> By raising the limit, you don't suddenly put every application at risk of a DoS, > because these applications won't suddenly use a 16k RSA key. Instead of raising the limit of client key exchange message length more than 2048, why can't we add the "ssl3_check_client_hello" functionality in the ssl/s3_srvr.c because that will "permit appropriate message length". I came across this functionality when I compared the code of openssl-1.0.1p and openssl-1.0.2e. Regards, Saurabh ________________________________ From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of openssl-users-request@xxxxxxxxxxx <openssl-users-request at openssl.org> Sent: Thursday, July 21, 2016 6:38 PM To: openssl-users at openssl.org Subject: openssl-users Digest, Vol 20, Issue 18 Send openssl-users mailing list submissions to openssl-users at openssl.org To subscribe or unsubscribe via the World Wide Web, visit https://mta.openssl.org/mailman/listinfo/openssl-users or, via email, send a message with subject or body 'help' to openssl-users-request at openssl.org You can reach the person managing the list at openssl-users-owner at openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics: 1. Re: Openssl software failure for RSA 16K modulus (Salz, Rich) 2. Re: Openssl software failure for RSA 16K modulus (Salz, Rich) 3. Re: Help finding replacement for ASN1_seq_unpack_X509 (Jim Carroll) 4. Re: [openssl-users] Help finding replacement for ASN1_seq_unpack_X509 (Salz, Rich) 5. Re: Openssl software failure for RSA 16K modulus (Erwann Abalea) 6. Re: Openssl software failure for RSA 16K modulus (Salz, Rich) ---------------------------------------------------------------------- Message: 1 Date: Thu, 21 Jul 2016 12:15:15 +0000 From: "Salz, Rich" <rsalz@xxxxxxxxxx> To: "openssl-users at openssl.org" <openssl-users at openssl.org> Subject: Re: Openssl software failure for RSA 16K modulus Message-ID: <f3934079655b4d8fa3328b21ea62ef6f at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="Windows-1252" > Largest accepted client key exchange message length seems to be set to 2048 bytes. > Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes of pure crypto payload, plus a few bytes of overhead). > OpenSSL is too conservative here. Why not use an ECC key? We have to make trade-offs. Who uses a 16K RSA key? ------------------------------ Message: 2 Date: Thu, 21 Jul 2016 12:17:44 +0000 From: "Salz, Rich" <rsalz@xxxxxxxxxx> To: "openssl-users at openssl.org" <openssl-users at openssl.org> Subject: Re: Openssl software failure for RSA 16K modulus Message-ID: <e8e3f6f5b5a849ab8000dab434aace1d at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="Windows-1252" > We have to make trade-offs. Who uses a 16K RSA key? Let me add some clarification. Is it worth putting every application that uses OpenSSL at risk for a DoS attack with a 16K RSA key? -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz ------------------------------ Message: 3 Date: Thu, 21 Jul 2016 08:52:24 -0400 From: "Jim Carroll" <jim@xxxxxxxxxxx> To: <openssl-users at openssl.org> Subject: Re: Help finding replacement for ASN1_seq_unpack_X509 Message-ID: <00e201d1e34e$ba83f760$2f8be620$@carroll.com> We are porting M2Crypto which is a python swig wrapper around OpenSSL. It currently supports OpenSSL 0.9.8 and we are porting it to 1.1.0. The 1.1.0 branch is really cool (clean, elegant code), but there were a few refactoring's that affected M2Crypto. Most were trivial getter/setter type changes, but a few were in the are of getting rid of some ASN1 processing (which happens to be our weakest point of understanding). We're left with porting the final bit -- which is related to X509 cert handling. Here's a sample use. The caller builds up the call with a the following 'psuedo-sequence'. get_der() is the function we are working on finishing. X508* load_cert_bio(char* filename) { BIO* bio = BIO_new_file(filename, "r"); return PEM_read_bio_X509(bio, NULL, NULL, NULL); } unsigned char* get_der(int* len_out) { X509* cert = load_cert_bio("x509.pem"); X509* ca = load_cert_bio("ca.pem"); STACK_OF(X509)* stack = sk_x509_new_null(); sk_x509_push(stack, cert); sk_x509_push(stack, ca); return ASN1_seq_pack_X509(stack, i2d_X509, NULL, len_out); } The ASN1_seq_pack_X509 was a macro -- and has been removed. > -----Original Message----- > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On > Behalf Of Salz, Rich > Sent: Thursday, July 21, 2016 4:35 AM > To: openssl-users at openssl.org > Subject: Re: [openssl-users] Help finding replacement for > ASN1_seq_unpack_X509 > > > Would it be acceptable to just iterate the stack elements, passing > each X509 > > through i2d_X509 and appending the results -- would that generate > valid > > DER? > > Maybe. It depends on what the receiver is expecting. If it's willing > to read a set of certs until it hits EOF (or equivalent) that's fine. > But if you're sending a SEQUENCE OF certificates then you need to wrap > it in an ASN1/DER container. For example, Netscape Cert Sequence > > Can you post a code snippet? > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )!@4K#@,"&@4`,( &"2J&2(;W#0$' M`0``H((.$3""!#8P@@,>H ,"`0("`0$P#08)*H9(AO<-`0$%!0`P;S$+, D& M`U4$!A,"4T4Q%# 2!@-5! H3"T%D9%1R=7-T($%",28P) 8#500+$QU!9&14 M<G5S="!%>'1E<FYA;"!45% @3F5T=V]R:S$B," &`U4$`Q,9061D5')U<W0@ M17AT97)N86P at 0T$@4F]O=# >%PTP,# U,S Q,#0X,SA:%PTR,# U,S Q,#0X M,SA:,&\Q"S )!@-5! 83`E-%,10P$@8#500*$PM!9&14<G5S="!!0C$F,"0& M`U4$"Q,=061D5')U<W0 at 17AT97)N86P at 5%10($YE='=O<FLQ(C @!@-5! ,3 M&4%D9%1R=7-T($5X=&5R;F%L($-!(%)O;W0P@@$B, T&"2J&2(;W#0$!`04` M`X(!#P`P@@$*`H(!`0"W]QHSYO(`!"TYX$Y;[1^\; _-M?HCML[>FQ$SEZ0I M3'V3G[U*O)/M`QKCC\_E;5!:UI<IE%J L$EZVRZ5_;C*OS<X+1X^D4&M<%;' M\$\_Z#*>=,K(D%3IQE\/>)V:0#P.K&&J7A2/GH>A:E#<UYI.KP6SIG&4G'&S M4& *QQ.=. >&`JCIJ&DF&)"K3+!/(ZLZ3X38W\Z?X6EON]="UVM$Y,>M[FU! M7W):<0 at WLWEEI%F at E#?W`"\-PI)RVM X<ML4J$7$72I]M[36Q.ZLS1-$M\DK MW4,`)?IAN6EJ6",1MZ<SCU9U6?7-*==&MPHK9;;30F\5LKA[^^_I75/5-%HG M`@,!``&C@=PP@=DP'08#51T.!!8$%*V]F'HTM";W^L0F5.\#O> DRU0:, L& M`U4=#P0$`P(!!C /!@-5'1,!`?\$!3 #`0'_,(&9!@-5'2,$@9$P at 8Z %*V] MF'HTM";W^L0F5.\#O> DRU0:H7.D<3!O,0LP"08#500&$P)313$4,!(&`U4$ M"A,+061D5')U<W0 at 04(Q)C D!@-5! L3'4%D9%1R=7-T($5X=&5R;F%L(%14 M4"!.971W;W)K,2(P( 8#500#$QE!9&14<G5S="!%>'1E<FYA;"!#02!2;V]T M@@$!, T&"2J&2(;W#0$!!04``X(!`0"PF^"%)<+6(^(/E@:2G4&8G-F$>8'9 M'EL4!R,V98^PV'>[K$%L1V"#4;#Y,CWG_/8F$\> %J6_6OR'SWAYB2&:XDP' M"H8UO/+>4<32EK?<?D[N</T<.>L,`E$4+8Z]%N#!WT9UYR2M[/1"M(63<!!G MNIT&-4H8TRMZS%%"H7ICT>:[H<4KPC:^$PWFO6-^>7NG"0U JVK=CXK#]O:, M&D(%4=1%]9^G8B%H%2!#/)GG?+TDV*F1%W.(/U8;,3 at 8M'$/FLW(#IZ.+AOA MC)B#RQ\Q\41,Q at 1S279@#\?XO1> :R[IS$P.6IIY#R *+M6>8R8>59*4V((7 M6GO0O,>/3H8$,(($KS""`Y>@`P(!`@(1`. CRQ42 at U.)K6%N>E1G:R$P#08) M*H9(AO<-`0$+!0`P;S$+, D&`U4$!A,"4T4Q%# 2!@-5! H3"T%D9%1R=7-T M($%",28P) 8#500+$QU!9&14<G5S="!%>'1E<FYA;"!45% @3F5T=V]R:S$B M," &`U4$`Q,9061D5')U<W0 at 17AT97)N86P at 0T$@4F]O=# >%PTQ-#$R,C(P M,# P,#!:%PTR,# U,S Q,#0X,SA:,(&;,0LP"08#500&$P)'0C$;,!D&`U4$ M"!,21W)E871E<B!-86YC:&5S=&5R,1 P#@8#500'$P=386QF;W)D,1HP& 8# M500*$Q%#3TU/1$\@0T$@3&EM:71E9#%!,#\&`U4$`Q,X0T]-3T1/(%-(02TR M-38 at 0VQI96YT($%U=&AE;G1I8V%T:6]N(&%N9"!396-U<F4 at 16UA:6P at 0T$P M@@$B, T&"2J&2(;W#0$!`04``X(!#P`P@@$*`H(!`0")L0W:>E,93G!2';Q6 MI at 8FM[A)X);G4:OQ\%H3216CM(P;8+QZ44*G>8RD(M\784Z1U78C"A332@)_ MMAT)@&ZE!#W9NKL6_J&'J2Y#4D,6?*\R4,BF3UKI"-C/DR6<>XCH,&3FI/A6 M@/TJ)!0S%YFL1.5IBZ-&!DO",]3I0)\&L+&LDT"YM0B3.IPJ4Z,0VST at 83Q5 M`X[93G8E`B$I^J-\<79/[N%?@>G[5(#;PWLU4K>$WB(]+# M,7]9O5(WL#-I M+4/K^M:E\9=W9U&,V>XGZ[RE!SAVC*2I./_?C/4#K$F^RO=SF3H/,JN<E3H3 M/0Y&.E=T85"^QD _R^3BGZ(A`@,!``&C@@$7,((!$S ?!@-5'2,$&# 6@!2M MO9AZ-+0F]_K$)E3O`[W@),M4&C =!@-5'0X$%@04DF%K at N&BH*I/[&?QPJ/W MM( `P>PP#@8#51T/`0'_! 0#`@&&,!(&`U4=$P$!_P0(, 8!`?\"`0`P'08# M51TE!!8P% 8(*P8!!04'`P(&""L&`04%!P,$,!$&`U4=( 0*, @P!@8$51T@ M`#!$!@-5'1\$/3 [,#F at -Z UAC-H='1P.B\O8W)L+G5S97)T<G5S="YC;VTO M061D5')U<W1%>'1E<FYA;$-!4F]O="YC<FPP-08(*P8!!04'`0$$*3 G,"4& M""L&`04%!S !AAEH='1P.B\O;V-S<"YU<V5R=')U<W0N8V]M, T&"2J&2(;W M#0$!"P4``X(!`0`;*FZL5<$ZJXC%V.W-5?.J:V$KP D0(YD/Q69J;['UM+5W M7@\"80#??07^$K.D@( `_/L=6VIR`@I!O 6ZP5C5)L+JU4V$^_Z"F,]8&^,B M8YQ2^+L%-JM]6*7>JSMCY=K5<^_LX/M[XJ/_\$(CG,JVC4T^Y$L8`[*H+=38 MNT)+D&F%$-NF-S3H>^ !$*6<RCK'GT^(-&Z*9= :BKNIW,K*-M'T_,)D*36O MUK&G<1'2`T.QCSZ:[)XR4_1VDLJ&- >Y+,KF'$K8F0W!AN*0DOM:0FHC(1#I M9<?UU;M^ZHR%( )BZM$Z!RQ9Q9DS\CB)Y;;I%GH?>13V2A :)OI\BON;,((% M(#""! B@`P(!`@(1`-4+#]T2278FC)\!=Y87SN8P#08)*H9(AO<-`0$+!0`P M at 9LQ"S )!@-5! 83`D=",1LP&08#500($Q)'<F5A=&5R($UA;F-H97-T97(Q M$# .!@-5! <3!U-A;&9O<F0Q&C 8!@-5! H3$4-/34]$3R!#02!,:6UI=&5D M,4$P/P8#500#$SA#3TU/1$\@4TA!+3(U-B!#;&EE;G0 at 075T:&5N=&EC871I M;VX at 86YD(%-E8W5R92!%;6%I;"!#03 >%PTQ-C Q,3,P,# P,#!:%PTQ-S Q M,3(R,S4Y-3E:," Q'C <!@DJADB&]PT!"0$6#VII;4!C87)R;VQL+F-O;3"" M`2(P#08)*H9(AO<-`0$!!0`#@@$/`#""`0H"@@$!`-K\XS'GF('[$TPZLMT= MY]ID(UGI at 9^?K.$F3&?)JS.0Q"6)OD@;8S<+1#[2QFG.S045<BKJ-D6O9FQ\ M<*2_A$&HWT6R`S' 7$<4M7HIO_"G at U#-`1,6W2HZ`,L53(EL?:P_[H%Y/6VB MJU\01/0U<U7T/"K$+CFK\>HV/H^"EPS!W)_L#3<"[3T(BZ3LDTHN"#(\B5A1 M^VO2XN77=+Z\+IU=@1UR!40:,<7&)5,P,O1STRE:UFFYLS65=GVT*:ZY[YK9 M':(_+75)?UCOJQ: M-%=9XH<_VNPXG^;7/:6"2-DDFNH3JMIBVKH$1G/E$ 9 MD8XE<3>#8^@.89*P$#)O+'$"`P$``:."`=<P@@'3,!\&`U4=(P08,!: %))A M:X+AHJ"J3^QG\<*C][2 `,'L,!T&`U4=#@06!!0P:UC0J,N<!7>SB(9<*/G' MV*_ SS .!@-5'0\!`?\$! ,"!: P# 8#51T3`0'_! (P`# =!@-5'24$%C 4 M!@@K!@$%!0<#! 8(*P8!!04'`P(P1 at 8#51T@!#\P/3 [!@PK!@$$`;(Q`0(! M`P4P*S I!@@K!@$%!0<"`18=:'1T<',Z+R]S96-U<F4N8V]M;V1O+FYE="]# M4%,P708#51T?!%8P5#!2H%"@3H9,:'1T<#HO+V-R;"YC;VUO9&]C82YC;VTO M0T]-3T1/4TA!,C4V0VQI96YT075T:&5N=&EC871I;VYA;F1396-U<F5%;6%I M;$-!+F-R;#"!D 8(*P8!!04'`0$$@8,P at 8 P6 8(*P8!!04', *&3&AT=' Z M+R]C<G0N8V]M;V1O8V$N8V]M+T-/34]$3U-(03(U-D-L:65N=$%U=&AE;G1I M8V%T:6]N86YD4V5C=7)E16UA:6Q#02YC<G0P) 8(*P8!!04', &&&&AT=' Z M+R]O8W-P+F-O;6]D;V-A+F-O;3 :!@-5'1$$$S 1 at 0]J:6U 8V%R<F]L;"YC M;VTP#08)*H9(AO<-`0$+!0`#@@$!`&7_YE!"6I-N>DE*'QH34=CM%+[K`1M] M]CL[U/FRY5[^LX>0V\F[3S&JAG>8?S4(\8%YC7"@FZN?&[XNG;*71FB1VC5\ M[C at 1T1/1VFB^.U_DY "31W;:;K"NZ]K)Q3#HO(@&45E,YCJ!NY$AC!C\IGQ: M2/NGP"_K'85*^(.K.&Q*INS)?2E26GN'Y^%BLAID at HA<[DL&']YY*Z 9#&;V MFJ3HYV^Y[HF)FFH-]D/]<5G):'.LJD*"]IJWI4,'-BQ;060E4[7[NKAN!^P\ MBTU&T;&8EQ; '\I'[_^.1-;+K'J.:_]/&2]A0 at L9SC^8NO*8S_4,>"4TRIOH MI'J>$[1$P4TQ@@0C,(($'P(!`3"!L3"!FS$+, D&`U4$!A,"1T(Q&S 9!@-5 M! @3$D=R96%T97(@36%N8VAE<W1E<C$0, X&`U4$!Q,'4V%L9F]R9#$:,!@& M`U4$"A,10T]-3T1/($-!($QI;6ET960Q03 _!@-5! ,3.$-/34]$3R!32$$M M,C4V($-L:65N="!!=71H96YT:6-A=&EO;B!A;F0 at 4V5C=7)E($5M86EL($-! M`A$`U0L/W1))=B:,GP%WEA?.YC )!@4K#@,"&@4`H(("1C 8!@DJADB&]PT! M"0,Q"P8)*H9(AO<-`0<!,!P&"2J&2(;W#0$)!3$/%PTQ-C W,C$Q,C4R,C1: M,",&"2J&2(;W#0$)!#$6!!1G&[GL6/=H8LZE9M4)L7L&;?<.K#!;!@DJADB& M]PT!"0\Q3C!,, H&""J&2(;W#0,', X&""J&2(;W#0,"`@(`@# -!@@JADB& M]PT#`@(!0# '!@4K#@,"!S -!@@JADB&]PT#`@(!*# '!@4K#@,"&C"!P at 8) M*P8!! &"-Q $,8&T,(&Q,(&;,0LP"08#500&$P)'0C$;,!D&`U4$"!,21W)E M871E<B!-86YC:&5S=&5R,1 P#@8#500'$P=386QF;W)D,1HP& 8#500*$Q%# M3TU/1$\@0T$@3&EM:71E9#%!,#\&`U4$`Q,X0T]-3T1/(%-(02TR-38 at 0VQI M96YT($%U=&AE;G1I8V%T:6]N(&%N9"!396-U<F4 at 16UA:6P at 0T$"$0#5"P_= M$DEV)HR?`7>6%\[F,('$!@LJADB&]PT!"1 ""S&!M*"!L3"!FS$+, D&`U4$ M!A,"1T(Q&S 9!@-5! @3$D=R96%T97(@36%N8VAE<W1E<C$0, X&`U4$!Q,' M4V%L9F]R9#$:,!@&`U4$"A,10T]-3T1/($-!($QI;6ET960Q03 _!@-5! ,3 M.$-/34]$3R!32$$M,C4V($-L:65N="!!=71H96YT:6-A=&EO;B!A;F0 at 4V5C M=7)E($5M86EL($-!`A$`U0L/W1))=B:,GP%WEA?.YC -!@DJADB&]PT!`0$% M``2"`0"BA-SZ*7/VI,VOREMEIW/;NJ!T.(Q,&_+LZM3[,K57Q>;>/_E:B,?4 MK5#@,W&"P\/'6&9N(0O:&\E9$LLW&L4A&HFUP*--6&QWBNO"Q&@@SIXKRKY! M_1ADXBJEW(_'N=2L<O%!9/VQ^P]?>'::Q/1SE_GHOFK1&0]"5Q.5WG@#>A65 MB(_+) A!06%L^,:81&8%&!ZR+=BE5G.6@!ENZ? 9F%CZ(<"+? HBSP6%VV8? MTAS31B5,U\:SOL4_RM%C>8G1EAU^KEX8F\F8/,E_>XVZIV_ at N7TL:@M3&I0Q J=3SK\27,?_:X'&P\D7 at _/_32#280-K>N"UZHE-(Y;\OR3/=C```````` ` end ------------------------------ Message: 4 Date: Thu, 21 Jul 2016 12:57:09 +0000 From: "Salz, Rich" <rsalz@xxxxxxxxxx> To: "openssl-users at openssl.org" <openssl-users at openssl.org> Subject: Re: Help finding replacement for ASN1_seq_unpack_X509 Message-ID: <b54c7abdcf9d4d589ff40e7603228ba4 at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="Windows-1252" > STACK_OF(X509)* stack = sk_x509_new_null(); > sk_x509_push(stack, cert); > sk_x509_push(stack, ca); > > return ASN1_seq_pack_X509(stack, i2d_X509, NULL, len_out); Okay, so your just pushing two DER-format blobs one after the other. Yes, what you thought to do is fine. :) ------------------------------ Message: 5 Date: Thu, 21 Jul 2016 12:31:56 +0000 From: Erwann Abalea <Erwann.Abalea@xxxxxxxxxxxx> To: "openssl-users at openssl.org" <openssl-users at openssl.org> Subject: Re: Openssl software failure for RSA 16K modulus Message-ID: <C1C086D5-5270-4595-8ED6-D6D69DF0C7E1 at docusign.com> Content-Type: text/plain; charset="utf-8" > Le 21 juil. 2016 ? 14:17, Salz, Rich <rsalz at akamai.com> a ?crit : > >> We have to make trade-offs. Who uses a 16K RSA key? > > Let me add some clarification. Is it worth putting every application that uses OpenSSL at risk for a DoS attack with a 16K RSA key? By raising the limit, you don?t suddenly put every application at risk of a DoS, because these applications won?t suddenly use a 16k RSA key. Anyway, OpenSSL 1.0.2+ now sets some limits on message sizes (defensive), some tradeoffs have to be done on those limits. According to some sources (NIST and ECRYPT II), 16k RSA provides an equivalent security level of a 512bits ECC key. ------------------------------ Message: 6 Date: Thu, 21 Jul 2016 13:08:52 +0000 From: "Salz, Rich" <rsalz@xxxxxxxxxx> To: "openssl-users at openssl.org" <openssl-users at openssl.org> Subject: Re: Openssl software failure for RSA 16K modulus Message-ID: <e54921bc7b864c64bda6fd688172240c at usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset="utf-8" >By raising the limit, you don?t suddenly put every application at risk of a DoS, > because these applications won?t suddenly use a 16k RSA key. Yes we do, because the other side could send a key, not local config. ------------------------------ Subject: Digest Footer _______________________________________________ openssl-users mailing list openssl-users at openssl.org https://mta.openssl.org/mailman/listinfo/openssl-users ------------------------------ End of openssl-users Digest, Vol 20, Issue 18 ********************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160721/8adbeccb/attachment-0001.html>