /* 3 */ + CRMF_OPTIONALVALIDITY *validity; /* 4 */ + X509_NAME *subject; /* 5 */ + X509_PUBKEY *publicKey; /* 6 */ + /* According to rfc 3280: + UniqueIdentifier ::= BIT STRING + */ + /* issuerUID is deprecated in version 2 */ + ASN1_BIT_STRING *issuerUID; /* 7 */ + /* subjectUID is deprecated in version 2 */ + ASN1_BIT_STRING *subjectUID; /* 8 */ +#if 0 + /* TODO: That should be - but that's only cosmetical */ + X509_EXTENSIONS *extensions; /* 9 */ +#endif + STACK_OF(X509_EXTENSION) *extensions; /* 9 */ + } CRMF_CERTTEMPLATE; +DECLARE_ASN1_FUNCTIONS(CRMF_CERTTEMPLATE) + +/* +CertRequest ::= SEQUENCE { + certReqId INTEGER, -- ID for matching request and reply + certTemplate CertTemplate, -- Selected fields of cert to be issued + controls Controls OPTIONAL } -- Attributes affecting issuance + */ +typedef struct crmf_certrequest_st + { + ASN1_INTEGER *certReqId; + CRMF_CERTTEMPLATE *certTemplate; + /* TODO: make CRMF_CONTROLS out of that - but only cosmetical */ + STACK_OF(CRMF_ATTRIBUTETYPEANDVALUE) *controls; + } CRMF_CERTREQUEST; +DECLARE_ASN1_FUNCTIONS(CRMF_CERTREQUEST) +CRMF_CERTREQUEST *CRMF_CERTREQUEST_dup( CRMF_CERTREQUEST *atav); + +/* TODO: isn't there a better way to have this for ANY type? */ +typedef struct crmf_attributetypeandvalue_st + { + ASN1_OBJECT *type; + union + { + /* NID_id_regCtrl_regToken */ + ASN1_UTF8STRING *regToken; + + /* NID_id_regCtrl_authenticator */ + ASN1_UTF8STRING *authenticator; + + /* NID_id_regCtrl_pkiPublicationInfo */ + CRMF_PKIPUBLICATIONINFO *pkiPublicationInfo; + + /* NID_id_regCtrl_pkiArchiveOptions */ + CRMF_PKIARCHIVEOPTIONS *pkiArchiveOptions; + + /* NID_id_regCtrl_oldCertID */ + CRMF_CERTID *oldCertId; + + /* NID_id_regCtrl_protocolEncrKey */ + X509_PUBKEY *protocolEncrKey; + + /* NID_id_regInfo_utf8Pairs */ + ASN1_UTF8STRING *utf8pairs; + + /* NID_id_regInfo_certReq */ + CRMF_CERTREQUEST *certReq; + + ASN1_TYPE *other; + } value; + } CRMF_ATTRIBUTETYPEANDVALUE; +DECLARE_ASN1_FUNCTIONS(CRMF_ATTRIBUTETYPEANDVALUE) +DECLARE_STACK_OF(CRMF_ATTRIBUTETYPEANDVALUE) +CRMF_ATTRIBUTETYPEANDVALUE *CRMF_ATTRIBUTETYPEANDVALUE_dup( CRMF_ATTRIBUTETYPEANDVALUE *atav); + +/* +CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg + +CertReqMsg ::= SEQUENCE { + certReq CertRequest, + popo ProofOfPossession OPTIONAL, + -- content depends upon key type + regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL } + */ +typedef struct crmf_certreqmsg_st + { + CRMF_CERTREQUEST *certReq; + CRMF_PROOFOFPOSSESION *popo; /* 0 */ + STACK_OF(CRMF_ATTRIBUTETYPEANDVALUE) *regInfo; /* 1 */ + } CRMF_CERTREQMSG; +DECLARE_ASN1_FUNCTIONS(CRMF_CERTREQMSG) + +typedef STACK_OF(CRMF_CERTREQMSG) CRMF_CERTREQMESSAGES; +DECLARE_ASN1_FUNCTIONS(CRMF_CERTREQMESSAGES) + +DECLARE_STACK_OF(CRMF_CERTREQMSG) /* CertReqMessages */ +DECLARE_ASN1_SET_OF(CRMF_CERTREQMSG) /* CertReqMessages */ + + +/* ########################################################################## * + * function DECLARATIONS + * ########################################################################## */ +/* crmf_msg.c */ +CRMF_CERTREQMSG * CRMF_cr_new( const long certReqId, const EVP_PKEY *pkey, const X509_NAME *subject, X509_EXTENSIONS *extensions); + +/* crmf_pbm.c */ +CRMF_PBMPARAMETER * CRMF_pbm_new(void); +int CRMF_passwordBasedMac_new( const CRMF_PBMPARAMETER *pbm, const unsigned char* msg, size_t msgLen, const unsigned char* secret, size_t secretLen, unsigned char** mac, unsigned int* macLen); + +/* crmf_lib.c */ +int CRMF_CERTREQMSG_push0_control( CRMF_CERTREQMSG *certReqMsg, CRMF_ATTRIBUTETYPEANDVALUE *control); +int CRMF_CERTREQMSG_set1_control_regToken( CRMF_CERTREQMSG *msg, ASN1_UTF8STRING *tok); +int CRMF_CERTREQMSG_set1_control_authenticator( CRMF_CERTREQMSG *msg, ASN1_UTF8STRING *auth); +int CRMF_CERTREQMSG_push0_regInfo( CRMF_CERTREQMSG *certReqMsg, CRMF_ATTRIBUTETYPEANDVALUE *regInfo); +int CRMF_CERTREQMSG_set1_regInfo_regToken( CRMF_CERTREQMSG *msg, ASN1_UTF8STRING *tok); + +int CRMF_CERTREQMSG_set_version2( CRMF_CERTREQMSG *certReqMsg); +int CRMF_CERTREQMSG_set_validity( CRMF_CERTREQMSG *certReqMsg, time_t notBefore, time_t notAfter); +int CRMF_CERTREQMSG_set_certReqId( CRMF_CERTREQMSG *certReqMsg, const long certReqId); +int CRMF_CERTREQMSG_set1_publicKey( CRMF_CERTREQMSG *certReqMsg, const EVP_PKEY *pkey); +int CRMF_CERTREQMSG_set1_subject( CRMF_CERTREQMSG *certReqMsg, const X509_NAME *subject); +int CRMF_CERTREQMSG_push0_extension( CRMF_CERTREQMSG *certReqMsg, X509_EXTENSION *ext); + +#define CRMF_POPO_NONE 0 +#define CRMF_POPO_SIGNATURE 1 +#define CRMF_POPO_ENCRCERT 2 +#define CRMF_POPO_RAVERIFIED 3 +int CRMF_CERTREQMSG_calc_and_set_popo( CRMF_CERTREQMSG *certReqMsg, const EVP_PKEY *pkey, int popoMethod); + +CRMF_POPOSIGNINGKEY * CRMF_poposigningkey_new( CRMF_CERTREQUEST *certReq, const EVP_PKEY *pkey); + +int CRMF_CERTREQMSG_set1_control_oldCertId( CRMF_CERTREQMSG *certReqMsg, X509 *oldCert); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CRMF_strings(void); + +/* Error codes for the CRMF functions. */ + +/* Function codes. */ +#define CRMF_F_CRMF_CERTREQMSG_CALC_AND_SET_POPO 107 +#define CRMF_F_CRMF_CERTREQMSG_PUSH0_CONTROL 100 +#define CRMF_F_CRMF_CERTREQMSG_PUSH0_EXTENSION 101 +#define CRMF_F_CRMF_CERTREQMSG_PUSH0_REGINFO 102 +#define CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_AUTHENTICATOR 121 +#define CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_OLDCERTID 122 +#define CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PKIARCHIVEOPTIONS 131 +#define CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PKIPUBLICATIONINFO 123 +#define CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PROTOCOLENCRKEY 124 +#define CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_REGTOKEN 108 +#define CRMF_F_CRMF_CERTREQMSG_SET1_PUBLICKEY 103 +#define CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_CERTREQ 125 +#define CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_REGTOKEN 126 +#define CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_UTF8PAIRS 127 +#define CRMF_F_CRMF_CERTREQMSG_SET1_SUBJECT 128 +#define CRMF_F_CRMF_CERTREQMSG_SET_CERTREQID 129 +#define CRMF_F_CRMF_CERTREQMSG_SET_VALIDITY 104 +#define CRMF_F_CRMF_CERTREQMSG_SET_VERSION2 130 +#define CRMF_F_CRMF_CR_NEW 105 +#define CRMF_F_CRMF_PASSWORDBASEDMAC_NEW 106 +#define CRMF_F_CRMF_POPOSIGNINGKEY_NEW 109 +#define CRMF_F_CRMF_SET1_CONTROL_AUTHENTICATOR 110 +#define CRMF_F_CRMF_SET1_CONTROL_OLDCERTID 111 +#define CRMF_F_CRMF_SET1_CONTROL_PKIARCHIVEOPTIONS 112 +#define CRMF_F_CRMF_SET1_CONTROL_PKIPUBLICATIONINFO 113 +#define CRMF_F_CRMF_SET1_CONTROL_PROTOCOLENCRKEY 114 +#define CRMF_F_CRMF_SET1_REGINFO_CERTREQ 115 +#define CRMF_F_CRMF_SET1_REGINFO_UTF8PAIRS 116 +#define CRMF_F_CRMF_SET1_REGTOKEN_CERTREQ 117 +#define CRMF_F_CRMF_SET1_SUBJECT 118 +#define CRMF_F_CRMF_SET_CERTREQID 119 +#define CRMF_F_CRMF_SET_VERSION2 120 + +/* Reason codes. */ +#define CRMF_R_CRMFERROR 100 +#define CRMF_R_ERROR_CALCULATING_AND_SETTING_POPO 103 +#define CRMF_R_ERROR_SETTING_CONTROL_AUTHENTICATOR_ATAV 104 +#define CRMF_R_ERROR_SETTING_CONTROL_OLDCERTID_ATAV 105 +#define CRMF_R_ERROR_SETTING_CONTROL_PKIARCHIVEOPTIONS_ATAV 106 +#define CRMF_R_ERROR_SETTING_CONTROL_PKIPUBLICATIONINFO_ATAV 107 +#define CRMF_R_ERROR_SETTING_CONTROL_PROTOCOLENCRKEY_ATAV 108 +#define CRMF_R_ERROR_SETTING_POPSIGNINGKEY 109 +#define CRMF_R_ERROR_SETTING_PUBLIC_KEY 101 +#define CRMF_R_ERROR_SETTING_REGINFO_CERTREQ_ATAV 110 +#define CRMF_R_ERROR_SETTING_REGINFO_UTF8PAIRS_ATAV 111 +#define CRMF_R_ERROR_SETTING_REGTOKEN_ATAV 112 +#define CRMF_R_ERROR_SETTING_REGTOKEN_CERTREQ_ATAV 113 +#define CRMF_R_ERROR_SETTING_VERSION_2 114 +#define CRMF_R_UNSUPPORTED_ALGORITHM 102 +#define CRMF_R_UNSUPPORTED_ALG_FOR_POPSIGNINGKEY 115 +#define CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO 116 + +#ifdef __cplusplus +} +#endif +#endif Index: openssl-1.0.1h-cmp/crypto/crmf/crmf_asn.c =================================================================== --- openssl-1.0.1h-cmp/crypto/crmf/crmf_asn.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/crmf/crmf_asn.c (revision 764) @@ -0,0 +1,275 @@ +/* vim: set cino={1s noet ts=4 sts=4 sw=4: */ +/* crmf_asn.c + * OpenSSL ASN.1 definitions for CRMF (RFC 4211) + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#include +#include +#include + +ASN1_SEQUENCE(CRMF_PRIVATEKEYINFO) = { + ASN1_SIMPLE(CRMF_PRIVATEKEYINFO, version, ASN1_INTEGER), + ASN1_SIMPLE(CRMF_PRIVATEKEYINFO, AlgorithmIdentifier, X509_ALGOR), + ASN1_SIMPLE(CRMF_PRIVATEKEYINFO, privateKey, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(CRMF_PRIVATEKEYINFO, attributes, X509_ATTRIBUTE, 0) +} ASN1_SEQUENCE_END(CRMF_PRIVATEKEYINFO) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_PRIVATEKEYINFO) + + +ASN1_CHOICE(CRMF_ENCKEYWITHID_IDENTIFIER) = { + ASN1_IMP(CRMF_ENCKEYWITHID_IDENTIFIER, value.string, ASN1_UTF8STRING, 0), + ASN1_IMP(CRMF_ENCKEYWITHID_IDENTIFIER, value.generalName, GENERAL_NAME, 1) +} ASN1_CHOICE_END(CRMF_ENCKEYWITHID_IDENTIFIER) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_ENCKEYWITHID_IDENTIFIER) + + +ASN1_SEQUENCE(CRMF_ENCKEYWITHID) = { + ASN1_SIMPLE(CRMF_ENCKEYWITHID, privateKey, CRMF_PRIVATEKEYINFO), + ASN1_IMP_OPT(CRMF_ENCKEYWITHID, identifier, CRMF_ENCKEYWITHID_IDENTIFIER,0) +} ASN1_SEQUENCE_END(CRMF_ENCKEYWITHID) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_ENCKEYWITHID) + + +ASN1_SEQUENCE(CRMF_CERTID) = { + ASN1_SIMPLE(CRMF_CERTID, issuer, GENERAL_NAME), + ASN1_SIMPLE(CRMF_CERTID, serialNumber, ASN1_INTEGER) +} ASN1_SEQUENCE_END(CRMF_CERTID) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_CERTID) + + +ASN1_SEQUENCE(CRMF_ENCRYPTEDVALUE) = { + ASN1_IMP_OPT(CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR,0), + ASN1_IMP_OPT(CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR,1), + ASN1_IMP_OPT(CRMF_ENCRYPTEDVALUE, encSymmKey, ASN1_BIT_STRING,2), + ASN1_IMP_OPT(CRMF_ENCRYPTEDVALUE, keyAlg, X509_ALGOR,3), + ASN1_IMP_OPT(CRMF_ENCRYPTEDVALUE, valueHint, ASN1_OCTET_STRING,4), + ASN1_SIMPLE(CRMF_ENCRYPTEDVALUE, encValue, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(CRMF_ENCRYPTEDVALUE) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_ENCRYPTEDVALUE) + + +ASN1_CHOICE(CRMF_ENCRYPTEDKEY) = { + ASN1_IMP(CRMF_ENCRYPTEDKEY, value.encryptedValue, CRMF_ENCRYPTEDVALUE, 0), + /* TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be somehow taken from crypto/cms which exists now - this is not used anywhere so far */ + ASN1_IMP(CRMF_ENCRYPTEDKEY, value.envelopedData, ASN1_NULL, 1) +} ASN1_CHOICE_END(CRMF_ENCRYPTEDKEY) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_ENCRYPTEDKEY) + + +ASN1_CHOICE(CRMF_PKIARCHIVEOPTIONS) = { + ASN1_IMP(CRMF_PKIARCHIVEOPTIONS, value.encryptedPrivKey, CRMF_ENCRYPTEDKEY, 0), + ASN1_IMP(CRMF_PKIARCHIVEOPTIONS, value.keyGenParameters, ASN1_OCTET_STRING, 1), + ASN1_IMP(CRMF_PKIARCHIVEOPTIONS, value.archiveRemGenPrivKey, ASN1_BOOLEAN, 2) +} ASN1_CHOICE_END(CRMF_PKIARCHIVEOPTIONS) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_PKIARCHIVEOPTIONS) +IMPLEMENT_ASN1_DUP_FUNCTION(CRMF_PKIARCHIVEOPTIONS) + + +ASN1_SEQUENCE(CRMF_SINGLEPUBINFO) = { + ASN1_SIMPLE(CRMF_SINGLEPUBINFO, pubMethod, ASN1_INTEGER), + ASN1_SIMPLE(CRMF_SINGLEPUBINFO, pubLocation, GENERAL_NAME) +} ASN1_SEQUENCE_END(CRMF_SINGLEPUBINFO) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_SINGLEPUBINFO) + + +ASN1_SEQUENCE(CRMF_PKIPUBLICATIONINFO) = { + ASN1_SIMPLE(CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER), + ASN1_SEQUENCE_OF_OPT(CRMF_PKIPUBLICATIONINFO, pubinfos, GENERAL_NAME) +} ASN1_SEQUENCE_END(CRMF_PKIPUBLICATIONINFO) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_PKIPUBLICATIONINFO) +IMPLEMENT_ASN1_DUP_FUNCTION(CRMF_PKIPUBLICATIONINFO) + + +ASN1_SEQUENCE(CRMF_PKMACVALUE) = { + ASN1_SIMPLE(CRMF_PKMACVALUE, algId, X509_ALGOR), + ASN1_SIMPLE(CRMF_PKMACVALUE, value, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(CRMF_PKMACVALUE) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_PKMACVALUE) + + +ASN1_CHOICE(CRMF_POPOPRIVKEY) = { + ASN1_IMP(CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0), + ASN1_IMP(CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1), + ASN1_IMP(CRMF_POPOPRIVKEY, value.dhMAC, ASN1_BIT_STRING, 2), + ASN1_IMP(CRMF_POPOPRIVKEY, value.agreeMAC, CRMF_PKMACVALUE, 3), + /* TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be somehow taken from crypto/cms which exists now - this is not used anywhere so far */ + ASN1_IMP(CRMF_POPOPRIVKEY, value.encryptedKey, ASN1_NULL, 4), +} ASN1_CHOICE_END(CRMF_POPOPRIVKEY) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_POPOPRIVKEY) + + +ASN1_SEQUENCE(CRMF_PBMPARAMETER) = { + ASN1_SIMPLE(CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING), + ASN1_SIMPLE(CRMF_PBMPARAMETER, owf, X509_ALGOR), + ASN1_SIMPLE(CRMF_PBMPARAMETER, iterationCount, ASN1_INTEGER), + ASN1_SIMPLE(CRMF_PBMPARAMETER, mac, X509_ALGOR) +} ASN1_SEQUENCE_END(CRMF_PBMPARAMETER) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_PBMPARAMETER) + + +ASN1_CHOICE(CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = { + ASN1_EXP(CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender, GENERAL_NAME, 0), + ASN1_SIMPLE(CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.publicKeyMAC, CRMF_PKMACVALUE) +} ASN1_CHOICE_END(CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) + + +ASN1_SEQUENCE(CRMF_POPOSIGNINGKEYINPUT) = { + ASN1_SIMPLE(CRMF_POPOSIGNINGKEYINPUT, authinfo, CRMF_POPOSIGNINGKEYINPUT_AUTHINFO), + ASN1_SIMPLE(CRMF_POPOSIGNINGKEYINPUT, publicKey, X509_PUBKEY) +} ASN1_SEQUENCE_END(CRMF_POPOSIGNINGKEYINPUT) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_POPOSIGNINGKEYINPUT) + + +ASN1_SEQUENCE(CRMF_POPOSIGNINGKEY) = { + ASN1_IMP_OPT(CRMF_POPOSIGNINGKEY, poposkInput, CRMF_POPOSIGNINGKEYINPUT,0), + ASN1_SIMPLE(CRMF_POPOSIGNINGKEY, algorithmIdentifier, X509_ALGOR), + ASN1_SIMPLE(CRMF_POPOSIGNINGKEY, signature, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(CRMF_POPOSIGNINGKEY) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_POPOSIGNINGKEY) + + +ASN1_CHOICE(CRMF_PROOFOFPOSSESION) = { + ASN1_IMP(CRMF_PROOFOFPOSSESION, value.raVerified, ASN1_NULL, 0), + ASN1_IMP(CRMF_PROOFOFPOSSESION, value.signature, CRMF_POPOSIGNINGKEY, 1), + ASN1_EXP(CRMF_PROOFOFPOSSESION, value.keyEncipherment, CRMF_POPOPRIVKEY, 2), + ASN1_IMP(CRMF_PROOFOFPOSSESION, value.keyAgreement, CRMF_POPOPRIVKEY, 3) +} ASN1_CHOICE_END(CRMF_PROOFOFPOSSESION) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_PROOFOFPOSSESION) + + +ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = ASN1_OPT(CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); +ASN1_ADB(CRMF_ATTRIBUTETYPEANDVALUE) = { + ADB_ENTRY(NID_id_regCtrl_regToken, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.regToken, ASN1_UTF8STRING)), + ADB_ENTRY(NID_id_regCtrl_authenticator, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.authenticator, ASN1_UTF8STRING)), + ADB_ENTRY(NID_id_regCtrl_pkiPublicationInfo, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.pkiPublicationInfo, CRMF_PKIPUBLICATIONINFO)), + ADB_ENTRY(NID_id_regCtrl_pkiArchiveOptions, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.pkiArchiveOptions, CRMF_PKIARCHIVEOPTIONS)), + ADB_ENTRY(NID_id_regCtrl_oldCertID, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.oldCertId, CRMF_CERTID)), + ADB_ENTRY(NID_id_regCtrl_protocolEncrKey, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.protocolEncrKey, X509_PUBKEY)), + ADB_ENTRY(NID_id_regInfo_utf8Pairs, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.utf8pairs, ASN1_UTF8STRING)), + ADB_ENTRY(NID_id_regInfo_certReq, ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, value.certReq, CRMF_CERTREQUEST)), +} ASN1_ADB_END(CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0, &attributetypeandvalue_default_tt, NULL); + + +ASN1_SEQUENCE(CRMF_ATTRIBUTETYPEANDVALUE) = +{ + ASN1_SIMPLE(CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(CRMF_ATTRIBUTETYPEANDVALUE) +} ASN1_SEQUENCE_END(CRMF_ATTRIBUTETYPEANDVALUE) + +IMPLEMENT_ASN1_FUNCTIONS(CRMF_ATTRIBUTETYPEANDVALUE) +IMPLEMENT_ASN1_DUP_FUNCTION(CRMF_ATTRIBUTETYPEANDVALUE) + + +ASN1_SEQUENCE(CRMF_OPTIONALVALIDITY) = { + ASN1_EXP_OPT(CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0), + ASN1_EXP_OPT(CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1) +} ASN1_SEQUENCE_END(CRMF_OPTIONALVALIDITY) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_OPTIONALVALIDITY) + + +ASN1_SEQUENCE(CRMF_CERTTEMPLATE) = { + ASN1_IMP_OPT(CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0), + /* serialNumber MUST be omitted. This field is assigned by the CA + * during certificate creation. */ + ASN1_IMP_OPT(CRMF_CERTTEMPLATE, serialNumber, ASN1_INTEGER, 1), + /* signingAlg MUST be omitted. This field is assigned by the CA + * during certificate creation. */ + ASN1_IMP_OPT(CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2), + ASN1_EXP_OPT(CRMF_CERTTEMPLATE, issuer, X509_NAME, 3), + ASN1_IMP_OPT(CRMF_CERTTEMPLATE, validity, CRMF_OPTIONALVALIDITY, 4), + ASN1_EXP_OPT(CRMF_CERTTEMPLATE, subject, X509_NAME, 5), + ASN1_IMP_OPT(CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6), + /* issuerUID is deprecated in version 2 */ + ASN1_IMP_OPT(CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7), + /* subjectUID is deprecated in version 2 */ + ASN1_IMP_OPT(CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8), + ASN1_IMP_SEQUENCE_OF_OPT(CRMF_CERTTEMPLATE, extensions, X509_EXTENSION, 9), +} ASN1_SEQUENCE_END(CRMF_CERTTEMPLATE) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_CERTTEMPLATE) + + +ASN1_SEQUENCE(CRMF_CERTREQUEST) = { + ASN1_SIMPLE(CRMF_CERTREQUEST, certReqId, ASN1_INTEGER), + ASN1_SIMPLE(CRMF_CERTREQUEST, certTemplate, CRMF_CERTTEMPLATE), + ASN1_SEQUENCE_OF_OPT(CRMF_CERTREQUEST, controls, CRMF_ATTRIBUTETYPEANDVALUE) +} ASN1_SEQUENCE_END(CRMF_CERTREQUEST) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_CERTREQUEST) +IMPLEMENT_ASN1_DUP_FUNCTION(CRMF_CERTREQUEST) + + +ASN1_SEQUENCE(CRMF_CERTREQMSG) = { + ASN1_SIMPLE(CRMF_CERTREQMSG, certReq, CRMF_CERTREQUEST), + ASN1_OPT(CRMF_CERTREQMSG, popo, CRMF_PROOFOFPOSSESION), + ASN1_SEQUENCE_OF_OPT(CRMF_CERTREQMSG, regInfo, CRMF_ATTRIBUTETYPEANDVALUE) +} ASN1_SEQUENCE_END(CRMF_CERTREQMSG) +IMPLEMENT_ASN1_FUNCTIONS(CRMF_CERTREQMSG) + + +ASN1_ITEM_TEMPLATE(CRMF_CERTREQMESSAGES) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRMF_CERTREQMESSAGES, CRMF_CERTREQMSG) +ASN1_ITEM_TEMPLATE_END(CRMF_CERTREQMESSAGES) + Index: openssl-1.0.1h-cmp/crypto/crmf/crmf_err.c =================================================================== --- openssl-1.0.1h-cmp/crypto/crmf/crmf_err.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/crmf/crmf_err.c (revision 764) @@ -0,0 +1,142 @@ +/* crypto/crmf/crmf_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRMF,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRMF,0,reason) + +static ERR_STRING_DATA CRMF_str_functs[]= + { +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_CALC_AND_SET_POPO), "CRMF_CERTREQMSG_calc_and_set_popo"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_PUSH0_CONTROL), "CRMF_CERTREQMSG_push0_control"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_PUSH0_EXTENSION), "CRMF_CERTREQMSG_push0_extension"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_PUSH0_REGINFO), "CRMF_CERTREQMSG_push0_regInfo"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_AUTHENTICATOR), "CRMF_CERTREQMSG_set1_control_authenticator"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_OLDCERTID), "CRMF_CERTREQMSG_set1_control_oldCertId"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PKIARCHIVEOPTIONS), "CRMF_CERTREQMSG_SET1_CONTROL_PKIARCHIVEOPTIONS"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PKIPUBLICATIONINFO), "CRMF_CERTREQMSG_SET1_CONTROL_PKIPUBLICATIONINFO"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PROTOCOLENCRKEY), "CRMF_CERTREQMSG_SET1_CONTROL_PROTOCOLENCRKEY"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_REGTOKEN), "CRMF_CERTREQMSG_set1_control_regToken"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_PUBLICKEY), "CRMF_CERTREQMSG_set1_publicKey"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_CERTREQ), "CRMF_CERTREQMSG_SET1_REGINFO_CERTREQ"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_REGTOKEN), "CRMF_CERTREQMSG_set1_regInfo_regToken"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_UTF8PAIRS), "CRMF_CERTREQMSG_SET1_REGINFO_UTF8PAIRS"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET1_SUBJECT), "CRMF_CERTREQMSG_set1_subject"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET_CERTREQID), "CRMF_CERTREQMSG_set_certReqId"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET_VALIDITY), "CRMF_CERTREQMSG_set_validity"}, +{ERR_FUNC(CRMF_F_CRMF_CERTREQMSG_SET_VERSION2), "CRMF_CERTREQMSG_set_version2"}, +{ERR_FUNC(CRMF_F_CRMF_CR_NEW), "CRMF_cr_new"}, +{ERR_FUNC(CRMF_F_CRMF_PASSWORDBASEDMAC_NEW), "CRMF_passwordBasedMac_new"}, +{ERR_FUNC(CRMF_F_CRMF_POPOSIGNINGKEY_NEW), "CRMF_poposigningkey_new"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_CONTROL_AUTHENTICATOR), "CRMF_SET1_CONTROL_AUTHENTICATOR"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_CONTROL_OLDCERTID), "CRMF_SET1_CONTROL_OLDCERTID"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_CONTROL_PKIARCHIVEOPTIONS), "CRMF_SET1_CONTROL_PKIARCHIVEOPTIONS"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_CONTROL_PKIPUBLICATIONINFO), "CRMF_SET1_CONTROL_PKIPUBLICATIONINFO"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_CONTROL_PROTOCOLENCRKEY), "CRMF_SET1_CONTROL_PROTOCOLENCRKEY"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_REGINFO_CERTREQ), "CRMF_SET1_REGINFO_CERTREQ"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_REGINFO_UTF8PAIRS), "CRMF_SET1_REGINFO_UTF8PAIRS"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_REGTOKEN_CERTREQ), "CRMF_SET1_REGTOKEN_CERTREQ"}, +{ERR_FUNC(CRMF_F_CRMF_SET1_SUBJECT), "CRMF_SET1_SUBJECT"}, +{ERR_FUNC(CRMF_F_CRMF_SET_CERTREQID), "CRMF_SET_CERTREQID"}, +{ERR_FUNC(CRMF_F_CRMF_SET_VERSION2), "CRMF_SET_VERSION2"}, +{0,NULL} + }; + +static ERR_STRING_DATA CRMF_str_reasons[]= + { +{ERR_REASON(CRMF_R_CRMFERROR) ,"crmferror"}, +{ERR_REASON(CRMF_R_ERROR_CALCULATING_AND_SETTING_POPO),"error calculating and setting popo"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_CONTROL_AUTHENTICATOR_ATAV),"error setting control authenticator atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_CONTROL_OLDCERTID_ATAV),"error setting control oldcertid atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_CONTROL_PKIARCHIVEOPTIONS_ATAV),"error setting control pkiarchiveoptions atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_CONTROL_PKIPUBLICATIONINFO_ATAV),"error setting control pkipublicationinfo atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_CONTROL_PROTOCOLENCRKEY_ATAV),"error setting control protocolencrkey atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_POPSIGNINGKEY),"error setting popsigningkey"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_PUBLIC_KEY),"error setting public key"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_REGINFO_CERTREQ_ATAV),"error setting reginfo certreq atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_REGINFO_UTF8PAIRS_ATAV),"error setting reginfo utf8pairs atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_REGTOKEN_ATAV),"error setting regtoken atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_REGTOKEN_CERTREQ_ATAV),"error setting regtoken certreq atav"}, +{ERR_REASON(CRMF_R_ERROR_SETTING_VERSION_2),"error setting version 2"}, +{ERR_REASON(CRMF_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, +{ERR_REASON(CRMF_R_UNSUPPORTED_ALG_FOR_POPSIGNINGKEY),"unsupported alg for popsigningkey"}, +{ERR_REASON(CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO),"unsupported method for creating popo"}, +{0,NULL} + }; + +#endif + +void ERR_load_CRMF_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(CRMF_str_functs[0].error) == NULL) + { + ERR_load_strings(0,CRMF_str_functs); + ERR_load_strings(0,CRMF_str_reasons); + } +#endif + } Index: openssl-1.0.1h-cmp/crypto/crmf/crmf_lib.c =================================================================== --- openssl-1.0.1h-cmp/crypto/crmf/crmf_lib.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/crmf/crmf_lib.c (revision 764) @@ -0,0 +1,699 @@ +/* vim: set cino={1s noet ts=4 sts=4 sw=4: */ +/* crypto/crmf/crmf_lib.c + * CRMF (RFC 4211) library functions for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ +/* NAMING + * The 0 version uses the supplied structure pointer directly in the parent and + * it will be freed up when the parent is freed. In the above example crl would + * be freed but rev would not. + * + * The 1 function uses a copy of the supplied structure pointer (or in some + * cases increases its link count) in the parent and so both (x and obj above) + * should be freed up. + */ +/* ############################################################################ * + * In this file are the functions which set the individual items inside * + * the CRMF structures * + * ############################################################################ */ + +#include +#include +#include +#include +#include +#include + +/* ############################################################################ * + * Pushes the given control attribute into the controls stack of a CertRequest + * (section 6) + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_push0_control( CRMF_CERTREQMSG *certReqMsg, CRMF_ATTRIBUTETYPEANDVALUE *control) + { + int newControls = 0; + + if (!certReqMsg) goto err; + if (!control) goto err; + + if (!(certReqMsg->certReq->controls)) + { + /* as it is OPTIONAL it might not yet be initialized */ + if( !(certReqMsg->certReq->controls = sk_CRMF_ATTRIBUTETYPEANDVALUE_new_null())) goto err; + newControls = 1; /* for potential cleanup in error case */ + } + if (!sk_CRMF_ATTRIBUTETYPEANDVALUE_push( certReqMsg->certReq->controls, control)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_PUSH0_CONTROL, CRMF_R_CRMFERROR); + + if (newControls) + { + sk_CRMF_ATTRIBUTETYPEANDVALUE_pop_free(certReqMsg->certReq->controls, CRMF_ATTRIBUTETYPEANDVALUE_free); + certReqMsg->certReq->controls = NULL; + } + return 0; + } + +/* ############################################################################ * + * sets the id-regCtrl-regToken Control (section 6.1) + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_control_regToken( CRMF_CERTREQMSG *msg, ASN1_UTF8STRING *tok) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!tok) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regCtrl_regToken); + if (!(atav->value.regToken = ASN1_STRING_dup( tok))) goto err; + + if (!CRMF_CERTREQMSG_push0_control( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_REGTOKEN, CRMF_R_ERROR_SETTING_REGTOKEN_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * sets the id-regCtrl-authenticator Control (section 6.2) + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_control_authenticator( CRMF_CERTREQMSG *msg, ASN1_UTF8STRING *auth) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!auth) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regCtrl_authenticator); + if (!(atav->value.regToken = ASN1_STRING_dup( auth))) goto err; + if( !CRMF_CERTREQMSG_push0_control( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_AUTHENTICATOR, CRMF_R_ERROR_SETTING_CONTROL_AUTHENTICATOR_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * sets the id-regCtrl-pkiPublicationInfo Control (section 6.3) + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_control_pkiPublicationInfo( CRMF_CERTREQMSG *msg, CRMF_PKIPUBLICATIONINFO *pubinfo) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!pubinfo) goto err; + + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regCtrl_pkiPublicationInfo); + if (!(atav->value.pkiPublicationInfo = CRMF_PKIPUBLICATIONINFO_dup( pubinfo))) goto err; + if( !CRMF_CERTREQMSG_push0_control( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PKIPUBLICATIONINFO, CRMF_R_ERROR_SETTING_CONTROL_PKIPUBLICATIONINFO_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ + * sets the id-regCtrl-pkiArchiveOptions Control (section 6.4) + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_control_pkiArchiveOptions( CRMF_CERTREQMSG *msg, CRMF_PKIARCHIVEOPTIONS *archopts) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!archopts) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regCtrl_pkiArchiveOptions); + if (!(atav->value.pkiArchiveOptions = CRMF_PKIARCHIVEOPTIONS_dup( archopts))) goto err; + if( !CRMF_CERTREQMSG_push0_control( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PKIARCHIVEOPTIONS, CRMF_R_ERROR_SETTING_CONTROL_PKIARCHIVEOPTIONS_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * sets the id-regCtrl-oldCertID Control (section 6.5) from the given + * certificate + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_control_oldCertId( CRMF_CERTREQMSG *certReqMsg, X509 *oldCert) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; + CRMF_CERTID *certId = NULL; + GENERAL_NAME *gName = NULL; + + if ( !certReqMsg) goto err; + if ( !oldCert) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new()) + || !(certId = CRMF_CERTID_new()) + || !(gName = GENERAL_NAME_new())) + goto err; + + /* X509_NAME_set does not consume the pointer so this is ok */ + X509_NAME_set( &gName->d.directoryName, X509_get_issuer_name( oldCert)); + gName->type = GEN_DIRNAME; + certId->issuer = gName; + if (!(certId->serialNumber = ASN1_INTEGER_dup(X509_get_serialNumber(oldCert)))) goto err; + + atav->type = OBJ_nid2obj(NID_id_regCtrl_oldCertID); + atav->value.oldCertId = certId; + + if (!CRMF_CERTREQMSG_push0_control( certReqMsg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_OLDCERTID, CRMF_R_ERROR_SETTING_CONTROL_OLDCERTID_ATAV); + if (gName) GENERAL_NAME_free(gName); + if (certId) + { + certId->issuer = NULL; + CRMF_CERTID_free(certId); + } + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * For some reason X509_PUBKEY_dup() does not appear to be implemented by + * OpenSSL's X509 code, so we implement it here. It's only needed in the following + * function so it can be declared static. * + * TODO: check whether that should go elsewhere * + * ############################################################################ */ +static IMPLEMENT_ASN1_DUP_FUNCTION(X509_PUBKEY); + +/* ############################################################################ * + * sets the id-regCtrl-protocolEncrKey Control (section 6.6) from the given + * public key + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_control_protocolEncrKey( CRMF_CERTREQMSG *msg, X509_PUBKEY *pubkey) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!pubkey) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regCtrl_protocolEncrKey); + if (!(atav->value.protocolEncrKey = X509_PUBKEY_dup(pubkey))) goto err; + if( !CRMF_CERTREQMSG_push0_control( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_CONTROL_PROTOCOLENCRKEY, CRMF_R_ERROR_SETTING_CONTROL_PROTOCOLENCRKEY_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * Pushes the attribute given in regInfo in to the CertReqMsg->regInfo stack. + * (section 7) + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_push0_regInfo( CRMF_CERTREQMSG *certReqMsg, CRMF_ATTRIBUTETYPEANDVALUE *regInfo) + { + int newRegInfo = 0; + + if (!certReqMsg) goto err; + if (!regInfo) goto err; + + if (!(certReqMsg->regInfo)) + { + /* as it is OPTIONAL it might not yet be initialized */ + if( !(certReqMsg->regInfo = sk_CRMF_ATTRIBUTETYPEANDVALUE_new_null())) goto err; + newRegInfo = 1; + } + if (!sk_CRMF_ATTRIBUTETYPEANDVALUE_push( certReqMsg->regInfo, regInfo)) goto err; + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_PUSH0_REGINFO, CRMF_R_CRMFERROR); + + if (newRegInfo) + { + sk_CRMF_ATTRIBUTETYPEANDVALUE_pop_free(certReqMsg->regInfo, CRMF_ATTRIBUTETYPEANDVALUE_free); + certReqMsg->regInfo = NULL; + } + return 0; +} + +/* ############################################################################ * + * sets the id-regInfo-utf8Pairs to regInfo (section 7.1) from a given + * UTF8string + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_regInfo_utf8Pairs( CRMF_CERTREQMSG *msg, ASN1_UTF8STRING *utf8pairs) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!utf8pairs) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regInfo_utf8Pairs); + if (!(atav->value.utf8pairs = ASN1_STRING_dup( utf8pairs))) goto err; + + if (!CRMF_CERTREQMSG_push0_regInfo( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_UTF8PAIRS, CRMF_R_ERROR_SETTING_REGINFO_UTF8PAIRS_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * sets the id-regInfo-certReq to regInfo (section 7.2) from a given certificate + * request + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_regInfo_certReq( CRMF_CERTREQMSG *msg, CRMF_CERTREQUEST *certReq) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!certReq) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regInfo_certReq); + if (!(atav->value.certReq = CRMF_CERTREQUEST_dup( certReq))) goto err; + + if (!CRMF_CERTREQMSG_push0_regInfo( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_CERTREQ, CRMF_R_ERROR_SETTING_REGINFO_CERTREQ_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * sets the id-regCtrl-regToken to regInfo (not described in RFC) + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_regInfo_regToken( CRMF_CERTREQMSG *msg, ASN1_UTF8STRING *tok) + { + CRMF_ATTRIBUTETYPEANDVALUE *atav=NULL; + + if (!msg) goto err; + if (!tok) goto err; + + if (!(atav = CRMF_ATTRIBUTETYPEANDVALUE_new())) goto err; + + atav->type = OBJ_nid2obj(NID_id_regCtrl_regToken); + if (!(atav->value.regToken = ASN1_STRING_dup( tok))) goto err; + + if (!CRMF_CERTREQMSG_push0_regInfo( msg, atav)) goto err; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_REGINFO_REGTOKEN, CRMF_R_ERROR_SETTING_REGTOKEN_CERTREQ_ATAV); + if (atav) CRMF_ATTRIBUTETYPEANDVALUE_free( atav); + return 0; + } + +/* ############################################################################ * + * sets version to 2 in cert Template (section 5) + * version MUST be 2 if supplied. It SHOULD be omitted. + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set_version2( CRMF_CERTREQMSG *certReqMsg) + { + if (! certReqMsg) goto err; + + if (! certReqMsg->certReq->certTemplate->version) + /* as it is OPTIONAL it might not yet be initialized */ + certReqMsg->certReq->certTemplate->version = ASN1_INTEGER_new(); + ASN1_INTEGER_set( certReqMsg->certReq->certTemplate->version, 2L); + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET_VERSION2, CRMF_R_ERROR_SETTING_VERSION_2); + return 0; + } + +/* ############################################################################ * + * sets notBefore and/or notAfter in certTemplate of the given certreqmsg + * (section 5) - if they are not given as 0 + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set_validity( CRMF_CERTREQMSG *certReqMsg, time_t notBefore, time_t notAfter) + { + CRMF_OPTIONALVALIDITY *validity=NULL; + ASN1_TIME *notBeforeAsn=NULL; + ASN1_TIME *notAfterAsn=NULL; + + if (! certReqMsg) goto err; + + if (notBefore) + { + if( !(notBeforeAsn = ASN1_TIME_set(NULL, notBefore))) goto err; + } + if (notAfter) + { + if( !(notAfterAsn = ASN1_TIME_set(NULL, notAfter))) goto err; + } + if (!(validity = CRMF_OPTIONALVALIDITY_new())) goto err; + + validity->notBefore = notBeforeAsn; + validity->notAfter = notAfterAsn; + + certReqMsg->certReq->certTemplate->validity = validity; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET_VALIDITY, CRMF_R_CRMFERROR); + if (notBeforeAsn) ASN1_TIME_free(notBeforeAsn); + if (notAfterAsn) ASN1_TIME_free(notAfterAsn); + return 0; + } + +/* ############################################################################ * + * set the certReqId (section 5) + * certReqId contains an integer value that is used by the + * certificate requestor to associate a specific certificate request + * with a certificate response. + * returns 0 on error, 1 on success + * ############################################################################ */ +int CRMF_CERTREQMSG_set_certReqId( CRMF_CERTREQMSG *certReqMsg, const long certReqId) + { + if (! certReqMsg) goto err; + if (! certReqMsg->certReq) goto err; + + return ASN1_INTEGER_set(certReqMsg->certReq->certReqId, certReqId); +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET_CERTREQID, CRMF_R_CRMFERROR); + return 0; + } + +/* ############################################################################ * + * set the public Key to the certTemplate (chapgter 5) + * publicKey contains the public key for which the certificate is + * being created. This field MUST be filled in if the requestor + * generates its own key. The field is omitted if the key is + * generated by the RA/CA. + * returns 0 on error, 1 on success + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_publicKey( CRMF_CERTREQMSG *certReqMsg, const EVP_PKEY *pkey) { + if (! certReqMsg) goto err; + if (! pkey) goto err; + + /* this function is not consuming the pointer */ + return X509_PUBKEY_set(&(certReqMsg->certReq->certTemplate->publicKey), (EVP_PKEY*) pkey); +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_PUBLICKEY, CRMF_R_CRMFERROR); + return 0; +} + +/* ############################################################################ * + * Set the subject name in the given certificate template (section 5) + * subject is filled in with the suggested name for the requestor. + * This would normally be filled in by a name that has been + * previously issued to the requestor by the CA. + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_set1_subject( CRMF_CERTREQMSG *certReqMsg, const X509_NAME *subject) { + if (! certReqMsg) goto err; + if (! subject) goto err; + + /* this function is *not* consuming the pointer */ + return X509_NAME_set(&(certReqMsg->certReq->certTemplate->subject), (X509_NAME*) subject); +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_SET1_SUBJECT, CRMF_R_CRMFERROR); + return 0; +} + +/* ############################################################################ * + * push an extension to the extension stack (section 5) + * extensions contains extensions that the requestor wants to have + * placed in the certificate. These extensions would generally deal + * with things such as setting the key usage to keyEncipherment. + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_push0_extension( CRMF_CERTREQMSG *certReqMsg, X509_EXTENSION *ext) { + int createdStack = 0; + + if (! certReqMsg) goto err; + if (! ext) goto err; + + if (! certReqMsg->certReq->certTemplate->extensions) + { + if( !(certReqMsg->certReq->certTemplate->extensions = sk_X509_EXTENSION_new_null())) goto err; + createdStack = 1; + } + + if( !sk_X509_EXTENSION_push(certReqMsg->certReq->certTemplate->extensions, ext)) goto err; + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_PUSH0_EXTENSION, CRMF_R_CRMFERROR); + + if (createdStack) + { + sk_X509_EXTENSION_pop_free( certReqMsg->certReq->certTemplate->extensions, X509_EXTENSION_free); + certReqMsg->certReq->certTemplate->extensions = NULL; + } + return 0; +} + +/* ############################################################################ * + * Create proof-of-posession information by signing the certrequest with our + * private key (section 4.1). Algorithm according to key type. + * Aas default, for RSA+DSA SHA-1, is used for generating the input. + * + * TODO: + * This function does not yet work for cases other than the one listed in case 3 + * of section 4.1. For this it needs to put subject name and public key into + * the POPOSigningKey: + * + 3. The certificate subject places its name in the Certificate + Template structure along with the public key. In this case the + poposkInput field is omitted from the POPOSigningKey structure. + The signature field is computed over the DER-encoded certificate + template structure. + * + * TODO: only RSA/DSA keys are supported so far + * + * returns a pointer to the created CRMF_POPOSIGNINGKEY on success, NULL on + * error + * ############################################################################ */ +CRMF_POPOSIGNINGKEY * CRMF_poposigningkey_new( CRMF_CERTREQUEST *certReq, const EVP_PKEY *pkey) + { + CRMF_POPOSIGNINGKEY *poposig=NULL; + size_t certReqSize, maxSignatureSize; + unsigned int sigLen; + unsigned char *certReqDer=NULL; + unsigned char *signature=NULL; + const EVP_MD *alg=NULL; + + EVP_MD_CTX *ctx=NULL; + + /* NOTE: PoposkInput is not handled here. */ + if( !(poposig = CRMF_POPOSIGNINGKEY_new())) goto err; + /* get DER representation */ + certReqSize = i2d_CRMF_CERTREQUEST( certReq, &certReqDer); + + maxSignatureSize = EVP_PKEY_size( (EVP_PKEY*) pkey); + signature = OPENSSL_malloc(maxSignatureSize); + + /* set the type of the algorithm */ + switch (EVP_PKEY_type(pkey->type)) + { +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + X509_ALGOR_set0(poposig->algorithmIdentifier, OBJ_nid2obj(NID_dsaWithSHA1), V_ASN1_NULL, NULL); + alg = EVP_dss1(); + break; +#endif +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + X509_ALGOR_set0(poposig->algorithmIdentifier, OBJ_nid2obj(NID_sha1WithRSAEncryption), V_ASN1_NULL, NULL); + alg = EVP_sha1(); + break; +#endif + default: + CRMFerr(CRMF_F_CRMF_POPOSIGNINGKEY_NEW, CRMF_R_UNSUPPORTED_ALG_FOR_POPSIGNINGKEY); + goto err; + } + + ctx=EVP_MD_CTX_create(); + if (!(EVP_SignInit_ex(ctx, alg, NULL))) goto err; + if (!(EVP_SignUpdate(ctx, certReqDer, certReqSize))) goto err; + if (!(EVP_SignFinal(ctx, signature, &sigLen, (EVP_PKEY*) pkey))) goto err; + + /* set the signature value */ + if (!(ASN1_BIT_STRING_set( poposig->signature, signature, sigLen))) goto err; + + /* Actually this should not be needed but OpenSSL defaults all bitstrings to be a NamedBitList */ + poposig->signature->flags &= ~0x07; + poposig->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + + /* cleanup */ + OPENSSL_free(certReqDer); + EVP_MD_CTX_destroy(ctx); + OPENSSL_free(signature); + return poposig; +err: + CRMFerr(CRMF_F_CRMF_POPOSIGNINGKEY_NEW, CRMF_R_ERROR_SETTING_POPSIGNINGKEY); + if( poposig) CRMF_POPOSIGNINGKEY_free( poposig); + if( certReqDer) OPENSSL_free(certReqDer); + if( ctx) EVP_MD_CTX_destroy(ctx); + if( signature) OPENSSL_free(signature); + return NULL; + } + +/* ############################################################################ * + * calculate and set the proof of possession based on the popoMethod (define in cmp.h) + * the following types are supported so far (#defines in crfm.h): + * CRMF_POPO_NONE: ProofOfPossession field omitted, CA/RA uses out-of-band method to verify POP (compare RFC 4211, section 4). + * CRMF_POPO_SIGNATURE: according to section 4.1 (only case 3 supported so far) + * CRMF_POPO_ENCRCERT: according to section 4.2 with the indirect method + * (subsequentMessage/enccert) + * + subsequentMessage is used to indicate that the POP will be + completed by decrypting a message from the CA/RA and returning a + response. The type of message to be decrypted is indicated by the + value used. + + encrCert indicates that the certificate issued is to be + returned in an encrypted form. The requestor is required to + decrypt the certificate and prove success to the CA/RA. The + details of this are provided by the CRP. + * returns 1 on success, 0 on error + * ############################################################################ */ +int CRMF_CERTREQMSG_calc_and_set_popo( CRMF_CERTREQMSG *certReqMsg, const EVP_PKEY *pkey, int popoMethod) + { + CRMF_PROOFOFPOSSESION *newPopo=NULL; + + if (popoMethod == CRMF_POPO_NONE) return 1; /* nothing to be done */ + + if (! certReqMsg) goto err; + if (! pkey) goto err; + + if( !(newPopo = CRMF_PROOFOFPOSSESION_new())) goto err; + + switch (popoMethod) + { + case CRMF_POPO_RAVERIFIED: + newPopo->type = CRMF_PROOFOFPOSESSION_RAVERIFIED; + newPopo->value.raVerified = ASN1_NULL_new(); + break; + + case CRMF_POPO_SIGNATURE: + if( !(newPopo->value.signature = CRMF_poposigningkey_new( certReqMsg->certReq, pkey))) goto err; + newPopo->type = CRMF_PROOFOFPOSESSION_SIGNATURE; + break; + + case CRMF_POPO_ENCRCERT: + newPopo->type = CRMF_PROOFOFPOSESSION_KEYENCIPHERMENT; + newPopo->value.keyEncipherment = CRMF_POPOPRIVKEY_new(); + + newPopo->value.keyEncipherment->type = CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE; + + newPopo->value.keyEncipherment->value.subsequentMessage = ASN1_INTEGER_new(); + ASN1_INTEGER_set(newPopo->value.keyEncipherment->value.subsequentMessage, CRMF_SUBSEQUENTMESSAGE_ENCRCERT); + break; + + default: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_CALC_AND_SET_POPO, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO); + goto err; + } + + if(certReqMsg->popo) + /* OPTIONAL but initialized before */ + CRMF_PROOFOFPOSSESION_free(certReqMsg->popo); + certReqMsg->popo = newPopo; + + return 1; +err: + CRMFerr(CRMF_F_CRMF_CERTREQMSG_CALC_AND_SET_POPO, CRMF_R_ERROR_CALCULATING_AND_SETTING_POPO); + if( newPopo) CRMF_PROOFOFPOSSESION_free( newPopo); + return 0; + } + Index: openssl-1.0.1h-cmp/crypto/crmf/crmf_msg.c =================================================================== --- openssl-1.0.1h-cmp/crypto/crmf/crmf_msg.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/crmf/crmf_msg.c (revision 764) @@ -0,0 +1,122 @@ +/* vim: set cino={1s noet ts=4 sts=4 sw=4: */ +/* crypto/crmf/crmf_msg.c + * Functions for creating CRMF (RFC 4211) messages for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +/* ############################################################################ */ +/* In this file are the functions which build and evaluate the CRMF messages */ +/* ############################################################################ */ + +#include +#include +#include +#include +#include +#include +#include + +/* ############################################################################ * + * creates a new CRMF certifcate request message + * TODO there are some optional settings which are not cared for yet + * TODO maybe create a crmf_ctx? + * ############################################################################ */ +CRMF_CERTREQMSG * CRMF_cr_new( const long certReqId, + const EVP_PKEY *pkey, + const X509_NAME *subject, + X509_EXTENSIONS *extensions) + { + CRMF_CERTREQMSG *certReqMsg; + int i; + + if( !(certReqMsg = CRMF_CERTREQMSG_new())) goto err; + +#if 0 + /* version MUST be 2 if supplied. It SHOULD be omitted. */ + CRMF_CERTREQMSG_set_version2( certReqMsg); +#endif + + CRMF_CERTREQMSG_set_certReqId( certReqMsg, certReqId); + if (!CRMF_CERTREQMSG_set1_publicKey( certReqMsg, pkey)) + { + CRMFerr(CRMF_F_CRMF_CR_NEW, CRMF_R_ERROR_SETTING_PUBLIC_KEY); + goto err; + } + + CRMF_CERTREQMSG_set1_subject( certReqMsg, subject); + + /* validity time could be set here */ + + for (i = 0; i < sk_X509_EXTENSION_num(extensions); i++) + /* X509v3_add_ext will allocate new stack if there isn't one already */ + X509v3_add_ext(&certReqMsg->certReq->certTemplate->extensions, sk_X509_EXTENSION_value(extensions, i), i); + + return certReqMsg; +err: + CRMFerr(CRMF_F_CRMF_CR_NEW, CRMF_R_CRMFERROR); + if( certReqMsg) + CRMF_CERTREQMSG_free( certReqMsg); + return NULL; + } + Index: openssl-1.0.1h-cmp/crypto/crmf/crmf_pbm.c =================================================================== --- openssl-1.0.1h-cmp/crypto/crmf/crmf_pbm.c (revision 0) +++ openssl-1.0.1h-cmp/crypto/crmf/crmf_pbm.c (revision 764) @@ -0,0 +1,222 @@ +/* vim: set cino={1s noet ts=4 sts=4 sw=4: */ +/* crypto/crmf/crmf_pbm.c + * CRMF (RFC 4211) "Password Based Mac" functions for OpenSSL + */ +/* ==================================================================== + * Originally written by Martin Peylo for the OpenSSL project. + * + * 2010-2012 Miikka Viljanen + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2007-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +#include +#include +#include +#include +#include +#include +#include + +#define SALT_LEN 16 +#define ITERATION_COUNT 500 + +/* ############################################################################ * + * creates and initializes CRMF_PBMPARAMETER (section 4.4) + * returns pointer to CRMF_PBMPARAMETER on success, NULL on error + * TODO: this should take the parameters to be set via the arguments + * ############################################################################ */ +CRMF_PBMPARAMETER * CRMF_pbm_new(void) + { + CRMF_PBMPARAMETER *pbm=NULL; + unsigned char salt[SALT_LEN]; + + if(!(pbm = CRMF_PBMPARAMETER_new())) goto err; + + /* salt contains a randomly generated value used in computing the key + * of the MAC process. The salt SHOULD be at least 8 octets (64 + * bits) long. + */ + RAND_pseudo_bytes(salt, SALT_LEN); + if (!(ASN1_OCTET_STRING_set(pbm->salt, salt, SALT_LEN))) goto err; + + /* owf identifies the algorithm and associated parameters used to + * compute the key used in the MAC process. All implementations MUST + * support SHA-1. + */ + /* TODO right now SHA-1 is hardcoded */ + X509_ALGOR_set0(pbm->owf, OBJ_nid2obj(NID_sha1), V_ASN1_UNDEF, NULL); + + /* + iterationCount identifies the number of times the hash is applied + during the key computation process. The iterationCount MUST be a + minimum of 100. Many people suggest using values as high as 1000 + iterations as the minimum value. The trade off here is between + protection of the password from attacks and the time spent by the + server processing all of the different iterations in deriving + passwords. Hashing is generally considered a cheap operation but + this may not be true with all hash functions in the future. + */ + ASN1_INTEGER_set(pbm->iterationCount, ITERATION_COUNT); + + /* mac identifies the algorithm and associated parameters of the MAC + function to be used. All implementations MUST support HMAC-SHA1 + [HMAC]. All implementations SHOULD support DES-MAC and Triple- + DES-MAC [PKCS11]. + */ + /* TODO right now HMAC-SHA1 is hardcoded */ + /* X509_ALGOR_set0(mac, OBJ_nid2obj(NID_id_alg_dh_sig_hmac_sha1), V_ASN1_UNDEF, NULL); */ + X509_ALGOR_set0(pbm->mac, OBJ_nid2obj(NID_hmac_sha1), V_ASN1_UNDEF, NULL); + + return pbm; +err: + if(pbm) CRMF_PBMPARAMETER_free(pbm); + return NULL; + } + + +/* ############################################################################ + * this function calculates the PBM based on the settings of the given CRMF_PBMPARAMENTER + * @pbm identifies the algorithms to use + * @msg message to apply the PBM for + * @msgLen length of the message + * @secret key to use + * @secretLen length of the key + * @mac pointer to the computed mac, is allocated here, will be freed if not + * pointing to NULL + * @macLen pointer to the length of the mac, will be set + * + * returns 1 at success, 0 at error + * ############################################################################ */ +int CRMF_passwordBasedMac_new( const CRMF_PBMPARAMETER *pbm, + const unsigned char* msg, size_t msgLen, + const unsigned char* secret, size_t secretLen, + unsigned char** mac, unsigned int* macLen + ) + { + const EVP_MD *m=NULL; + EVP_MD_CTX *ctx=NULL; + unsigned char basekey[EVP_MAX_MD_SIZE]; + unsigned int basekeyLen; + long iterations; + + if (!mac) goto err; + if( *mac) OPENSSL_free(*mac); + + if (!pbm) goto err; + if (!msg) goto err; + if (!secret) goto err; + + *mac = OPENSSL_malloc(EVP_MAX_MD_SIZE); + + OpenSSL_add_all_digests(); + + /* + * owf identifies the algorithm and associated parameters used to + * compute the key used in the MAC process. All implementations MUST + * support SHA-1. + */ + if (!(m = EVP_get_digestbyobj(pbm->owf->algorithm))) goto err; + + ctx=EVP_MD_CTX_create(); + + /* compute the basekey of the salted secret */ + if (!(EVP_DigestInit_ex(ctx, m, NULL))) goto err; + /* first the secret */ + EVP_DigestUpdate(ctx, secret, secretLen); + /* then the salt */ + EVP_DigestUpdate(ctx, pbm->salt->data, pbm->salt->length); + if (!(EVP_DigestFinal_ex(ctx, basekey, &basekeyLen))) goto err; + + /* the first iteration is already done above -> -1 */ + iterations = ASN1_INTEGER_get(pbm->iterationCount)-1; + while( iterations--) + { + if (!(EVP_DigestInit_ex(ctx, m, NULL))) goto err; + EVP_DigestUpdate(ctx, basekey, basekeyLen); + if (!(EVP_DigestFinal_ex(ctx, basekey, &basekeyLen))) goto err; + } + + /* + * mac identifies the algorithm and associated parameters of the MAC + * function to be used. All implementations MUST support HMAC-SHA1 + * [HMAC]. All implementations SHOULD support DES-MAC and Triple- + * DES-MAC [PKCS11]. + */ + switch (OBJ_obj2nid(pbm->mac->algorithm)) + { + case NID_hmac_sha1: + HMAC(EVP_sha1(), basekey, basekeyLen, msg, msgLen, *mac, macLen); + break; + /* optional TODO: DES-MAC, Triple DES-MAC */ + /* which NIDs to use for these algorithms??? */ + default: + CRMFerr(CRMF_F_CRMF_PASSWORDBASEDMAC_NEW, CRMF_R_UNSUPPORTED_ALGORITHM); + goto err; + } + + /* cleanup */ + EVP_MD_CTX_destroy(ctx); + + return 1; +err: + if( mac && *mac) OPENSSL_free(*mac); + CRMFerr(CRMF_F_CRMF_PASSWORDBASEDMAC_NEW, CRMF_R_CRMFERROR); + return 0; + } Index: openssl-1.0.1h-cmp/apps/Makefile =================================================================== --- openssl-1.0.1h-cmp/apps/Makefile (revision 750) +++ openssl-1.0.1h-cmp/apps/Makefile (working copy) @@ -39,7 +39,8 @@ ca crl rsa rsautl dsa dsaparam ec ecparam \ x509 genrsa gendsa genpkey s_server s_client speed \ s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \ - pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp + pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp \ + cmp PROGS= $(PROGRAM).c @@ -56,7 +57,7 @@ x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \ - spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o + spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o cmp.o E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \ pkcs7.c crl2p7.c crl.c \ @@ -64,7 +65,7 @@ x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \ - spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c srp.c + spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c srp.c cmp.c SRC=$(E_SRC) Index: openssl-1.0.1h-cmp/apps/progs.h =================================================================== --- openssl-1.0.1h-cmp/apps/progs.h (revision 750) +++ openssl-1.0.1h-cmp/apps/progs.h (working copy) @@ -47,6 +47,7 @@ extern int prime_main(int argc,char *argv[]); extern int ts_main(int argc,char *argv[]); extern int srp_main(int argc,char *argv[]); +extern int cmp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 @@ -151,6 +152,9 @@ #ifndef OPENSSL_NO_SRP {FUNC_TYPE_GENERAL,"srp",srp_main}, #endif +#ifndef OPENSSL_NO_CMP + {FUNC_TYPE_GENERAL,"cmp",cmp_main}, +#endif #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, #endif Index: openssl-1.0.1h-cmp/apps/cmp.c =================================================================== --- openssl-1.0.1h-cmp/apps/cmp.c (revision 0) +++ openssl-1.0.1h-cmp/apps/cmp.c (revision 764) @@ -0,0 +1,747 @@ +/* vim: set cinoptions={1s: */ +/* apps/cmp.c + */ +/* ==================================================================== + * Written by Miikka Viljanen, based on cmpclient by Martin Peylo + */ +/* ==================================================================== + * Copyright (c) 2007-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + */ +/* ==================================================================== + * Copyright 2012-2014 Nokia Oy. ALL RIGHTS RESERVED. + * CMP support in OpenSSL originally developed by + * Nokia for contribution to the OpenSSL project. + */ + +/* ============================== TODO List ============================== + * TODO: actually send the genm for requesting the CKUANN message + */ + +#include + +#include +#include +#include +#include "apps.h" + +#define CONFIG_FILE "openssl.cnf" +#define CMP_SECTION "cmp" +#undef PROG +#define PROG cmp_main + +#include +#include +#include + +static CONF *conf=NULL; /* OpenSSL config file context structure */ +static BIO *bio_c_out=NULL; /* OpenSSL BIO for printing to STDOUT */ + +/* the type of cmp command we want to send */ +typedef enum { CMP_IR, + CMP_KUR, + CMP_CR, + CMP_RR, + CMP_CKUANN, + } cmp_cmd_t; + +/* type of a cmdline option. + * - OPT_BOOL does not take an additional argument and just + * toggles something on or off + * - OPT_NUM takes a number argument and sets that to a variable + * - OPT_TXT copies the argument text to a buffer + * */ +typedef enum { OPT_BOOL, OPT_NUM, OPT_TXT } opttype_t; +typedef struct + { + const char *name; + const char *help; + opttype_t type; + union { + char **txt; + long *num; + } v; + } opt_t; + +static char *opt_server=NULL; +static char *server_address=NULL; +static long server_port=0; +static char *opt_path="/"; + +static char *opt_cmd_s=NULL; +static int opt_cmd=-1; +static char *opt_user=NULL; +static char *opt_pass=NULL; + +static char *opt_cert=NULL; +static char *opt_key=NULL; +static char *opt_keypass=NULL; + +static char *opt_certout=NULL; +static char *opt_newkey=NULL; +static char *opt_newkeypass=NULL; + +static char *opt_srvcert=NULL; +static char *opt_trusted=NULL; +static char *opt_untrusted=NULL; +static char *opt_keyfmt_s="PEM"; +static char *opt_certfmt_s="PEM"; +static int opt_keyfmt=FORMAT_PEM; +static int opt_certfmt=FORMAT_PEM; + +static char *opt_extcerts=NULL; +static char *opt_subject=NULL; +static char *opt_recipient=NULL; + +static char *opt_cacertsout=NULL; +static char *opt_extracertsout=NULL; + +static char *opt_proxy=NULL; +static int opt_proxyPort=0; + +/* Table of commandline options. + * NOTE: this table is also used to parse options from + * openssl's config file (openssl.cnf) !*/ +static opt_t cmp_opts[]={ + { "server", "The 'ADDRESS:PORT' for the CMP server", OPT_TXT, {&opt_server} }, + { "path", "Path location inside the server", OPT_TXT, {&opt_path} }, + { "cmd", "CMP command to execute: ir/kur/cr/rr/ckuann/...", OPT_TXT, {&opt_cmd_s} }, + { "user", "Username for doing the IR with a pre-shared key", OPT_TXT, {&opt_user} }, + { "pass", "Password for doing the IR with a pre-shared key", OPT_TXT, {&opt_pass} }, + + { "cert", "Client's current certificate", OPT_TXT, {&opt_cert} }, + { "key", "Key for the client's current certificate", OPT_TXT, {&opt_key} }, + { "keypass", "Password for the key", OPT_TXT, {&opt_keypass} }, + + { "certout", "Where to save the new certificate", OPT_TXT, {&opt_certout} }, + { "newkey", "Key file to use for the new certificate", OPT_TXT, {&opt_newkey} }, + { "newkeypass", "Password for the new keyfile", OPT_TXT, {&opt_newkeypass} }, + + { "srvcert", "Certificate of the CMP server", OPT_TXT, {&opt_srvcert} }, + { "trusted", "A file of trusted certificates", OPT_TXT, {&opt_trusted} }, + { "untrusted", "A file of untrusted certificates", OPT_TXT, {&opt_untrusted} }, + + { "keyfmt", "Format to use for key files. Default PEM.", OPT_TXT, {&opt_keyfmt_s} }, + { "certfmt", "Format to use for certificate files. Default PEM.", OPT_TXT, {&opt_certfmt_s} }, + + { "extcerts", "List of certificate files to include in outgoing messages", OPT_TXT, {&opt_extcerts} }, + { "subject", "X509 subject name to be used in the requested certificate template", OPT_TXT, {&opt_subject} }, + { "recipient", "X509 name of the recipient", OPT_TXT, {&opt_recipient} }, + + { "extracertsout", "File where to save extra certificates received", OPT_TXT, {&opt_extracertsout} }, + { "cacertsout", "File where to save received CA certificates (from IR)", OPT_TXT, {&opt_cacertsout} }, + + { "proxy", "Address of HTTP proxy server to use for the request", OPT_TXT, {&opt_proxy} }, + { "proxyport", "Port of the proxy server", OPT_NUM, {&opt_proxyPort} }, +}; + +/* ########################################################################## * + * print out the help text for each commandline option + * ########################################################################## */ +static void show_help(void) + { + const int ALIGN_COL=15; + opt_t *o=cmp_opts; + int i=0,j=0; + + BIO_puts(bio_err, "\nusage: cmp args\n"); + for (i=0; i < sizeof(cmp_opts)/sizeof(cmp_opts[0]); i++,o++) + { + BIO_printf(bio_err, " -%s", o->name); + for (j=ALIGN_COL-strlen(o->name); j > 0; j--) + BIO_puts(bio_err, " "); + BIO_printf(bio_err, " -%s\n", o->help); + } + BIO_puts(bio_err, "\n"); + } + +/* ########################################################################## * + * use the commandline option table to read values from the [ cmp ] section of + * openssl.cnf. Defaults are taken from the config file, they can be + * overwritten on the command line + * ########################################################################## */ +static void read_config(CONF *conf) + { + opt_t *opt=cmp_opts; + int i=0; + + for (i=0; i < sizeof(cmp_opts)/sizeof(cmp_opts[0]); i++,opt++) + { + switch(opt->type) + { + case OPT_BOOL: + case OPT_NUM: + NCONF_get_number_e(conf, CMP_SECTION, opt->name, opt->v.num); + break; + case OPT_TXT: + *opt->v.txt = NCONF_get_string(conf, CMP_SECTION, opt->name); + break; + default: + break; + } + } + + ERR_clear_error(); + } + +/* ########################################################################## * + * verify that all the necessary options have been set + * prints reason for error to bio_err + * returns 1 on success, 0 on error + * ########################################################################## */ +static int check_options(void) + { + if (opt_server) + { + char *p=strrchr(opt_server, ':'); + size_t addrlen=0; + if (p == NULL) + { + BIO_puts(bio_err, "error: missing server port\n"); + goto err; + } + addrlen=(size_t)p - (size_t)opt_server; + server_address=OPENSSL_malloc(addrlen+1); + if (server_address == NULL) + { + BIO_puts(bio_err, "error: out of memory\n"); + goto err; + } + strncpy(server_address, opt_server, addrlen); + server_address[addrlen]=0; + server_port=atoi(++p); + } + else + { + BIO_puts(bio_err, "error: missing server address\n"); + goto err; + } + + if (opt_cmd_s) + { + if (!strcmp(opt_cmd_s, "ir")) opt_cmd = CMP_IR; + else if (!strcmp(opt_cmd_s, "kur")) opt_cmd = CMP_KUR; + else if (!strcmp(opt_cmd_s, "cr")) opt_cmd = CMP_CR; + else if (!strcmp(opt_cmd_s, "rr")) opt_cmd = CMP_RR; + else if (!strcmp(opt_cmd_s, "ckuann")) opt_cmd = CMP_CKUANN; + else + { + BIO_printf(bio_err, "error: unknown cmp command '%s'\n", opt_cmd_s); + goto err; + } + } + else + { + BIO_puts(bio_err, "error: no cmp command to execute\n"); + goto err; + } + + switch (opt_cmd) + { + case CMP_IR: + if (!(opt_user && opt_pass) && !(opt_cert && opt_key)) + { + BIO_puts(bio_err, "error: missing user/pass or existing certificate and key for ir\n"); + goto err; + } + + if (opt_cert && !(opt_srvcert || opt_trusted)) + { + BIO_puts(bio_err, "error: using client certificate but no server certificate or trusted store set\n"); + goto err; + } + break; + case CMP_KUR: + case CMP_CR: + case CMP_RR: + if (!(opt_cert && opt_key)) + { + BIO_puts(bio_err, "error: missing certificate and key\n"); + goto err; + } + + if (!opt_srvcert && !opt_trusted) + { + BIO_puts(bio_err, "error: no server certificate or trusted store set\n"); + goto err; + } + break; + case CMP_CKUANN: + /* TODO: sending the empty GENM to request the CKUANN */ + break; + } + + if (opt_cmd == CMP_IR || opt_cmd == CMP_KUR) + { + if (!opt_newkey) + { + BIO_puts(bio_err, "error: missing new key file\n"); + goto err; + } + if (!opt_certout) + { + BIO_puts(bio_err, "error: certout not given, nowhere save certificate\n"); + goto err; + } + } + + if (opt_keyfmt_s) + opt_keyfmt=str2fmt(opt_keyfmt_s); + + if (opt_certfmt_s) + opt_certfmt=str2fmt(opt_certfmt_s); + + return 1; + + err: + return 0; + } + +/* ########################################################################## * + * create cert store structure with certificates read from givenfile + * returns pointer to created X509_STORE on success, NULL on error + * ########################################################################## */ +static X509_STORE *create_cert_store(char *file) + { + X509_STORE *cert_ctx=NULL; + X509_LOOKUP *lookup=NULL; + + cert_ctx=X509_STORE_new(); + if (cert_ctx == NULL) goto err; + + lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); + if (lookup == NULL) goto err; + + X509_LOOKUP_load_file(lookup, file, + opt_certfmt==FORMAT_ASN1 ? X509_FILETYPE_ASN1 : X509_FILETYPE_PEM); + + return cert_ctx; + +err: + return NULL; + } + +/* ########################################################################## * + * set up the CMP_CTX structure based on options from config file/CLI + * prints reason for error to bio_err + * returns 1 on success, 0 on error + * ########################################################################## */ +static int setup_ctx(CMP_CTX *ctx) + { + EVP_PKEY *pkey=NULL; + EVP_PKEY *newPkey=NULL; + X509 *clcert=NULL; + X509 *srvcert=NULL; + + CMP_CTX_set1_serverName(ctx, server_address); + CMP_CTX_set1_serverPath(ctx, opt_path); + CMP_CTX_set1_serverPort(ctx, server_port); + + if (opt_user && opt_pass) + { + CMP_CTX_set1_referenceValue(ctx, (unsigned char*)opt_user, strlen(opt_user)); + CMP_CTX_set1_secretValue(ctx, (unsigned char*)opt_pass, strlen(opt_pass)); + } + + if (opt_key && + !(pkey=load_key(bio_err, opt_key, opt_keyfmt, 0, opt_keypass, NULL, "key"))) + { + BIO_printf(bio_err, "error: unable to load private key '%s'\n", opt_key); + goto err; + } + if (pkey) CMP_CTX_set0_pkey(ctx, pkey); + + if (opt_newkey && + !(newPkey=load_key(bio_err, opt_newkey, opt_keyfmt, 0, opt_newkeypass, NULL, "newkey"))) + { + BIO_printf(bio_err, "error: unable to load private key '%s'\n", opt_newkey); + goto err; + } + if (newPkey) CMP_CTX_set0_newPkey(ctx, newPkey); + + if (opt_cert && + !(clcert=load_cert(bio_err, opt_cert, opt_certfmt, NULL, NULL, "clcert"))) + { + BIO_printf(bio_err, "error: unable to load client certificate '%s'\n", opt_cert); + goto err; + } + if (clcert) CMP_CTX_set1_clCert(ctx, clcert); + + if (opt_srvcert && + !(srvcert=load_cert(bio_err, opt_srvcert, opt_certfmt, NULL, NULL, "cacert"))) + { + BIO_printf(bio_err, "error: unable to load server certificate '%s'\n", opt_srvcert); + goto err; + } + if (srvcert) CMP_CTX_set1_caCert(ctx, srvcert); + + if (opt_trusted && !CMP_CTX_set0_trustedStore(ctx, create_cert_store(opt_trusted))) + { + BIO_printf(bio_err, "error: unable to load trusted store '%s'\n", opt_trusted); + goto err; + } + + if (opt_untrusted && !CMP_CTX_set0_untrustedStore(ctx, create_cert_store(opt_untrusted))) + { + BIO_printf(bio_err, "error: unable to load untrusted store '%s'\n", opt_untrusted); + goto err; + } + + if (opt_subject) + { + X509_NAME *n=parse_name(opt_subject, MBSTRING_ASC, 0); + if (n == NULL) + { + BIO_printf(bio_err, "error: unable to parse subject name '%s'\n", opt_subject); + goto err; + } + CMP_CTX_set1_subjectName(ctx, n); + } + + if (opt_recipient) + { + X509_NAME *n=parse_name(opt_recipient, MBSTRING_ASC, 0); + if (n == NULL) + { + BIO_printf(bio_err, "error: unable to parse recipient name '%s'\n", opt_recipient); + goto err; + } + CMP_CTX_set1_recipient(ctx, n); + } + + if (opt_proxy) + { + if (opt_proxyPort != 0) + { + CMP_CTX_set1_proxyName(ctx, opt_proxy); + CMP_CTX_set1_proxyPort(ctx, opt_proxyPort); + } + else + { + BIO_printf(bio_err, "error: no port given for proxy at '%s'\n", opt_proxy); + goto err; + } + } + + CMP_CTX_set_HttpTimeOut(ctx, 5*60); + + return 1; + + err: + return 0; + } + + +/* ########################################################################## * + * write out the given certificate to the output specified by bio. + * depending on options use either PEM or DER format + * returns 1 on success, 0 on error + * ########################################################################## */ +static int write_cert(BIO *bio, X509 *cert) + { + if ( (opt_certfmt == FORMAT_PEM && PEM_write_bio_X509(bio, cert)) + || (opt_certfmt == FORMAT_ASN1 && i2d_X509_bio(bio, cert)) ) + return 1; + return 0; + } + +/* ########################################################################## * + * writes out the received CA certs to the given file + * returns number of written certificates on success, 0 on error + * ########################################################################## */ +static int save_capubs(CMP_CTX *cmp_ctx, char *destFile) + { + X509 *cert = NULL; + BIO *bio=NULL; + int n = 0; + + if (!destFile || (bio=BIO_new(BIO_s_file())) == NULL || + !BIO_append_filename(bio,(char *)destFile)) + goto err; + + BIO_printf(bio_c_out, "Received %d CA certificates, saving to %s\n", CMP_CTX_caPubs_num(cmp_ctx), destFile); + while ( (cert=CMP_CTX_caPubs_pop(cmp_ctx)) != NULL) + { + if (write_cert(bio, cert)) + n++; + else + BIO_printf(bio_err,"ERROR writing certificate to %s!\n", destFile); + } + return n; + +err: + BIO_printf(bio_err, "ERROR: could not open '%s' for writing\n", destFile); + return 0; + } + +/* ########################################################################## * + * writes out the received extraCerts to the given file + * returns number of written certificates on success, 0 on error + * ########################################################################## */ +static int save_extracerts(CMP_CTX *cmp_ctx, char *destFile) + { + X509 *cert = NULL; + BIO *bio=NULL; + int n = 0; + + if (!destFile || (bio=BIO_new(BIO_s_file())) == NULL || + !BIO_append_filename(bio,(char *)destFile)) + goto err; + + BIO_printf(bio_c_out, "Received %d extra certificates, saving to %s\n", CMP_CTX_extraCertsIn_num(cmp_ctx), destFile); + while ( (cert=CMP_CTX_extraCertsIn_pop(cmp_ctx)) != NULL) + { + if (write_cert(bio, cert)) + n++; + else + BIO_printf(bio_err,"ERROR writing certificate to %s!\n", destFile); + } + return n; + +err: + BIO_printf(bio_err, "ERROR: could not open '%s' for writing\n", destFile); + return 0; + } + + +/* ########################################################################## * + * ########################################################################## */ +int MAIN(int argc, char **argv) + { + char *configfile=NULL; + long errorline=-1; + char *tofree=NULL; /* used as getenv returns a direct pointer to the environment setting */ + int badops=0; + int ret=1; + CMP_CTX *cmp_ctx; + X509 *newcert=NULL; + + if (argc <= 1) + { + badops=1; + goto bad_ops; + } + + if (!strcmp(argv[1], "-help")) + { + show_help(); + goto err; + } + + apps_startup(); + ERR_load_crypto_strings(); + bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); + + if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); + if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); + if (configfile == NULL) + { + const char *s=X509_get_default_cert_area(); + size_t len; + + len = strlen(s)+sizeof(CONFIG_FILE)+1; + tofree=OPENSSL_malloc(len); + BUF_strlcpy(tofree,s,len); + BUF_strlcat(tofree,"/"CONFIG_FILE,len); + configfile=tofree; + } + + /* read default values for options from openssl.cnf */ + if (configfile) + { + BIO_printf(bio_err,"Using configuration from %s\n",configfile); + conf = NCONF_new(NULL); + if (NCONF_load(conf,configfile,&errorline) <= 0) + { + if (errorline <= 0) + BIO_printf(bio_err,"error loading the config file '%s'\n", + configfile); + else + BIO_printf(bio_err,"error on line %ld of config file '%s'\n", + errorline,configfile); + } + else + read_config(conf); + } + + if(tofree) + { + OPENSSL_free(tofree); + tofree = NULL; + } + + /* parse commandline options */ + while (--argc > 0 && ++argv) + { + opt_t *opt=cmp_opts; + char *arg=*argv; + int found,i; + + if (*arg++ != '-' || *arg == 0) + { + badops=1; + break; + } + + found=0; + for (i=0; i < sizeof(cmp_opts)/sizeof(cmp_opts[0]); i++,opt++) + { + if (opt->name && !strcmp(arg, opt->name)) + { + if (argc <= 1 && opt->type != OPT_BOOL) + { + BIO_printf(bio_err, "missing argument for '-%s'\n", opt->name); + badops=1; + goto bad_ops; + } + switch(opt->type) + { + case OPT_BOOL: + *opt->v.num = 1; + break; + case OPT_NUM: + *opt->v.num = atoi(*++argv); + argc--; + break; + case OPT_TXT: + *opt->v.txt = *++argv; + argc--; + break; + default: + badops=1; + break; + } + found=1; + } + } + + if (!found) + { + BIO_printf(bio_err, "unknown argument: '%s'\n", *argv); + badops=1; + goto bad_ops; + } + } + + if (!badops) + badops = check_options() == 0; + +bad_ops: + if (badops) + { + show_help(); + goto err; + } + + if (!(cmp_ctx = CMP_CTX_create()) || !setup_ctx(cmp_ctx)) + { + BIO_puts(bio_err, "error creating new cmp context\n"); + goto err; + } + + /* everything is ready, now connect and preform the command! */ + switch (opt_cmd) + { + case CMP_IR: + newcert = CMP_doInitialRequestSeq(cmp_ctx); + if (!newcert) + goto err; + if (opt_cacertsout && CMP_CTX_caPubs_num(cmp_ctx) > 0) + save_capubs(cmp_ctx, opt_cacertsout); + break; + case CMP_KUR: + newcert = CMP_doKeyUpdateRequestSeq(cmp_ctx); + if (!newcert) + goto err; + break; + case CMP_CR: + newcert = CMP_doCertificateRequestSeq(cmp_ctx); + if (!newcert) + goto err; + break; + case CMP_RR: + CMP_doRevocationRequestSeq(cmp_ctx); + break; + case CMP_CKUANN: + /* TODO: sending the empty GENM to request the CKUANN */ + break; + default: break; + } + + if (opt_extracertsout && CMP_CTX_extraCertsIn_num(cmp_ctx) > 0) + save_extracerts(cmp_ctx, opt_extracertsout); + + if (newcert && opt_certout) + { + BIO *b = NULL; + BIO_printf(bio_c_out, "saving certificate to '%s'...\n", opt_certout); + b=BIO_new(BIO_s_file()); + if (b == NULL || !BIO_write_filename(b, opt_certout)) + { + BIO_printf(bio_err, "error: unable to open file '%s' for writing\n", opt_certout); + goto err; + } + if (opt_certfmt == FORMAT_ASN1) + ret = i2d_X509_bio(b, newcert) == 0; + else + ret = PEM_write_bio_X509(b, newcert)==0; + + if (ret) goto err; + } + + ret=0; +err: + if (ret != 0) + ERR_print_errors_fp(stderr); + + OPENSSL_EXIT(ret); + } + Index: openssl-1.0.1h-cmp/Makefile.org =================================================================== --- openssl-1.0.1h-cmp/Makefile.org (revision 750) +++ openssl-1.0.1h-cmp/Makefile.org (working copy) @@ -135,6 +135,10 @@ BASEADDR= +# Curl stuff +CURL_INCLUDE= +LIBCURL= + DIRS= crypto ssl engines apps test tools ENGDIRS= ccgost SHLIBDIRS= crypto ssl @@ -147,7 +151,7 @@ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts jpake srp store cmac + cms pqueue ts jpake srp store cmac cmp crmf # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... @@ -218,6 +222,7 @@ SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ + CURL_INCLUDE='$(CURL_INCLUDE)' LIBCURL='$(LIBCURL)' \ EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ Index: openssl-1.0.1h-cmp/doc/crypto/CMP_CTX.pod =================================================================== --- openssl-1.0.1h-cmp/doc/crypto/CMP_CTX.pod (revision 0) +++ openssl-1.0.1h-cmp/doc/crypto/CMP_CTX.pod (revision 764) @@ -0,0 +1,354 @@ +=pod + +=head1 NAME + + CMP_CTX_create, + CMP_CTX_init, + CMP_CTX_delete, + CMP_CTX_set1_referenceValue, + CMP_CTX_set1_secretValue, + CMP_CTX_set1_caCert, + CMP_CTX_set1_clCert, + CMP_CTX_set1_oldClCert, + CMP_CTX_set1_subjectName, + CMP_CTX_set1_newClCert, + CMP_CTX_set0_pkey, + CMP_CTX_set0_newPkey, + CMP_CTX_set1_pkey, + CMP_CTX_set1_newPkey, + CMP_CTX_set1_transactionID, + CMP_CTX_set1_recipNonce, + CMP_CTX_set1_serverName, + CMP_CTX_set_option, + CMP_CTX_caPubs_pop, + CMP_CTX_caPubs_num, + CMP_CTX_set1_caPubs, + CMP_CTX_policyOID_push1, + CMP_CTX_set1_extraCertsOut, + CMP_CTX_extraCertsOut_push1, + CMP_CTX_extraCertsOut_num, + CMP_CTX_set1_extraCertsIn, + CMP_CTX_extraCertsIn_pop, + CMP_CTX_extraCertsIn_num, + CMP_CTX_set0_trustedStore, + CMP_CTX_set0_untrustedStore, + CMP_CTX_set_error_callback, + CMP_CTX_set_debug_callback + + CMP_CTX_failInfoCode_get + CMP_CTX_set1_popoMethod + CMP_CTX_set1_proxyName + CMP_CTX_set1_proxyPort + CMP_CTX_set1_recipient + CMP_CTX_set1_serverPath + CMP_CTX_set1_serverPort + CMP_CTX_set_HttpTimeOut + CMP_CTX_set_certConf_callback + CMP_CTX_subjectAltName_push1 + +=head1 SYNOPSIS + + #include + + CMP_CTX *CMP_CTX_create(); + int CMP_CTX_init( CMP_CTX *ctx); + void CMP_CTX_delete(CMP_CTX *ctx); + + int CMP_CTX_set1_referenceValue( CMP_CTX *ctx, const unsigned char *ref, size_t len); + int CMP_CTX_set1_secretValue( CMP_CTX *ctx, const unsigned char *sec, const size_t len); + int CMP_CTX_set1_caCert( CMP_CTX *ctx, const X509 *cert); + int CMP_CTX_set1_clCert( CMP_CTX *ctx, const X509 *cert); + int CMP_CTX_set1_oldClCert( CMP_CTX *ctx, const X509 *cert); + int CMP_CTX_set1_subjectName( CMP_CTX *ctx, const X509_NAME *name); + int CMP_CTX_set1_newClCert( CMP_CTX *ctx, const X509 *cert); + int CMP_CTX_set0_pkey( CMP_CTX *ctx, const EVP_PKEY *pkey); + int CMP_CTX_set0_newPkey( CMP_CTX *ctx, const EVP_PKEY *pkey); + int CMP_CTX_set1_pkey( CMP_CTX *ctx, const EVP_PKEY *pkey); + int CMP_CTX_set1_newPkey( CMP_CTX *ctx, const EVP_PKEY *pkey); + int CMP_CTX_set1_transactionID( CMP_CTX *ctx, const ASN1_OCTET_STRING *id); + int CMP_CTX_set1_recipNonce( CMP_CTX *ctx, const ASN1_OCTET_STRING *nonce); + int CMP_CTX_set1_serverName( CMP_CTX *ctx, const char *name); + int CMP_CTX_set1_serverPort( CMP_CTX *ctx, int port); + X509 *CMP_CTX_caPubs_pop( CMP_CTX *ctx); + int CMP_CTX_caPubs_num( CMP_CTX *ctx); + int CMP_CTX_set1_caPubs( CMP_CTX *ctx, const STACK_OF(X509) *caPubs); + int CMP_CTX_policyOID_push1( CMP_CTX *ctx, const char *policyOID); + + int CMP_CTX_set1_extraCertsOut( CMP_CTX *ctx, const STACK_OF(X509) *extraCertsOut); + int CMP_CTX_extraCertsOut_push1( CMP_CTX *ctx, const X509 *val); + int CMP_CTX_extraCertsOut_num( CMP_CTX *ctx); + int CMP_CTX_set1_extraCertsIn( CMP_CTX *ctx, const STACK_OF(X509) *extraCertsIn); + X509 *CMP_CTX_extraCertsIn_pop( CMP_CTX *ctx); + int CMP_CTX_extraCertsIn_num( CMP_CTX *ctx); + + int CMP_CTX_set0_trustedStore( CMP_CTX *ctx, X509_STORE *store); + int CMP_CTX_set0_untrustedStore( CMP_CTX *ctx, X509_STORE *store); + + int CMP_CTX_set_error_callback( CMP_CTX *ctx, cmp_logfn_t cb) + int CMP_CTX_set_debug_callback( CMP_CTX *ctx, cmp_logfn_t cb) + + #define CMP_CTX_OPT_UNSET 0 + #define CMP_CTX_OPT_SET 1 + #define CMP_CTX_OPT_IMPLICITCONFIRM 2 + #define CMP_CTX_OPT_POPMETHOD 3 + #define CMP_CTX_OPT_MAXPOLLTIME 4 + #define CMP_CTX_PERMIT_TA_IN_EXTRACERTS_FOR_IR 5 + #define CMP_CTX_SET_SUBJECTALTNAME_CRITICAL 6 + #define CMP_CTX_USE_TLS 7 + int CMP_CTX_set_option( CMP_CTX *ctx, const int opt, const int val); + + unsigned long CMP_CTX_failInfoCode_get(CMP_CTX *ctx); + int CMP_CTX_set1_popoMethod( CMP_CTX *ctx, int method); + int CMP_CTX_set1_proxyName( CMP_CTX *ctx, const char *name); + int CMP_CTX_set1_proxyPort( CMP_CTX *ctx, int port); + int CMP_CTX_set1_recipient( CMP_CTX *ctx, const X509_NAME *name); + int CMP_CTX_set1_serverPath( CMP_CTX *ctx, const char *path); + int CMP_CTX_set1_serverPort( CMP_CTX *ctx, int port); + int CMP_CTX_set_HttpTimeOut( CMP_CTX *ctx, int time); + int CMP_CTX_set_certConf_callback( CMP_CTX *ctx, cmp_certConfFn_t cb); + int CMP_CTX_subjectAltName_push1( CMP_CTX *ctx, const GENERAL_NAME *name); + +=head1 DESCRIPTION + +This is the context API for using CMP (Certificate Management Protocol) with OpenSSL. + +CMP_CTX_create() allocates and initialized an CMP_CTX structure. + +CMP_CTX_init() initializes the context to default values. Transport is set to HTTP, +proof-of-posession method to POPOSigningKey + +CMP_CTX_delete() frees any allocated non-ASN1 fields of CMP_CTX and +calls the ASN1 defined CMP_CTX_free() function to free the rest. + +CMP_CTX_set1_referenceValue() sets the given referenceValue in the given +CMP_CTX structure. + +CMP_CTX_set1_secretValue() sets the given secretValue in the given +CMP_CTX structure. + +CMP_CTX_set1_caCert() sets the given CA Certificate in the given CMP_CTX +structure. + +CMP_CTX_set1_clCert() sets the given Client Certificate in the given +CMP_CTX structure. The Client Certificate will then be used by the +functions to set the "sender" field for messages originating from the +client. The private key belonging to this certificate is then used +create the protection in case of MSG_SIG_ALG. + +CMP_CTX_set1_oldClCert() sets the old certificate that we are updating +in KUR. If this is not set, clCert will be the one being updated. + +CMP_CTX_set1_subjectName() sets the subject name that will be used in +the CertTemplate structure when requesting a new certificate. Note that +if clCert is set, the name will be read from them and this will be +ignored. + +CMP_CTX_set1_newClCert() sets the given (newly obtained) Client +Certificate in the given CMP_CTX structure. + +CMP_CTX_set0_pkey() sets the given EVP_PKEY structure, holding the +private and public keys, belonging to the Client Certificate, in the +given CMP_CTX structure. + +CMP_CTX_set1_pkey() is the same as above, except that it does not +consume the pointer. + +CMP_CTX_set0_newPkey() sets the given EVP_PKEY structure, holding the +private and public keys, which shall be certified, in the given CMP_CTX +structure + +CMP_CTX_set1_newPkey() is the same as above, except that it does not +consume the pointer. + +CMP_CTX_set1_transactionID() sets the given transaction ID in the given +CMP_CTX structure. + +CMP_CTX_set1_recipNonce() sets the given recip nonce in the given +CMP_CTX structure. + +CMP_CTX_set1_serverName() sets the given server Address (as IP or name) +in the given CMP_CTX structure. + +CMP_CTX_set1_serverPort() sets the port of the CMP server to connect to. + +CMP_CTX_set_option() sets the given values to the options +(e.g. CMP_CTX_OPT_IMPLICITCONFIRM) in the given CMP_CTX structure. The +values can be CMP_CTX_OPT_UNSET or CMP_CTX_OPT_SET. Options are always +set to UNSET when the CMP_CTX structure is initialized. + +The following options can be set: + CMP_CTX_OPT_IMPLICITCONFIRM + Request server to enable implicit confirm mode, where the client + does not need to send confirmation upon receiving the + certificate. If the server does not enable implicit confirmation + in the return message, then confirmation is sent anyway. + + CMP_CTX_OPT_POPMETHOD + Proof of posession method to use: + CRMF_POPO_SIGNATURE - sign a value with private key + CRMF_POPO_ENCRCERT - decrypt the encrypted certificate + ("indirect method") + + CMP_CTX_OPT_MAXPOLLTIME + Maximum amount of time, in seconds, to attempt polling for a + response to a message. + + CMP_CTX_PERMIT_TA_IN_EXTRACERTS_FOR_IR + Allow retrieving a trust anchor from extraCers and using that + to validate the certificate chain of an IP message. + + CMP_CTX_OPT_POPMETHOD + Select the proof of posession method to use. Possible values + are: + CRMF_POPO_SIGNATURE + CRMF_POPO_ENCRCERT + CRMF_POPO_RAVERIFIED + +CMP_CTX_caPubs_num() can be used after an Initial Request or Key Update +request to check the number of CA certificates that were sent from the +server. + +CMP_CTX_caPubs_pop() pops one CA certificates of the stack of received +CA certs and returns it + +CMP_CTX_set1_caPubs() copies the given caPubs stack to the context so +that it may be accessed later by CMP_CTX_caPubs_num() and +CMP_CTX_caPubs_pop(). + +CMP_CTX_policyOID_push1() adds the certificate policy OID given by the +string to the X509_EXTENSIONS of the certificate template we are +requesting. + +CMP_CTX_set1_extraCertsOut() sets the stack of extraCerts that will be +sent to remote. + +CMP_CTX_extraCertsOut_push1() adds the given certificate to the outbound +extraCerts stack, without consuming the pointer. + +CMP_CTX_extraCertsOut_num() returns the number of certificates in the +outbound extraCerts stack. + +CMP_CTX_set1_extraCertsIn() sets the stack of extraCerts that was +received from remote. + +CMP_CTX_extraCertsIn_pop() pops and returns one certificate off the +stack of extra certificates received from remote. + +CMP_CTX_extraCertsIn_num() returns the number of certificates that were +received from remote. + +CMP_CTX_set0_trustedStore() sets the X509_STORE type certifice store +containing root CA certificates. This is used for example when +attempting to validate CA certificate path. + +CMP_CTX_set0_untrustedStore() sets the X509_STORE type certifice store +containing intermediate certificates needed for building our own +certificate chain and including it in extraCerts. + +CMP_CTX_set_error_callback() sets a callback function for receiving +error messages. + +CMP_CTX_set_debug_callback() sets a callback function for receiving +debug messages. + +CMP_CTX_failInfoCode_get() returns the CMP error code from the failInfo +field. This is a bit field and the flags for it are specified in +cmp.h. The flags start with CMP_CTX_FAILINFO, for example: +CMP_CTX_FAILINFO_badAlg. + +CMP_CTX_set1_popoMethod() sets the proof-of-posession method to be used +for ir, kur etc. Possible values are defined in crmf.h: + +=over 8 + +=item * CRMF_POPO_NONE - ProofOfPossession field omitted, CA/RA uses out-of-band method to verify POP (compare RFC 4211, section 4). + +=item * CRMF_POPO_SIGNATURE - POP according to RFC 4211, section 4.1 (only case 3 supported so far) - default after CMP_CTX_init. + +=item * CRMF_POPO_ENCRCERT - POP according to RFC 4211, section 4.2 with the indirect method (subsequentMessage/enccert) + +=back + +CMP_CTX_set1_proxyName() sets the hostname of the HTTP proxy to be used +for connecting to the CA server. + +CMP_CTX_set1_proxyPort() sets the port of the HTTP proxy. + +CMP_CTX_set1_recipient() sets the recipient name that will be set in the +PKIHeader, i.e. the X509 name of the CA server. + +CMP_CTX_set1_serverPath() HTTP path of the CMP server on the host. + +CMP_CTX_set1_serverPort() server port to connect to. + +CMP_CTX_set_HttpTimeOut() sets the maximum amount of time an the HTTP +operation is allowed to take before a timeout error is returned. + +CMP_CTX_set_certConf_callback() sets a callback that can be used to +check the certificate received from the server. If the certificate +should be accepted the callback must return 1, and 0 if the certificate +is to be rejected. + +CMP_CTX_subjectAltName_push1() adds the given X509 name to the list of +alternate names on the certificate template request. + +=head1 NOTES + +CMP is defined in RFC 4210 (and CRMF in RFC 4211). + +The implementation of CMP for OpenSSL is still work in progress. The API +might change every release! + +=head1 RETURN VALUES + +CMP_CTX_create() returns a pointer to an initialized CMP_CTX structure. + +All other functions return 0 on error, 1 on success. + +=head1 EXAMPLE + +The following code does an Initial Request: + + cmp_ctx = CMP_CTX_create(); + CMP_CTX_set1_serverName( cmp_ctx, opt_serverName); + CMP_CTX_set1_referenceValue( cmp_ctx, idString, idStringLen); + CMP_CTX_set1_secretValue( cmp_ctx, password, passwordLen); + CMP_CTX_set0_pkey( cmp_ctx, initialPkey); + CMP_CTX_set1_caCert( cmp_ctx, caCert); + + initialClCert = CMP_doInitialRequestSeq(cmp_ctx); + +The following code does an Initial Request with, using an +external identity certificate (RFC 4210, Appendix E.7): + + cmp_ctx = CMP_CTX_create(); + CMP_CTX_set1_serverName( cmp_ctx, opt_serverName); + CMP_CTX_set1_referenceValue( cmp_ctx, idString, idStringLen); + CMP_CTX_set0_pkey( cmp_ctx, initialPkey); + CMP_CTX_set1_caCert( cmp_ctx, caCert); + + initialClCert = CMP_doInitialRequestSeq(cmp_ctx); + +Here externalCert is an X509 certificate granted to the EE by another CA +which is trusted by the current CA the code will connect to. + + +The following code does a Key Update Request: + + cmp_ctx = CMP_CTX_create(); + CMP_CTX_set1_serverName( cmp_ctx, opt_serverName); + CMP_CTX_set0_pkey( cmp_ctx, initialPkey); + CMP_CTX_set0_newPkey( cmp_ctx, updatedPkey); + CMP_CTX_set1_clCert( cmp_ctx, initialClCert); + CMP_CTX_set1_caCert( cmp_ctx, caCert); + + updatedClCert = CMP_doKeyUpdateRequestSeq(cmp_ctx); + + +=head1 TODO + +A lot! + +=head1 SEE ALSO + +CMP_sessions, CMP_http Index: openssl-1.0.1h-cmp/doc/crypto/CMP_http.pod =================================================================== --- openssl-1.0.1h-cmp/doc/crypto/CMP_http.pod (revision 0) +++ openssl-1.0.1h-cmp/doc/crypto/CMP_http.pod (revision 764) @@ -0,0 +1,69 @@ +=pod + +=head1 NAME + + CMP_PKIMESSAGE_http_perform + CMP_get_http_response_code + +=head1 SYNOPSIS + + #include + + int CMP_PKIMESSAGE_http_perform(const CMP_CTX *ctx, const CMP_PKIMESSAGE *msg, CMP_PKIMESSAGE **out); + long CMP_get_http_response_code(const CMP_CTX *ctx); + +=head1 DESCRIPTION + +This is the API for creating a BIO for CMP (Certificate Management +Protocol) over HTTP with OpenSSL utilizing cURL. + +There are two versions of the HTTP code: the default one uses a minimal +HTTP implementation adapted from OCSP (crypto/ocsp/ocsp_ht.c), and the +second one uses libcurl. To enable the libcurl version, one needs to +give 'curl' as an option when running ./config. + +CMP_PKIMESSAGE_http_perform() sends the given pkimessage msg to the CMP server +specified in ctx, and returns the servers response in out. + +CMP_get_http_response_code() returns last http response code from the ctx. + +=head1 NOTES + +CMP is defined in RFC 4210 (and CRMF in RFC 4211). + +=head1 RETURN VALUES + +CMP_get_http_response_code() returns last http response +code of the given bio, 0 on error. Note: This is not available on the +non-curl version. + +=head1 EXAMPLE + +The following code does an Initial Request: + + cmp_ctx = CMP_CTX_create(); + CMP_CTX_set1_serverName( cmp_ctx, opt_serverName); + CMP_CTX_set1_referenceValue( cmp_ctx, idString, idStringLen); + CMP_CTX_set1_secretValue( cmp_ctx, password, passwordLen); + CMP_CTX_set0_newPkey( cmp_ctx, initialPkey); + CMP_CTX_set1_srvCert( cmp_ctx, caCert); + + initialClCert = CMP_doInitialRequestSeq(cmp_ctx); + + +The following code does an Key Update Request: + + cmp_ctx = CMP_CTX_create(); + CMP_CTX_set1_serverName( cmp_ctx, opt_serverName); + CMP_CTX_set0_pkey( cmp_ctx, initialPkey); + CMP_CTX_set0_newPkey( cmp_ctx, updatedPkey); + CMP_CTX_set1_clCert( cmp_ctx, initialClCert); + CMP_CTX_set1_srvCert( cmp_ctx, caCert); + + updatedClCert = CMP_doKeyUpdateRequestSeq(cmp_ctx); + +=head1 TODO + +=head1 SEE ALSO + +CMP_CTX, CMP_session Index: openssl-1.0.1h-cmp/doc/crypto/CMP_lib.pod =================================================================== --- openssl-1.0.1h-cmp/doc/crypto/CMP_lib.pod (revision 0) +++ openssl-1.0.1h-cmp/doc/crypto/CMP_lib.pod (revision 764) @@ -0,0 +1,188 @@ +=pod + +=head1 NAME + + CMP_CERTREPMESSAGE_PKIStatus_get, + CMP_CERTREPMESSAGE_certResponse_get0, + CMP_CERTREPMESSAGE_certType_get, + CMP_CERTSTATUS_set_certHash, + CMP_ERRORMSGCONTENT_PKIStatus_get_string, + CMP_PKIFAILUREINFO_check, + CMP_PKIHEADER_generalInfo_item_push0, + CMP_PKIHEADER_new_senderNonce, + CMP_PKIHEADER_push0_freeText, + CMP_PKIHEADER_push1_freeText, + CMP_PKIHEADER_init, + CMP_PKIHEADER_set1_recipNonce, + CMP_PKIHEADER_set1_recipient, + CMP_PKIHEADER_set1_sender, + CMP_PKIHEADER_set1_senderKID, + CMP_PKIHEADER_set1_transactionID, + CMP_PKIHEADER_set_messageTime, + CMP_PKIHEADER_set_version, + CMP_PKIMESSAGE_check_implicitConfirm, + CMP_PKIMESSAGE_genm_item_push0, + CMP_PKIMESSAGE_get_bodytype, + CMP_PKIMESSAGE_parse_error_msg, + CMP_PKIMESSAGE_set_bodytype, + CMP_PKIMESSAGE_set_implicitConfirm, + CMP_PKISTATUSINFO_PKIstatus_get, + CMP_get_protectionAlg_pbmac, + CMP_protection_new, + CMP_CERTREPMESSAGE_PKIStatusString_get0, + CMP_ITAV_stack_item_push0 + +=head1 SYNOPSIS + + #include + + long CMP_CERTREPMESSAGE_PKIStatus_get( CMP_CERTREPMESSAGE *certRep, long certReqId); + CMP_CERTRESPONSE *CMP_CERTREPMESSAGE_certResponse_get0( CMP_CERTREPMESSAGE *certRep, long certReqId); + int CMP_CERTREPMESSAGE_certType_get( CMP_CERTREPMESSAGE *certRep, long certReqId); + int CMP_CERTSTATUS_set_certHash( CMP_CERTSTATUS *certStatus, const X509 *cert); + char *CMP_ERRORMSGCONTENT_PKIStatus_get_string( CMP_ERRORMSGCONTENT *error); + int CMP_PKIFAILUREINFO_check( ASN1_BIT_STRING *failInfo, int codeBit); + int CMP_PKIHEADER_generalInfo_item_push0(CMP_PKIHEADER *hdr, const CMP_INFOTYPEANDVALUE *itav); + int CMP_PKIHEADER_new_senderNonce(CMP_PKIHEADER *hdr); + int CMP_PKIHEADER_push0_freeText( CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); + int CMP_PKIHEADER_push1_freeText( CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); + int CMP_PKIHEADER_init(CMP_CTX *ctx, CMP_PKIHEADER *hdr); + int CMP_PKIHEADER_set1_recipNonce(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *recipNonce); + int CMP_PKIHEADER_set1_recipient(CMP_PKIHEADER *hdr, const X509_NAME *nm); + int CMP_PKIHEADER_set1_sender(CMP_PKIHEADER *hdr, const X509_NAME *nm); + int CMP_PKIHEADER_set1_senderKID(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *senderKID); + int CMP_PKIHEADER_set1_transactionID(CMP_PKIHEADER *hdr, const ASN1_OCTET_STRING *transactionID); + int CMP_PKIHEADER_set_version(CMP_PKIHEADER *hdr, int version); + int CMP_PKIMESSAGE_check_implicitConfirm(CMP_PKIMESSAGE *msg); + int CMP_PKIMESSAGE_genm_item_push0(CMP_PKIMESSAGE *msg, const CMP_INFOTYPEANDVALUE *itav); + int CMP_PKIMESSAGE_get_bodytype( CMP_PKIMESSAGE *msg); + char *CMP_PKIMESSAGE_parse_error_msg( CMP_PKIMESSAGE *msg, char *errormsg, int bufsize); + int CMP_PKIMESSAGE_set_bodytype( CMP_PKIMESSAGE *msg, int type); + int CMP_PKIMESSAGE_set_implicitConfirm(CMP_PKIMESSAGE *msg); + long CMP_PKISTATUSINFO_PKIstatus_get( CMP_PKISTATUSINFO *statusInfo); + X509_ALGOR *CMP_get_protectionAlg_pbmac(); + ASN1_BIT_STRING *CMP_protection_new(CMP_PKIMESSAGE *pkimessage, const EVP_PKEY *pkey, const ASN1_OCTET_STRING *secret); + STACK_OF(ASN1_UTF8STRING)* CMP_CERTREPMESSAGE_PKIStatusString_get0( CMP_CERTREPMESSAGE *certRep, long certReqId); + int CMP_ITAV_stack_item_push0(STACK_OF(CMP_INFOTYPEANDVALUE) **itav_sk_p, const CMP_INFOTYPEANDVALUE *itav); + +=head1 DESCRIPTION + +CMP_CERTREPMESSAGE_PKIStatus_get() returns the PKIStatus of the given +certReqId inside a CertRepMessage, or -1 on error. + +CMP_CERTREPMESSAGE_certResponse_get0() returns a pointer to the +CertResponse with the given certReqId inside a CertRepMessage. If no +CertResponse is available or if there's an error, the function returns +NULL. + +CMP_CERTREPMESSAGE_certType_get() returns the type of the certificate +contained in the certificate response, or -1 on error. + +CMP_CERTSTATUS_set_certHash() calculates a hash of the certificate, +using the same hash algorithm as is used to create and verify the +certificate signature, and places the has into the certHash field of a +CMP_CERTSTATUS structure. This is used in the certConf message, for +example, to confirm that the certificate was received successfully. + +CMP_PKIFAILUREINFO_check() checks whether a given bit is set within a +given PKIFailureInfo. + +CMP_PKIHEADER_generalInfo_item_push0() adds the given InfoTypeAndValue +item to the hdr->generalInfo stack. + +CMP_PKIHEADER_new_senderNonce() generates a random value for the +hdr->senderNonce field, which is used to proetct the PKIMessage against +replay attacks. + +CMP_PKIHEADER_push0_freeText() pushes an ASN1_UTF8STRING to +hdr->freeText and consume the given pointer. + +CMP_PKIHEADER_push1_freeText() does the same as above, but does not +consume the pointer. + +CMP_PKIHEADER_init() initializes a PKIHeader structure based on the +values in the given CMP_CTX structure. + +CMP_PKIHEADER_set1_recipNonce() sets the recpiNonce field in the given +hdr to the given value. + +CMP_PKIHEADER_set1_recipient() sets the recipient field in the given +PKIHeader to the given X509 Name value, without consuming the pointer. + +CMP_PKIHEADER_set1_sender() sets the sender field in the given PKIHeader +to the given X509 Name value, without consuming the pointer. + +CMP_PKIHEADER_set1_senderKID() Sets hdr->senderKID to the given +string. In IR this is the reference number issued by the CA. In KUR +this is set to the public key ID from the previously issued certificate. + +CMP_PKIHEADER_set1_transactionID() copies the given transactionID to +hdr->transactionID. If the transactionID parameter is NULL, a new random +value is generated for it. + +CMP_PKIHEADER_set_version() sets hdr->pvno to the given integer. + +CMP_PKIMESSAGE_check_implicitConfirm() returns 1 if implicitConfirm is +set in the given PKIMessage, 0 if not. + +CMP_PKIMESSAGE_genm_item_push0() pushes an InfoTypeAndValue item to the +stack of general messages (GenMsg). + +CMP_PKIMESSAGE_get_bodytype() returns the body type of the given +PKIMessage. + +CMP_PKIMESSAGE_parse_error_msg() reads the error messages from the given +PKIMessage, and prints out the results in the given errormsg buffer. + +CMP_PKIMESSAGE_set_bodytype() sets the type of the message contained in +the PKIMessage body field. + +CMP_PKIMESSAGE_set_implicitConfirm() sets implicitConfirm in the +generalInfo field of the header. + +CMP_PKIMESSAGE_protect() protects the given message deciding on the algorithm +depending on the available context information: If there is a secretValue it +selects PBMAC if not and there is a clCert it selects Signature. Generates and +sets the protection to the given pkimessage. + +CMP_PKISTATUSINFO_PKIstatus_get() finds the CertResponse with the given +certReqId inside the given CertRepMessage, and returns the value of +PKIStatus in that message. + +CMP_get_protectionAlg_pbmac() initializes an X509_ALGOR structure for +Password Based MAC. Creates a CRMF_PBMPARAMETER structure for the +parameters. + +CMP_protection_new() calculates the value of protection field for the +PKIMessage, either by using Password based MAC or signing it with a +private key. + +CMP_CERTREPMESSAGE_PKIStatusString_get0() gets the CertResponse with the +given certReqId inside the gven CertReqMessage, and returns the +status->statuString field contained in it. + +CMP_ITAV_stack_item_push0() pushes the given InfoTypeAndValue to the +given stack, creating a new stack if one does not exist yet. + + +=head1 NOTES + +CMP is defined in RFC 4210 (and CRMF in RFC 4211). + +The implementation of CMP for OpenSSL is still work in progress. The API +might change every release! + +=head1 RETURN VALUES + + + +=head1 EXAMPLE + + +=head1 TODO + +A lot! + +=head1 SEE ALSO + +CMP_CTX, CMP_session, CMP_msg, CMP_http Index: openssl-1.0.1h-cmp/doc/crypto/CMP_msg.pod =================================================================== --- openssl-1.0.1h-cmp/doc/crypto/CMP_msg.pod (revision 0) +++ openssl-1.0.1h-cmp/doc/crypto/CMP_msg.pod (revision 764) @@ -0,0 +1,58 @@ +=pod + +=head1 NAME + + CMP_certConf_new, + CMP_cr_new, + CMP_genm_new, + CMP_ir_new, + CMP_kur_new + +=head1 SYNOPSIS + + #include + + CMP_PKIMESSAGE * CMP_ir_new( CMP_CTX *ctx); + CMP_PKIMESSAGE * CMP_cr_new( CMP_CTX *ctx); + CMP_PKIMESSAGE * CMP_kur_new( CMP_CTX *ctx); + CMP_PKIMESSAGE * CMP_certConf_new( CMP_CTX *ctx); + CMP_PKIMESSAGE * CMP_genm_new( CMP_CTX *ctx); + +=head1 DESCRIPTION + +This is the API for creating different CMP related PKIMESSAGES. The +functions allocate a new message and fill it with the relevant data from +the given CMP_CTX. + +CMP_ir_new() creates an Initial Request message. + +CMP_cr_new() creates a Certificate Request message. + +CMP_kur_new() creates a Key Update Request message. + +CMP_certConf_new() creates a Certificate Confirmation message. + +CMP_genm_new() creates a new General Message. + +=head1 NOTES + +CMP is defined in RFC 4210 (and CRMF in RFC 4211). + +The implementation of CMP for OpenSSL is still work in progress. The API +might change every release! + +=head1 RETURN VALUES + +All of the functions return a new CMP_PKIMESSAGE structure containing +the generated message. + +=head1 EXAMPLE + + +=head1 TODO + +A lot! + +=head1 SEE ALSO + +CMP_CTX, CMP_session, CMP_http Index: openssl-1.0.1h-cmp/doc/crypto/CMP_ses.pod =================================================================== --- openssl-1.0.1h-cmp/doc/crypto/CMP_ses.pod (revision 0) +++ openssl-1.0.1h-cmp/doc/crypto/CMP_ses.pod (revision 764) @@ -0,0 +1,77 @@ +=pod + +=head1 NAME + + CMP_doInitialRequestSeq, + CMP_doKeyUpdateRequestSeq, + CMP_doCertificateRequestSeq, + CMP_doGeneralMessageSeq, + CMP_doRevocationRequestSeq + +=head1 SYNOPSIS + + #include + + X509 *CMP_doInitialRequestSeq(CMP_CTX *ctx); + X509 *CMP_doKeyUpdateRequestSeq(CMP_CTX *ctx); + X509 *CMP_doCertificateRequestSeq(CMP_CTX *ctx); + STACK_OF(CMP_INFOTYPEANDVALUE) *CMP_doGeneralMessageSeq(CMP_CTX *ctx, int nid, char *value); + int CMP_doRevocationRequestSeq(CMP_CTX *ctx); + +=head1 DESCRIPTION + +This is the API for doing CMP (Certificate Management Protocol) client-server +message sequences using with OpenSSL. The conveying protocol is HTTP. + +CMP_doInitialRequestSeq() does the transaction which obtains an initial certificate +from the CA. A populated CMP_CTX structure has to be given as arguments. + +CMP_doKeyUpdateRequestSeq() does the transaction which obains a certificate for an +updatded key from the CA. A populated CMP_CTX structure has to be given as arguments. + +CMP_doCertificateRequestSeq() requests an additional certificate for an existing +key from the CA. A populated CMP_CTX structure has to be given as arguments. + +CMP_doGeneralMessageSeq() sends a general message and returns the Infotype and +value structures returned by the server. This can e.g. be used to poll for the +CRL or CA Key Updates. + +CMP_doRevocationRequestSeq() requests the revocation of the used certificate via +an revocation request sent to the server. + +=head1 NOTES + +CMP is defined in RFC 4210 (and CRMF in RFC 4211). + +=head1 RETURN VALUES + +CMP_doInitialRequestSeq(), CMP_doCertificateRequestSeq() and +CMP_doKeyUpdateRequestSeq() return a pointer the newly obtained X509 certificate +on success, NULL on error. + +=head1 EXAMPLE + +See CMP_CTX for examples on how to prepare the context for these +functions. + +=head1 TODO + +The functions for IR, CR and KUR do not yet suppurt requesting multiple +certificates. + +The function for sending GENM does not yet directly support sending multiple +ITAV structures. + +The reason for an IP/KUP/CP returning waiting status as optional sent in a +PKIFreetext structure could be printed/returned to the user. + +The function to request revocation of certificates only can revoke the current +certificate which is also used for signing the messages. It should be changed +so that the certificate to revoke is explicitly given. So far only one +certificate can be revoked although that could be several. + +The message sequences for other CMP operations are missing so far. + +=head1 SEE ALSO + +CMP_CTX, CMP_http Index: openssl-1.0.1h-cmp/doc/apps/openssl_cmp.pod =================================================================== --- openssl-1.0.1h-cmp/doc/apps/openssl_cmp.pod (revision 0) +++ openssl-1.0.1h-cmp/doc/apps/openssl_cmp.pod (revision 764) @@ -0,0 +1,212 @@ + +=pod + +=head1 NAME + +cmp - client for the Certificate Management Protocol (RFC4210) + +=head1 SYNOPSIS + +B B +[B<-server ADDRESS:PORT>] +[B<-path remote_path>] +[B<-cmd ir|kur|cr|rr>] +[B<-user username>] +[B<-pass password>] +[B<-cert filename>] +[B<-key filename>] +[B<-keypass password>] +[B<-certout filename>] +[B<-newkey filename>] +[B<-newkeypass password>] +[B<-srvcert filename>] +[B<-trusted filename>] +[B<-untrusted filename>] +[B<-keyfmt DER|PEM>] +[B<-certfmt DER|PEM>] +[B<-extcerts filenames>] +[B<-subject name>] +[B<-recipient name>] +[B<-extracertsout directory>] +[B<-cacertsout directory>] + +=head1 DESCRIPTION + +The B command is a client implementation for the Certificate +Management Protocol as defined in RFC4210. It can be used to request +certificates from a CA server, update their keys and request the +certificates to be revoked and perform other CMP requests. + +=head1 OPTIONS + +=over 4 + +=item B<-server ADDRESS:PORT> + +The IP address or hostname and port of the CMP server to connect to. + +=item B<-path remote_path> + +HTTP path location to use for the CMP server. + +=item B<-cmd ir|kur|cr|rr> + +CMP command to execute. Currently implemented commands are: + ir - Initial Request + kur - Key Update Request + cr - Certificate Request + rr - Revocation Request + +=item B<-user username> + +Username (reference value) to be used when messages are authenticated +with pre-shared keys. + +=item B<-pass password> + +Password (secret value) to be used when messages are authenticated with +pre-shared keys. + +=item B<-cert filename> + +The client's currently existing certificate. This will be used for +signing messages for example in the Key Update Request, or when +authenticating the IR using an existing certificate (as defined in +appendix E.7 of the RFC). + +=item B<-key filename> + +The corresponding private key file for the client's current certificate given in +the -cert option. + +=item B<-keypass password> + +Password for the private key given with the -key option. If not given here, the +password will be prompted for if needed. + +=item B<-certout filename> + +The file where the newly received certificate should be saved. + +=item B<-newkey filename> + +The file containing the key that we will be requesting the new certificate to be +issued for. For example in IR, CR or KUR. + +=item B<-newkeypass password> + +Password of the new key file given with the -newkey option. If not given here, the +password will be prompted for if needed. + +=item B<-srvcert filename> + +Certificate of the CMP server, to be used if the certificate is available and directly +trusted. + +=item B<-trusted filename> + +A file with trusted certificates. The file could contain multiple +certificates concatenated together. + +=item B<-untrusted filename> + +A file of untrusted certificates needed for path validation. The file can contain +multiple certificates. + +=item B<-keyfmt DER|PEM> + +Format the key files are stored in. Default value is PEM. + +=item B<-certfmt DER|PEM> + +Format the certificate files are stored in. Default value is PEM. + +=item B<-extcerts filenames> + +List of certificate files to include in the extraCerts field of outgoing +requests. + +=item B<-subject name> + +X509 subject name to be used in the requested certificate template. +The argument must be formatted as I, +characters may be escaped by \ (backslash), no spaces are skipped. + +=item B<-recipient name> + +X509 name of the recipient, i.e. the name of the CA we are sending the +request to. If no CA certificate is provided, then at least the +recipient name must be specified in order for the IR to work. +The argument must be formatted as I, +characters may be escaped by \ (backslash), no spaces are skipped. + +=item B<-extracertsout directory> + +Directory where to save any extra certificates received in a response +message. + +=item B<-cacertsout directory> + +Directory where to save received CA certificates (from an Initial +Response message). + +=back + +=head1 EXAMPLES + +=over 4 + +Note: in these examples the '\' means the example should be all on one +line. + +Sending an initial request message to a CMP server running on the local +host, using a pre-shared secret key for authentication. In this example +the client does not have the CA certificate yet, so we specify the CA's +name with -recipient and save any CA certificates that we may receive +under the ./cacerts directory. + + openssl genrsa -out cl_key.pem + openssl cmp -cmd ir -server 127.0.0.1:8080 -path pkix/ -user 1234 -pass password \ + -recipient "/CN=CMPserver" -newkey cl_key.pem -subject "/CN=MyName" \ + -cacertsout capubs.pem -certout cl_cert.pem + +Then, when the keys for this certificate need to be updated, the client +can send a key update request. + + openssl genrsa -out cl_key_new.pem + openssl cmp -cmd kur -server 127.0.0.1:8080 -path pkix/ -cert cl_cert.pem \ + -key cl_key.pem -srvcert capubs.pem -newkey cl_key_new.pem -certout cl_cert_new.pem + +=back + +=head1 TODO + +=over 4 + +=item * Option for selecting the OpenSSL engine to use. + +=item * Option for printing more verbose information. + +=item * Receiving a CKUANN using a CMP general message. Generally: Sending CMP +general messages for requesting certain information. + +=item * Multiple certificate/revocation requests in one session (functionality not yet +available in the library). + +=item * Revocation of other certificates than the one used for signing +certificates (functionality not yet available in the library). + +=item * Message sequences other than IR/CR/KUR/RR (functionality not yet +available in the library). + +=item * Many optionally available settings from the RFC which are not yet +available in the library and are probably not supported by any available CMP +server. + +=back + +=head1 SEE ALSO + +L, L, L + +=cut Index: openssl-1.0.1h-cmp/Configure =================================================================== --- openssl-1.0.1h-cmp/Configure (revision 750) +++ openssl-1.0.1h-cmp/Configure (working copy) @@ -56,6 +56,7 @@ # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. +# [no-]curl [don't] use libcurl for HTTP transport in CMP module # sctp include SCTP support # 386 generate 80386 code # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 @@ -672,6 +673,7 @@ my $zlib=1; # but "no-zlib" is default my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_rfc3779=1; # but "no-rfc3779" is default +my $curl=1; # but no-curl is default my $no_asm=0; my $no_dso=0; my $no_gmp=0; @@ -721,7 +723,8 @@ "shared" => "default", "store" => "experimental", "zlib" => "default", - "zlib-dynamic" => "default" + "zlib-dynamic" => "default", + "curl" => "default" ); my @experimental = (); @@ -789,6 +792,7 @@ s /^threads$/enable-threads/; s /^zlib$/enable-zlib/; s /^zlib-dynamic$/enable-zlib-dynamic/; + s /^curl$/enable-curl/; if (/^no-(.+)$/ || /^disable-(.+)$/) { @@ -916,6 +920,14 @@ { $baseaddr="$1"; } + elsif (/^--with-curl-lib=(.*)$/) + { + $withargs{"curl-lib"}=$1; + } + elsif (/^--with-curl-include=(.*)$/) + { + $withargs{"curl-include"}="-I$1"; + } elsif (/^--cross-compile-prefix=(.*)$/) { $cross_compile_prefix=$1; @@ -1066,6 +1078,8 @@ { $no_shared = 1; } elsif (/^zlib$/) { $zlib = 0; } + elsif (/^curl$/) + { $curl = 0; } elsif (/^static-engine$/) { } elsif (/^zlib-dynamic$/) @@ -1365,6 +1379,24 @@ } } +if ($curl) + { + $cflags = "-DHAVE_CURL $cflags"; + + if (!($cflags =~ m/-DOPENSSL_NO_CMP_CLIENT/)) { + if (defined($withargs{"curl-lib"})) + { + $lflags = "$lflags -L" . $withargs{"curl-lib"}; + } + $lflags .= " -lcurl -lrt " + } + + if (defined($withargs{"curl-include"})) + { + $cflags=$withargs{"curl-include"}." $cflags"; + } + } + # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org my $shared_mark = ""; if ($shared_target eq "") @@ -1653,6 +1685,8 @@ s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; + s/^LIBCURL=.*/LIBCURL=$withargs{"curl-lib"}/; + s/^CURL_INCLUDE=.*/CURL_INCLUDE=$withargs{"curl-include"}/; s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; -------------- next part -------------- A non-text attachment was scrubbed... Name: cmp.patch.gz Type: application/octet-stream Size: 175062 bytes Desc: not available URL: From rt at openssl.org Wed Jul 29 14:48:56 2015 From: rt at openssl.org (Viljanen, Miikka via RT) Date: Wed, 29 Jul 2015 14:48:56 -0000 Subject: [openssl-dev] [openssl.org #3101] [PATCH] Add CMP (RFC 4210) implementation In-Reply-To: <20150729135646.GA367@t60> References: <20140815132905.GA29480@t60> <20150717134005.GA20830@t60> <20150729135646.GA367@t60> Message-ID: Quick update to the patch, this includes a fix for using ECC keys and a few other bugfixes, memory allocation checks and formatting updates. best regards, Miikka _____________________________________________ From: "Viljanen, Miikka (Nokia - FI/Espoo)" Sent: Fri, 17 Jul 2015 16:40:05 +0300 To: rt at openssl.org Subject: Re: [openssl.org #3101] [PATCH] Add CMP (RFC 4210) implementation Hello, please find attached an updated version of the patch. The following changes have been made: - patch is now relative to openssl-master branch as of 2015-07-17 - code has been reformatted to fit with the current openssl style - unnecessary ASN1 function declarations have been cleaned up - functions and structures that should not be declared publicly have been moved to private header files - HTTP code now shares as much code as possible with the implementation in OCSP I'm still importing some patches and updating the code, but I wanted to send the current version in already so that you might be able to review the current state. best regards, Miikka -------------- next part -------------- A non-text attachment was scrubbed... Name: cmp.patch.gz Type: application/octet-stream Size: 171198 bytes Desc: not available URL: