From n.mavrogiannopoulos at gmail.com Fri Jun 2 11:56:45 2017 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Fri, 2 Jun 2017 11:56:45 +0200 Subject: [gnutls-help] [gnutls-devel] DER decoding errors due to time format In-Reply-To: References: <20170509184709.idwqqb3nmccrclmb@roeckx.be> <20170511164631.d7v7i7nmjg5yt5cc@roeckx.be> Message-ID: On Wed, May 31, 2017 at 9:37 AM, Tim R?hsen wrote: >>> >>> And today someone filed this in Debian: >>> https://bugs.debian.org/862335 >> >> I have a patch set which will tolerate incorrectly formatted dates to >> work around these issues in openssl: >> https://gitlab.com/gnutls/gnutls/merge_requests/400 >> >> I am still not sure that tolerating invalid formatted data is a good >> thing, however, in case of infrastructure already deployed based on >> openssl tools, there is not much an administrator/user can do. What >> I'm thinking to do is set a cut-off date after which the original >> strict behavior will be re-instated, though I cannot see how would >> that help eliminating that issue. > > OpenSSL just 'allows' an invalid format, it's not really buggy (at least > not 1.1.1-dev, maybe older versions !?). The question is how many public > deployments are really affected, e.g. how many of the top 1M sites use > certs with invalid dates ? I guess none. My concern are the non-public deployments. E.g., imagine a custom CA infrastructure used to authenticate mobile applications or things like that. These may have had a timezone included in the date which renders the certificate invalid, meaning no gnutls application could be used with that PKI. regards, Nikos From nmav at gnutls.org Wed Jun 7 07:47:48 2017 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 07 Jun 2017 07:47:48 +0200 Subject: [gnutls-help] gnutls 3.5.13 Message-ID: <1496814468.4884.1.camel@gnutls.org> Hello,? ?I've just released gnutls 3.5.13. This is a bug fix release on the 3.5.x branch. * Version 3.5.13 (released 2017-06-07) ** libgnutls: fixed issue with AES-GCM in-place encryption and decryption in ???aarch64. Resolves gitlab issue #204. ** libgnutls: no longer parse the ResponseID field of the status response ???TLS extension. The field is not used by GnuTLS nor is made available to ???calling applications. That addresses a null pointer dereference on server ???side caused by packets containing the ResponseID field. Reported ???by Hubert Kario. [GNUTLS-SA-2017-4] ** libgnutls: tolerate certificates which do not have strict DER time encoding. ???It is possible using 3rd party tools to generate certificates with time fields ???that do not conform to DER requirements. Since 3.4.x these certificates were rejected ???and cannot be used with GnuTLS, however that caused problems with existing private ???certificate infrastructures, which were relying on such certificates (see gitlab ???issue #196). Tolerate reading and using these certificates. ** minitasn1: updated to libtasn1 4.11. ** certtool: allow multiple certificates to be used in --p7-sign with ???the --load-certificate option. Patch by Karl Tarbe. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from .??A list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.13.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.13.tar.xz.sig Note that it has been signed with my openpgp key: pub???3104R/96865171 2008-05-04 [expires: 2028-04-29] uid??????????????????Nikos Mavrogiannopoulos gnutls.org> uid??????????????????Nikos Mavrogiannopoulos gmail.com> sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From emailmandar at gmail.com Thu Jun 8 16:13:01 2017 From: emailmandar at gmail.com (Mandar Joshi) Date: Thu, 8 Jun 2017 19:43:01 +0530 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: On Sun, May 28, 2017 at 4:43 PM, Nikos Mavrogiannopoulos wrote: > Could you catch this fpe using gdb and send if along with the contents of > /proc/cpuinfo? > Hello Nikos, I've attached the sample program, gdb output and cpuinfo as you requested. Please have a look. Regards Mandar Joshi -------------- next part -------------- Processor : ARMv7 Processor rev 1 (v7l) processor : 0 BogoMIPS : 3.27 processor : 1 BogoMIPS : 3.27 processor : 2 BogoMIPS : 3.27 processor : 3 BogoMIPS : 3.27 Features : swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xc05 CPU revision : 1 Hardware : ODROIDC Revision : 000a Serial : 1b00000000000000 -------------- next part -------------- A non-text attachment was scrubbed... Name: encrypttest.c Type: text/x-csrc Size: 650 bytes Desc: not available URL: -------------- next part -------------- (gdb) r 1234123412341234 The program being debugged has been started already. Start it from the beginning? (y or n) r Please answer y or n. The program being debugged has been started already. Start it from the beginning? (y or n) y `/home/surveillance/code/060817/php/encrypttest' has changed; re-reading symbols. (no debugging symbols found) Starting program: /home/surveillance/code/060817/php/encrypttest 1234123412341234 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". ** Message: Init: 0 Program received signal SIGFPE, Arithmetic exception. 0xb6c5e1b4 in raise () from /lib/libc.so.6 (gdb) bt #0 0xb6c5e1b4 in raise () from /lib/libc.so.6 #1 0xb69eb7e0 in __aeabi_ldiv0 () from /usr/lib/libnettle.so.6 #2 0xb69d41b8 in nettle_cbc_encrypt (ctx=0x3b490, f=0xb69cc2a0 , block_size=block_size at entry=0, iv=0x3b470 "", length=16, dst=0xbeffee2c "", src=0xbefff50d "1234123412341234") at cbc.c:53 #3 0xb6f9044c in _cbc_encrypt (ctx=, length=, dst=, src=) at cipher.c:119 #4 0xb6f90c94 in wrap_nettle_cipher_encrypt (_ctx=, plain=0xbefff50d, plain_size=, encr=, encr_size=16) at cipher.c:612 #5 0x00010924 in main () (gdb) From emailmandar at gmail.com Thu Jun 8 16:16:19 2017 From: emailmandar at gmail.com (Mandar Joshi) Date: Thu, 8 Jun 2017 19:46:19 +0530 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: On Sun, May 28, 2017 at 4:43 PM, Nikos Mavrogiannopoulos wrote: > Could you catch this fpe using gdb and send if along with the contents of > /proc/cpuinfo? > Here's the code again. Seems like it was scrubbed from the archives -------------------------- #include #include #include #include int main (int argc, char *argv[]) { gchar *input = argv[1]; gchar encrypted[1024]; memset (encrypted, 0, 1024); gsize size; gnutls_cipher_hd_t handle; gnutls_datum_t key; gsize length; key.data = "abcdabcdabcdabcdabcdabcdabcdabcd"; key.size = 32; g_message ("Init: %d", gnutls_cipher_init (&handle, GNUTLS_CIPHER_AES_256_CBC, &key, NULL)); g_message ("Encrypt: %d", gnutls_cipher_encrypt2 (handle, (void *) input, strlen(input), encrypted, strlen(input))); g_message ("%s", g_base64_encode (encrypted, strlen(input))); return 0; } -------------------------------------- From emailmandar at gmail.com Thu Jun 8 16:48:54 2017 From: emailmandar at gmail.com (Mandar Joshi) Date: Thu, 8 Jun 2017 20:18:54 +0530 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: > I've attached the sample program, gdb output and cpuinfo as you requested. > Please have a look. > block_size in nettle/cbc.c gets set at 0 causing this exception. manually setting it to 16 gets me the correct output. Hope there is a right way to fix this. Regards Mandar Joshi From n.mavrogiannopoulos at gmail.com Fri Jun 9 08:40:35 2017 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Fri, 9 Jun 2017 08:40:35 +0200 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: On Thu, Jun 8, 2017 at 4:16 PM, Mandar Joshi wrote: > On Sun, May 28, 2017 at 4:43 PM, Nikos Mavrogiannopoulos > wrote: >> Could you catch this fpe using gdb and send if along with the contents of >> /proc/cpuinfo? >> > Here's the code again. Seems like it was scrubbed from the archives > > -------------------------- > #include > #include > #include > #include > int main (int argc, char *argv[]) { > gchar *input = argv[1]; > gchar encrypted[1024]; > memset (encrypted, 0, 1024); > gsize size; > gnutls_cipher_hd_t handle; > gnutls_datum_t key; > gsize length; > key.data = "abcdabcdabcdabcdabcdabcdabcdabcd"; > key.size = 32; > g_message ("Init: %d", gnutls_cipher_init (&handle, > GNUTLS_CIPHER_AES_256_CBC, &key, NULL)); > g_message ("Encrypt: %d", gnutls_cipher_encrypt2 (handle, (void *) > input, strlen(input), encrypted, strlen(input))); > g_message ("%s", g_base64_encode (encrypted, strlen(input))); > return 0; > } I see that you are using strlen() on the input data. CBC mode is a block mode, which means you cannot encrypt data of arbitrary size. Any data you encrypt must be a multiple of the block size. I'd recommend to switch to the authenticated encryption API and use that, due to its simplicity. regards, Nikos From emailmandar at gmail.com Fri Jun 9 10:24:05 2017 From: emailmandar at gmail.com (Mandar Joshi) Date: Fri, 9 Jun 2017 13:54:05 +0530 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: > > I see that you are using strlen() on the input data. CBC mode is a > block mode, which means you cannot encrypt data of arbitrary size. Any > data you encrypt must be a multiple of the block size. I'd recommend > to switch to the authenticated encryption API and use that, due to its > simplicity. > I wasn't aware of any other API. Which are the authenticated encryption API functions? Can you please point me to their documentation? Thanks Mandar Joshi From n.mavrogiannopoulos at gmail.com Sat Jun 10 08:53:14 2017 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Sat, 10 Jun 2017 08:53:14 +0200 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: Check the gnutls_cipher_aead* functions at: https://www.gnutls.org/manual/html_node/Symmetric-algorithms.html On Fri, Jun 9, 2017 at 10:24 AM, Mandar Joshi wrote: >> >> I see that you are using strlen() on the input data. CBC mode is a >> block mode, which means you cannot encrypt data of arbitrary size. Any >> data you encrypt must be a multiple of the block size. I'd recommend >> to switch to the authenticated encryption API and use that, due to its >> simplicity. >> > I wasn't aware of any other API. > Which are the authenticated encryption API functions? > Can you please point me to their documentation? > > Thanks > Mandar Joshi From emailmandar at gmail.com Sun Jun 11 00:38:49 2017 From: emailmandar at gmail.com (Mandar Joshi) Date: Sun, 11 Jun 2017 04:08:49 +0530 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: On Sat, Jun 10, 2017 at 12:23 PM, Nikos Mavrogiannopoulos wrote: > Check the gnutls_cipher_aead* functions at: > https://www.gnutls.org/manual/html_node/Symmetric-algorithms.html > Thank You Nikos. I wasn't aware of block length restrictions. My encryption knowledge is bit outdated. Can you give me bit of a primer in them? I want to use GNUTLS_CIPHER_AES_256_CBC. A quick Google told me 16 is the block size. Is 16 the right blocksize of GNUTLS_CIPHER_AES_256_CBC ? Also, in the aeas functions, what values should I provide for none and auth? I just want to encrypt and decrypt a string. Thank You for your patience. Regards Mandar Joshi From emailmandar at gmail.com Thu Jun 15 09:53:18 2017 From: emailmandar at gmail.com (Mandar Joshi) Date: Thu, 15 Jun 2017 13:23:18 +0530 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: wrote: > Check the gnutls_cipher_aead* functions at: > https://www.gnutls.org/manual/html_node/Symmetric-algorithms.html > I must be missing something very simple. gnutls_aead_cipher_init (...) is failing. ----------------------------------------------------------------------------------------------------- #include #include #include int main (int argc, char *argv[]) { unsigned char key[32]; size_t ctext_len, ptext_len; gnutls_aead_cipher_hd_t handle; gnutls_datum_t dkey; assert(gnutls_rnd(GNUTLS_RND_NONCE, key, sizeof(key)) >= 0); dkey.data = (void*) key; dkey.size = gnutls_cipher_get_key_size (GNUTLS_CIPHER_AES_256_CBC); assert(gnutls_aead_cipher_init(&handle, GNUTLS_CIPHER_AES_256_CBC, &dkey) >= 0); return 0; } ----------------------------------------------------------------------------------------------------- fail: fail.c:14: main: Assertion `gnutls_aead_cipher_init(&handle, GNUTLS_CIPHER_AES_256_CBC, &dkey) >= 0' failed. Aborted (core dumped) What am I doing wrong? Thanks Mandar Joshi From n.mavrogiannopoulos at gmail.com Thu Jun 15 10:41:41 2017 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Thu, 15 Jun 2017 10:41:41 +0200 Subject: [gnutls-help] GnuTLS on ARMv7 and HardFP In-Reply-To: References: Message-ID: On Thu, Jun 15, 2017 at 9:53 AM, Mandar Joshi wrote: > wrote: >> Check the gnutls_cipher_aead* functions at: >> https://www.gnutls.org/manual/html_node/Symmetric-algorithms.html >> > > I must be missing something very simple. gnutls_aead_cipher_init (...) > is failing. Unfortuantely there is no AEAD mode involving the existing CBC ciphers. You will have to use GCM or CCM modes. Here is my take on it: https://gitlab.com/gnutls/gnutls/commit/e21b0af8b30e6b62e634bea1ab2b3fcf466c77c6 However, I'd recommend you to consult more sources on crypto primitives usage. regards, Nikos From listserv.traffic at sloop.net Wed Jun 21 20:44:52 2017 From: listserv.traffic at sloop.net (listserv.traffic at sloop.net) Date: Wed, 21 Jun 2017 11:44:52 -0700 Subject: [gnutls-help] certtool re-encrypt key [convert from unencrypted to encrypted] Message-ID: <1139647169.20170621114452@sloop.net> The archives at gmane are down/gone, so can't search the list archives. Google search returns zilch. [My google-foo might be weak...] Trying to encrypt a key after initial generation. The key was created without encryption. I can't manage to get certtool to do this. For example: certtool --load-privkey=ca-key.pem --outfile=ca-key-pass.pem --pkcs-cipher=aes256 Does not work. I've tried quite a myriad of other things/variation too, to no avail. I could probably do this in openssl, but why not do it all in certtool... And before the inevitable chap leaps up and says "Just encrypt the key the first time!" I'll forestall the whining by saying; "Yes, I want the key unencrypted to start." Why? Well... I'll often generate a bunch of keys/certs and I generally want the CA's key unencrypted for ease of generating a batch of signed certs/keys. [I really don't want to type in a complex password each time.] Thus, I'll generate the CA key without encryption. After I'm done generating the batch of certs/keys I'd like to then encrypt [for the first time] the CA key [or perhaps other keys] so it can't be used later without a password. [And yes, I know all about how important not allowing anyone to get the unencrypted key is... and why only a moron would generate it in unencrypted form. Yadda yadda... Assume whatever you want. :) ] I simply want to know how to accomplish key conversion both with a password to no-password and vice-versa using certtool. TIA -Greg From listserv.traffic at sloop.net Wed Jun 21 23:37:18 2017 From: listserv.traffic at sloop.net (listserv.traffic at sloop.net) Date: Wed, 21 Jun 2017 14:37:18 -0700 Subject: [gnutls-help] certtool re-encrypt key [convert from unencrypted to encrypted] In-Reply-To: <1139647169.20170621114452@sloop.net> References: <1139647169.20170621114452@sloop.net> Message-ID: <1543723083.20170621143718@sloop.net> > The archives at gmane are down/gone, so can't search the list archives. > Google search returns zilch. [My google-foo might be weak...] > Trying to encrypt a key after initial generation. The key was created without encryption. > I can't manage to get certtool to do this. > For example: certtool --load-privkey=ca-key.pem > --outfile=ca-key-pass.pem --pkcs-cipher=aes256 > Does not work. > I've tried quite a myriad of other things/variation too, to no avail. > I could probably do this in openssl, but why not do it all in certtool... > And before the inevitable chap leaps up and says "Just encrypt the key > the first time!" I'll forestall the whining by saying; "Yes, I want > the key unencrypted to start." > Why? Well... > I'll often generate a bunch of keys/certs and I generally want the > CA's key unencrypted for ease of generating a batch of signed > certs/keys. [I really don't want to type in a complex password each > time.] > Thus, I'll generate the CA key without encryption. After I'm done > generating the batch of certs/keys I'd like to then encrypt [for the > first time] the CA key [or perhaps other keys] so it can't be used > later without a password. > [And yes, I know all about how important not allowing anyone to get > the unencrypted key is... and why only a moron would generate it in > unencrypted form. Yadda yadda... Assume whatever you want. :) ] > I simply want to know how to accomplish key conversion both with a > password to no-password and vice-versa using certtool. Answering my own question after a lot more experimenting... The following will encrypt a non-encrypted key. [with AES-256-CBC - pretty much the only encryption scheme I'd recommend, unless you have compatibility issues..] certtool --load-privkey=ca-key.pem --to-p8 --outfile=ca-key-pass.pem --pkcs-cipher=aes-256 The method I have for decryption probably isn't the "correct" way, but a fair bit of experimenting didn't find anything better... certtool --infile=ca-key-pass.pem --key-info > ca-key-nopass.pem That will decrypt the key, but will include header info that's not on a "normal" key - so you'll want to strip that off - at the time of writing this, that would be the top seven lines. Glad to be corrected, or have better ways to accomplish the above, if someone knows it. The above were tested on Windows ports of the gnu-tls utilities, but I'd expect them to work exactly the same regardless of platform. On that note: The latest compiled build of the Windows version is really quite old [from late 2016], and hasn't been updated for bugs or security patches. When might a new binary for Windows be available? -Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Thu Jun 22 08:27:14 2017 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 22 Jun 2017 08:27:14 +0200 Subject: [gnutls-help] certtool re-encrypt key [convert from unencrypted to encrypted] In-Reply-To: <1139647169.20170621114452@sloop.net> References: <1139647169.20170621114452@sloop.net> Message-ID: On Wed, Jun 21, 2017 at 8:44 PM, wrote: > The archives at gmane are down/gone, so can't search the list archives. > Google search returns zilch. [My google-foo might be weak...] > > Trying to encrypt a key after initial generation. The key was created without encryption. > > I can't manage to get certtool to do this. > For example: certtool --load-privkey=ca-key.pem --outfile=ca-key-pass.pem --pkcs-cipher=aes256 > Does not work. > I've tried quite a myriad of other things/variation too, to no avail. > I could probably do this in openssl, but why not do it all in certtool... Hi, use: certtool --to-p8 --load-privkey ca-key.pem --outfile=ca-key-pass.pem --pkcs-cipher=aes-256 regards, Nikos