Post Reply 
Adapting proxo 4.5 to the latest OpenSSL DLLs
Jan. 16, 2015, 03:24 PM (This post was last modified: Feb. 24, 2015 01:31 AM by JJoe.)
Post: #35
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
After a week of rather heavy use with no problems, I think it's ready to release the big patch Smile!

Proxomitron 4.5 now working with OpenSSL 1.0.1l

Summary of things added/fixed by this patch:
- No more random crashes/"could not connect" even if site is up
- Certificate verification error messages should be correct now
- Adds SNI, needed to access many sites now
- Checking wildcard certificates correctly
- Checking SubjectAltName extension correctly
- Cipher list is configured to avoid weak/insecure ciphers, and to use strongest encryption level available

It comes in 10(!) parts, which all have to be applied to your Proxomitron (original) exe to work correctly.

1. Update section headers to add space for code (offset, old, new)
Code:
00000118: 00 98
00000119: A0 9B
000001C6: 00 14
000001C8: 12 00
000001C9: 4F 50
000001F0: 1A 00
000001F1: 1A 1C
0000020F: 40 C0

2. Allocate more critical sections, fixing multithreading crashes
Code:
00005A81: D8 B0
00005A82: 00 04
00005AA1: C0 98
00005AA2: 00 04
00005AD9: C0 98
00005ADA: 00 04

3. SslInit: jump to additional SSL initialisation code
Code:
0000E649: 6A E9
0000E64A: 00 C4
0000E64B: 6A 6C
0000E64C: 00 01
0000E64D: 6A 00

4. Update offsets of error and error_depth fields in SSL_CTX structure (so the error messages are actually correct)
Code:
0000E913: 4C 64
0000E920: 48 60
0000E92B: 4C 64
0000E93C: 4C 64

5. Jump to additional code for adding SNI
Old:
Code:
0000EACC: 8B 4E 04 51 8B 15 BC C4 42 00
New:
Code:
0000EACC: E9 6A 68 01 00 90 90 90 90 90

6. Replaced certificate name checking function (SAN and wildcard support)
Old:
Code:
0000EBF0:
81 EC 0C 02-00 00 55 56-8B B4 24 18-02 00 00 C7
44 24 08 00-00 00 00 8B-46 0C 8B 40-1C 8B 48 14
0F BF 68 30-8B 06 89 4C-24 0C 85 C0-74 0E B8 01
00 00 00 5E-5D 81 C4 0C-02 00 00 C3-8B 4E 10 A1
BC C4 42 00-57 53 8D 54-24 18 68 00-02 00 00 52
8B 51 04 6A-0D 52 8D 78-60 8D 98 CC-00 00 00 FF
90 D0 00 00-00 83 C4 04-50 FF 13 83-C4 04 50 FF
17 83 C4 10-83 F8 01 7E-38 8A 54 24-18 8D 4C 24
18 80 FA 2A-75 05 8D 4C-24 19 48 3B-E8 7C 22 83
F8 03 7E 1D-50 51 8B 4C-24 1C 03 E9-2B E8 55 FF
15 B4 61 42-00 83 C4 0C-BF 01 00 00-00 85 C0 74
04 8B 7C 24-10 85 FF 75-18 8B 5E 04-83 C6 14 43
68 C8 9B 42-00 89 5E F0-56 E8 D2 70-FF FF 83 C4
08 8B C7 5B-5F 5E 5D 81-C4 0C 02 00-00 C3 90 90
New (updated 2015-01-18 to fix bug reported below):
Code:
0000EBF0:
80 7D B4 00-74 01 C3 56-57 8B 1D BC-C4 42 00 8B
47 1C FF 70-14 0F BF 40-30 50 FF 76-04 FF 93 D0
00 00 00 85-C0 97 74 53-6A 00 6A 00-6A 55 57 FF
53 64 83 C4-10 85 C0 74-1F 50 8B 70-04 8B 08 E3
0D AD 83 38-02 75 05 E8-4C 00 00 00-E0 F3 58 9C
50 FF 53 4C-58 9D 74 36-57 FF 93 CC-00 00 00 96
6A FF 6A 0D-56 FF 53 60-50 56 FF 53-5C 83 C4 18
85 C0 74 07-E8 1F 00 00-00 74 13 FF-45 B8 8D 45
C8 68 C8 9B-42 00 50 E8-14 71 FF FF-59 59 57 FF
53 50 83 C4-10 5F 5E C3-51 8B 50 04-FF 32 8B 52
08 8B 45 90-8B 4D 8C 66-81 3A 2A 2E-75 17 42 42
83 2C 24 02-80 38 00 75-03 59 EB 19-80 38 2E 9C
40 49 9D 75-EF 3B 0C 24-75 EF 52 50-FF 15 B4 61
42 00 83 C4-0C 85 C0 59-C3 90 90 90-90 90 90 90

7. Fix crash when no certificate available or connection failed
Old:
Code:
0000F370:
C4 42 00 56-53 8B 48 04-51 FF 92 D0-00 00 00 83
C4 04 8B F0-8D 44 24 34-6A 00 50 E8-10 68 FF FF
8B 5C 24 68-83 C4 08 8B-43 1C 8B 48-14 89 4C 24
58 8D 4C 24-34 0F BF 50-30 8D 44 24-48 89 54 24
50 50 51 E8-68 69 FF FF-83 C4 08 8D-54 24 20 68
08 9E 42 00-52 E8 D6 67-FF FF 83 C4-08 8D 44 24
34 8D 4C 24-20 50 51 E8-44 69 FF FF-83 C4 08 8D
54 24 20 68-F0 9D 42 00-52 E8 A2 69-FF FF 83 C4
08 8D 44 24-0C 68 D0 9D-42 00 50 E8-A0 67 FF FF
83 C4 08 83-C7 14 8D 4C-24 0C 57 51-E8 0F 69 FF
FF 83 C4 08-8D 54 24 0C-68 B0 9D 42-00 52 E8 6D
69 FF FF 8B-44 24 1C 83-C4 08 05 00-02 00 00 8D
4C 24 0C 50-51 E8 06 6D-FF FF 83 C4-08 85 C0 74
New:
Code:
0000F370:
C4 42 00 56-53 8B 48 04-51 FF 92 D0-00 00 00 59
8B F0 8D 44-24 34 6A 00-50 E8 12 68-FF FF 8B 5C
24 68 5A 5A-8B 43 1C 8B-48 14 89 4C-24 58 8D 4C
24 34 0F BF-50 30 8D 44-24 48 89 54-24 50 50 51
E8 6B 69 FF-FF 5A 5A 8D-54 24 20 68-08 9E 42 00
52 E8 DA 67-FF FF 5A 5A-8D 44 24 34-8D 4C 24 20
50 51 E8 49-69 FF FF 5A-5A 8D 54 24-20 68 F0 9D
42 00 52 E8-A8 69 FF FF-5A 5A 8D 44-24 0C 68 D0
9D 42 00 50-E8 A7 67 FF-FF 5A 5A 83-C7 14 8D 4C
24 0C 57 51-E8 17 69 FF-FF 5A 5A 8D-54 24 0C 68
B0 9D 42 00-52 E8 76 69-FF FF 8B 44-24 1C 5A 5A
05 00 02 00-00 8D 4C 24-0C 50 51 E8-10 6D FF FF
5A 5A 85 F6-0F 84 DC 00-00 00 90 90-90 85 C0 74

8. Added "SSL_ctrl" function, SNI, multithreaded locking
Old:
Code:
000252F0:
C3 90 90 90-90 90 90 90-90 90 90 90-90 90 90 90
FF 25 F4 61-42 00 FF 25-18 64 42 00-FF 25 EC 63
42 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
New:
Code:
00252F0:
C3 00 53 53-4C 5F 63 74-72 6C 00 90-90 90 90 90
FF 25 F4 61-42 00 FF 25-18 64 42 00-FF 25 EC 63
42 00 68 20-7A 42 00 50-FF 53 3C 58-58 68 F2 5E
42 00 FF 33-FF 15 90 60-42 00 A3 1C-7A 42 00 EB
64 50 50 50-50 50 E9 18-93 FE FF 83-3D 1C 7A 42
00 00 74 28-8B 47 1C 8B-48 14 0F B7-50 30 03 D1
8A 02 C6 02-00 50 52 51-6A 00 6A 37-FF 76 04 FF
15 1C 7A 42-00 83 C4 10-5A 58 88 02-8B 4E 04 51
8B 15 BC C4-42 00 E9 5B-97 FE FF BA-20 67 40 00
58 59 F6 C1-01 75 03 83-C2 20 59 83-C1 09 51 51
50 FF E2 90-90 68 AF 5F-42 00 FF 73-04 FF 15 90
60 42 00 68-7B 5F 42 00-FF D0 58 33-C0 EB 82 43
52 59 50 54-4F 5F 73 65-74 5F 6C 6F-63 6B 69 6E
67 5F 63 61-6C 6C 62 61-63 6B 00 00-00 00 00 00

9. Cipher list. Old bytes there were all zeros.
Code:
00026E20:
41 4C 4C 3A-21 65 4E 55-4C 4C 3A 21-61 4E 55 4C
4C 3A 21 45-58 50 3A 21-44 45 53 3A-21 52 43 32
3A 21 53 53-4C 76 32 3A-21 50 53 4B-3A 21 61 45
43 44 48 3A-21 43 41 4D-45 4C 4C 49-41 3A 21 53
45 45 44 3A-40 53 54 52-45 4E 47 54-48 00 00 00
This patch sets the cipher list to "ALL:!eNULL:!aNULL:!EXP:!DES:!RC2:!SSLv2:!PSK:!aECDH:!CAMELLIA:!SEED:@STRENGTH", you can use a different one if you want as long as it's less than 1504 bytes long Smile! See https://www.openssl.org/docs/apps/ciphers.html for more information.

10. Updated OpenSSL function names list.
Old:
Code:
00028690:
65 72 73 69-6F 6E 00 4F-70 65 6E 53-53 4C 5F 61
64 64 5F 61-6C 6C 5F 61-6C 67 6F 72-69 74 68 6D
73 00 53 53-4C 5F 43 54-58 5F 73 65-74 5F 63 69
70 68 65 72-5F 6C 69 73-74 00 53 53-4C 5F 43 54
58 5F 73 65-74 5F 76 65-72 69 66 79-00 53 53 4C
5F 43 54 58-5F 6C 6F 61-64 5F 76 65-72 69 66 79
5F 6C 6F 63-61 74 69 6F-6E 73 00 58-35 30 39 5F
53 54 4F 52-45 5F 43 54-58 5F 67 65-74 5F 63 75
72 72 65 6E-74 5F 63 65-72 74 00 58-35 30 39 5F
53 54 4F 52-45 5F 43 54-58 5F 67 65-74 5F 65 72
72 6F 72 00-58 35 30 39-5F 53 54 4F-52 45 5F 43
54 58 5F 67-65 74 5F 65-72 72 6F 72-5F 64 65 70
74 68 00 58-35 30 39 5F-4E 41 4D 45-5F 6F 6E 65
6C 69 6E 65-00 58 35 30-39 5F 76 65-72 69 66 79
5F 63 65 72-74 5F 65 72-72 6F 72 5F-73 74 72 69
6E 67 00 58-35 30 39 5F-67 65 74 5F-69 73 73 75
65 72 5F 6E-61 6D 65 00-58 35 30 39-5F 4E 41 4D
45 5F 67 65-74 5F 74 65-78 74 5F 62-79 5F 4E 49
44 00 50 45-4D 5F 77 72-69 74 65 5F-58 35 30 39
5F 41 55 58-00 53 53 4C-5F 67 65 74-5F 65 78 5F
6E 65 77 5F-69 6E 64 65-78 00 53 53-4C 5F 73 65
74 5F 65 78-5F 64 61 74-61 00 53 53-4C 5F 67 65
74 5F 65 78-5F 64 61 74-61 00 58 35-30 39 5F 53
54 4F 52 45-5F 43 54 58-5F 67 65 74-5F 65 78 5F
64 61 74 61-00 53 53 4C-5F 67 65 74-5F 65 78 5F
64 61 74 61-5F 58 35 30-39 5F 53 54-4F 52 45 5F
43 54 58 5F-69 64 78 00-53 53 4C 5F-43 54 58 5F
73 65 74 5F-74 69 6D 65-6F 75 74 00-53 53 4C 5F
6C 6F 61 64-5F 65 72 72-6F 72 5F 73-74 72 69 6E
67 73 00 53-53 4C 5F 6E-65 77 00 53-53 4C 5F 73
65 74 5F 66-64 00 53 53-4C 5F 73 65-74 5F 72 65
61 64 5F 61-68 65 61 64-00 53 53 4C-5F 63 6F 6E
6E 65 63 74-00 53 53 4C-5F 73 65 74-5F 63 6F 6E
6E 65 63 74-5F 73 74 61-74 65 00 53-53 4C 5F 61
63 63 65 70-74 00 53 53-4C 5F 73 65-74 5F 61 63
63 65 70 74-5F 73 74 61-74 65 00 53-53 4C 5F 72
65 61 64 00-53 53 4C 5F-77 72 69 74-65 00 53 53
4C 5F 73 68-75 74 64 6F-77 6E 00 53-53 4C 5F 67
65 74 5F 73-68 75 74 64-6F 77 6E 00-53 53 4C 5F
66 72 65 65-00 53 53 4C-5F 43 54 58-5F 66 72 65
65 00 53 53-4C 5F 73 74-61 74 65 5F-73 74 72 69
6E 67 5F 6C-6F 6E 67 00-53 53 4C 5F-67 65 74 5F
63 75 72 72-65 6E 74 5F-63 69 70 68-65 72 00 53
53 4C 5F 43-49 50 48 45-52 5F 67 65-74 5F 62 69
74 73 00 53-53 4C 5F 43-49 50 48 45-52 5F 67 65
74 5F 6E 61-6D 65 00 53-53 4C 65 61-79 5F 76 65
72 73 69 6F-6E 00 58 35-30 39 5F 67-65 74 5F 73
75 62 6A 65-63 74 5F 6E-61 6D 65 00-53 53 4C 5F
67 65 74 5F-70 65 65 72-5F 63 65 72-74 69 66 69
63 61 74 65-00 53 53 4C-76 32 33 5F-63 6C 69 65
6E 74 5F 6D-65 74 68 6F-64 00 53 53-4C 76 32 33
5F 73 65 72-76 65 72 5F-6D 65 74 68-6F 64 00 00

New:
Code:
00028690:
65 72 73 69-6F 6E 00 53-53 4C 5F 6C-69 62 72 61
72 79 5F 69-6E 69 74 00-53 53 4C 5F-43 54 58 5F
73 65 74 5F-63 69 70 68-65 72 5F 6C-69 73 74 00
53 53 4C 5F-43 54 58 5F-73 65 74 5F-76 65 72 69
66 79 00 53-53 4C 5F 43-54 58 5F 6C-6F 61 64 5F
76 65 72 69-66 79 5F 6C-6F 63 61 74-69 6F 6E 73
00 58 35 30-39 5F 53 54-4F 52 45 5F-43 54 58 5F
67 65 74 5F-63 75 72 72-65 6E 74 5F-63 65 72 74
00 47 45 4E-45 52 41 4C-5F 4E 41 4D-45 53 5F 66
72 65 65 00-58 35 30 39-5F 66 72 65-65 00 58 35
30 39 5F 4E-41 4D 45 5F-6F 6E 65 6C-69 6E 65 00
58 35 30 39-5F 76 65 72-69 66 79 5F-63 65 72 74
5F 65 72 72-6F 72 5F 73-74 72 69 6E-67 00 58 35
30 39 5F 4E-41 4D 45 5F-67 65 74 5F-65 6E 74 72
79 00 58 35-30 39 5F 4E-41 4D 45 5F-67 65 74 5F
69 6E 64 65-78 5F 62 79-5F 4E 49 44-00 58 35 30
39 5F 67 65-74 5F 65 78-74 5F 64 32-69 00 53 53
4C 5F 67 65-74 5F 65 78-5F 6E 65 77-5F 69 6E 64
65 78 00 53-53 4C 5F 73-65 74 5F 65-78 5F 64 61
74 61 00 53-53 4C 5F 67-65 74 5F 65-78 5F 64 61
74 61 00 58-35 30 39 5F-53 54 4F 52-45 5F 43 54
58 5F 67 65-74 5F 65 78-5F 64 61 74-61 00 53 53
4C 5F 67 65-74 5F 65 78-5F 64 61 74-61 5F 58 35
30 39 5F 53-54 4F 52 45-5F 43 54 58-5F 69 64 78
00 53 53 4C-5F 43 54 58-5F 73 65 74-5F 74 69 6D
65 6F 75 74-00 53 53 4C-5F 6C 6F 61-64 5F 65 72
72 6F 72 5F-73 74 72 69-6E 67 73 00-53 53 4C 5F
6E 65 77 00-53 53 4C 5F-73 65 74 5F-66 64 00 53
53 4C 5F 73-65 74 5F 72-65 61 64 5F-61 68 65 61
64 00 53 53-4C 5F 63 6F-6E 6E 65 63-74 00 53 53
4C 5F 73 65-74 5F 63 6F-6E 6E 65 63-74 5F 73 74
61 74 65 00-53 53 4C 5F-61 63 63 65-70 74 00 53
53 4C 5F 73-65 74 5F 61-63 63 65 70-74 5F 73 74
61 74 65 00-53 53 4C 5F-72 65 61 64-00 53 53 4C
5F 77 72 69-74 65 00 53-53 4C 5F 73-68 75 74 64
6F 77 6E 00-53 53 4C 5F-67 65 74 5F-73 68 75 74
64 6F 77 6E-00 53 53 4C-5F 66 72 65-65 00 53 53
4C 5F 43 54-58 5F 66 72-65 65 00 53-53 4C 5F 73
74 61 74 65-5F 73 74 72-69 6E 67 5F-6C 6F 6E 67
00 53 53 4C-5F 67 65 74-5F 63 75 72-72 65 6E 74
5F 63 69 70-68 65 72 00-53 53 4C 5F-43 49 50 48
45 52 5F 67-65 74 5F 62-69 74 73 00-53 53 4C 5F
43 49 50 48-45 52 5F 67-65 74 5F 6E-61 6D 65 00
53 53 4C 65-61 79 5F 76-65 72 73 69-6F 6E 00 58
35 30 39 5F-67 65 74 5F-73 75 62 6A-65 63 74 5F
6E 61 6D 65-00 53 53 4C-5F 67 65 74-5F 70 65 65
72 5F 63 65-72 74 69 66-69 63 61 74-65 00 53 53
4C 76 32 33-5F 63 6C 69-65 6E 74 5F-6D 65 74 68
6F 64 00 53-53 4C 76 32-33 5F 73 65-72 76 65 72
5F 6D 65 74-68 6F 64 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00

Then you will need to use OpenSSL DLLs version 1.0.1l which I attached. These are compiled from the official source and should not need any patching to work on Win9x nor the VC redistributable package; the DLLs here should work too, but I haven't tested them. I started testing this patch with 1.0.1j, which should also work as should all the versions going back to 1.0.1a, but the latest version fixes a few bugs so it would be better to use them. You can see differences between the versions here: http://upstream.rosalinux.ru/versions/openssl.html

With the patch applied, Proxomitron.exe should have the following hashes:
MD5: 0a1e3b087dd35facb4ffcbcac2ddbebb
SHA1: 9442ed2d4a82b40b1b5af08efd2f8045232456a6


Edits:
Jan. 18, 2015 08:47 PM by amy.
Feb. 23, 2015 by JJoe. Changed hashes to reflect bugfix as reported, herbalist, and verified.
Old values were:
MD5: 03259b46fc5eac833830a684c47dc64b
SHA1: 7ee76261088f86957f02fe9590b8b71b08b1025b


Attached File(s)
.zip  OpenSSL_1_0_1_L_win32_DLLs.zip (Size: 583.69 KB / Downloads: 852)
Add Thank You Quote this message in a reply
[-] The following 5 users say Thank You to amy for this post:
eclipse, defconnect, usr, whenever, herbalist
Post Reply 


Messages In This Thread
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs - amy - Jan. 16, 2015 03:24 PM

Forum Jump: