Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-17 Thread Tim Ruehsen 
On Friday 05 December 2014 18:12:59 Jérémie Courrèges-Anglas wrote:
 Hi,
 
 Tim Rühsen tim.rueh...@gmx.de writes:
  Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas:
  Hi,
  
  Giuseppe Scrivano gscriv...@gnu.org writes:
  
  [...]
  
   we should also hide --rand-egd from wget --help and do not accept this
   option when HAVE_RAND_EGD is not set.
  
  I thought about that and took the lazy approach: the option is still
  available even if gnutls is used, even though it's a nop.  Why then
  change the interface if libressl is used instead of openssl/gnutls?
  
  Or maybe this was merely overlooked and openssl should really be
  a special case here, dunno.
  
  IMHO, we should accept --rand-egd to not introduce regressions.
  But instead of silently ignoring the users demand, we should print a
  warning about the LibreSSL/RAND_egd() issue.
 
 LibreSSL doesn't have any issue wrt RAND_egd().  This function was
 deleted on purpose.
 
  Maybe saying, that a modern /dev/random
  is more secure than the EGD ?
  
  It would not be nice if someone loses security without being warned.
 
 LibreSSL users won't lose anything.  LibreSSL does the right thing wrt
 RNG initialization, consumer applications don't need to mess with this.
 
 If you *really* want to print a warning message for LibreSSL users
 please make it rude. :)
 
  Or... another alternative would be to get rid of RAND_egd altogether,
  with --egd-file staying for compat for a few releases. :)
  
  The question here is, where and in which way is EGD still useful !?
  Maybe it is already obsolete on very most systems ?
  We should keep this in mind for 1.17+.
 
 Looking at the openssl code, it looks like egd is automatically queried
 - since 2001 - if /dev/*random didn't return enough bytes.  See
 rand_unix.c
 
 Your call...  I wouldn't bother about that stuff in your place.

Thanks for your contribution.

I pushed your patch together with some little changes around it (different 
commits).

Tim

signature.asc
Description: This is a digitally signed message part.

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-17 Thread Jérémie Courrèges-Anglas 
Tim Ruehsen tim.rueh...@gmx.de writes:

[...]

 I pushed your patch together with some little changes around it (different 
 commits).

Cool, thanks.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE


signature.asc
Description: PGP signature

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-05 Thread Jérémie Courrèges-Anglas 

Hi,

Tim Rühsen tim.rueh...@gmx.de writes:

 Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas:
 Hi,
 
 Giuseppe Scrivano gscriv...@gnu.org writes:
 
 [...]
 
  we should also hide --rand-egd from wget --help and do not accept this
  option when HAVE_RAND_EGD is not set.
 
 I thought about that and took the lazy approach: the option is still
 available even if gnutls is used, even though it's a nop.  Why then
 change the interface if libressl is used instead of openssl/gnutls?
 
 Or maybe this was merely overlooked and openssl should really be
 a special case here, dunno.

 IMHO, we should accept --rand-egd to not introduce regressions.
 But instead of silently ignoring the users demand, we should print a warning 
 about the LibreSSL/RAND_egd() issue.

LibreSSL doesn't have any issue wrt RAND_egd().  This function was
deleted on purpose.

 Maybe saying, that a modern /dev/random 
 is more secure than the EGD ?

 It would not be nice if someone loses security without being warned.

LibreSSL users won't lose anything.  LibreSSL does the right thing wrt
RNG initialization, consumer applications don't need to mess with this.

If you *really* want to print a warning message for LibreSSL users
please make it rude. :)

 Or... another alternative would be to get rid of RAND_egd altogether,
 with --egd-file staying for compat for a few releases. :)

 The question here is, where and in which way is EGD still useful !?
 Maybe it is already obsolete on very most systems ?
 We should keep this in mind for 1.17+.

Looking at the openssl code, it looks like egd is automatically queried
- since 2001 - if /dev/*random didn't return enough bytes.  See
rand_unix.c

Your call...  I wouldn't bother about that stuff in your place.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE


signature.asc
Description: PGP signature

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-04 Thread Tim Ruehsen 
On Wednesday 03 December 2014 20:19:48 Tim Rühsen wrote:
 Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas:
  Hi,
  
  Giuseppe Scrivano gscriv...@gnu.org writes:
  
  [...]
  
   we should also hide --rand-egd from wget --help and do not accept this
   option when HAVE_RAND_EGD is not set.
  
  I thought about that and took the lazy approach: the option is still
  available even if gnutls is used, even though it's a nop.  Why then
  change the interface if libressl is used instead of openssl/gnutls?
  
  Or maybe this was merely overlooked and openssl should really be
  a special case here, dunno.
 
 IMHO, we should accept --rand-egd to not introduce regressions.
 But instead of silently ignoring the users demand, we should print a warning
 about the LibreSSL/RAND_egd() issue. Maybe saying, that a modern
 /dev/random is more secure than the EGD ?
 
 It would not be nice if someone loses security without being warned.
 
  Or... another alternative would be to get rid of RAND_egd altogether,
  with --egd-file staying for compat for a few releases. :)

Ok, I read a bit more. I think we need it.

But the documentation should be amended (this is an OpenSSL feature).
This also goes for --random-file which is only used in src/openssl.c.

GnuTLS is configured to read from (egd/prngd) files at compilation time from 
what I read so far. Or does someone know a way to set a random data file 
explicitely for GnuTLS ? If yes, we should use it if the user requests it.

Tim


signature.asc
Description: This is a digitally signed message part.

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-03 Thread Jérémie Courrèges-Anglas 

Hi,

Giuseppe Scrivano gscriv...@gnu.org writes:

[...]

 we should also hide --rand-egd from wget --help and do not accept this
 option when HAVE_RAND_EGD is not set.

I thought about that and took the lazy approach: the option is still
available even if gnutls is used, even though it's a nop.  Why then
change the interface if libressl is used instead of openssl/gnutls?

Or maybe this was merely overlooked and openssl should really be
a special case here, dunno.

Or... another alternative would be to get rid of RAND_egd altogether,
with --egd-file staying for compat for a few releases. :)

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-03 Thread Tim Rühsen 
Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas:
 Hi,
 
 Giuseppe Scrivano gscriv...@gnu.org writes:
 
 [...]
 
  we should also hide --rand-egd from wget --help and do not accept this
  option when HAVE_RAND_EGD is not set.
 
 I thought about that and took the lazy approach: the option is still
 available even if gnutls is used, even though it's a nop.  Why then
 change the interface if libressl is used instead of openssl/gnutls?
 
 Or maybe this was merely overlooked and openssl should really be
 a special case here, dunno.

IMHO, we should accept --rand-egd to not introduce regressions.
But instead of silently ignoring the users demand, we should print a warning 
about the LibreSSL/RAND_egd() issue. Maybe saying, that a modern /dev/random 
is more secure than the EGD ?

It would not be nice if someone loses security without being warned.

 Or... another alternative would be to get rid of RAND_egd altogether,
 with --egd-file staying for compat for a few releases. :)

The question here is, where and in which way is EGD still useful !?
Maybe it is already obsolete on very most systems ?
We should keep this in mind for 1.17+.

Tim


signature.asc
Description: This is a digitally signed message part.

[Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-02 Thread Jérémie Courrèges-Anglas 

The problem is that wget --security-protocol=auto and
wget --security-protocol=pfs are restricted to the use of TLSv1.0 only.
Sites that enforce the use of eg TLSv1.2 are unreachable by default.

The issue was reported by Mikolaj Kucharski, and I have already a fix in
the OpenBSD ports tree:

  
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/wget/patches/patch-src_openssl_c

The attached patch fixes this problem.

Regards,

From 68a1f70275d3ceefa8f2759c5dc6f6e498e073d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= j...@wxcvbn.org
Date: Mon, 1 Dec 2014 13:41:59 +0100
Subject: [PATCH 1/2] openssl backend: repair use of TLSv1+ protocols

The use of TLSv1_client_method() means that the protocol used will be
limited to TLSv1.0.  This is not desirable for --secure-protocol values
of auto (default) and pfs.  Fix by using SSLv23_client_method() and
disabling SSLv[23].

Issue reported by Mikolaj Kucharski.
---
 src/openssl.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/src/openssl.c b/src/openssl.c
index 38c6ac4..81da5a2 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -203,6 +203,8 @@ ssl_init (void)
   SSLeay_add_all_algorithms ();
   SSLeay_add_ssl_algorithms ();
 
+  long ssl_options = 0;
+
   switch (opt.secure_protocol)
 {
 #ifndef OPENSSL_NO_SSL2
@@ -219,6 +221,9 @@ ssl_init (void)
 
 case secure_protocol_auto:
 case secure_protocol_pfs:
+  meth = SSLv23_client_method ();
+  ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+  break;
 case secure_protocol_tlsv1:
   meth = TLSv1_client_method ();
   break;
@@ -253,6 +258,9 @@ ssl_init (void)
   if (!ssl_ctx)
 goto error;
 
+  if (ssl_options)
+SSL_CTX_set_options (ssl_ctx, ssl_options);
+
   /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
* Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)
*/
-- 
2.1.3


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE


signature.asc
Description: PGP signature

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-02 Thread Tim Ruehsen 
On Tuesday 02 December 2014 14:09:00 Jérémie Courrèges-Anglas wrote:
 The problem is that wget --security-protocol=auto and
 wget --security-protocol=pfs are restricted to the use of TLSv1.0 only.
 Sites that enforce the use of eg TLSv1.2 are unreachable by default.
 
 The issue was reported by Mikolaj Kucharski, and I have already a fix in
 the OpenBSD ports tree:
 
  
 http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/wget/patches/patch-src_o
 penssl_c
 
 The attached patch fixes this problem.

Thanks, Jérémie.

@Guiseppe || Darshit: I am fine with this patch, could you push it, I'm away 
from console in two minutes...

Tim


signature.asc
Description: This is a digitally signed message part.

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-02 Thread Darshit Shah 
I'll push it in a while after adding the ChangeLog entry.

Though I noticed a Patch 1/2 in the git mail header. Is there any other
patch that we should know about?

Thanking You,
Darshit Shah
Sent from mobile device. Please excuse my brevity
On 02-Dec-2014 9:36 pm, Tim Ruehsen tim.rueh...@gmx.de wrote:

 On Tuesday 02 December 2014 14:09:00 Jérémie Courrèges-Anglas wrote:
  The problem is that wget --security-protocol=auto and
  wget --security-protocol=pfs are restricted to the use of TLSv1.0 only.
  Sites that enforce the use of eg TLSv1.2 are unreachable by default.
 
  The issue was reported by Mikolaj Kucharski, and I have already a fix in
  the OpenBSD ports tree:
 
 
 
 http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/wget/patches/patch-src_o
  penssl_c
 
  The attached patch fixes this problem.

 Thanks, Jérémie.

 @Guiseppe || Darshit: I am fine with this patch, could you push it, I'm
 away
 from console in two minutes...

 Tim

Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16

2014-12-02 Thread Giuseppe Scrivano 
j...@wxcvbn.org (Jérémie Courrèges-Anglas) writes:

 From 4142db8a2ba462cd2d764c09d0e4996e23ca13c2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= j...@wxcvbn.org
 Date: Mon, 1 Dec 2014 13:43:22 +0100
 Subject: [PATCH 2/2] openssl backend: detect the availability of RAND_egd

 Alternatives like LibreSSL don't provide RAND_egd() anymore.
 Fixes compilation on OpenBSD.
 ---
  configure.ac  | 1 +
  src/openssl.c | 2 ++
  2 files changed, 3 insertions(+)

 diff --git a/configure.ac b/configure.ac
 index 43949a2..26d72b6 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -392,6 +392,7 @@ AS_IF([test x$with_ssl = xopenssl], [
  AC_MSG_NOTICE([compiling in support for SSL via OpenSSL])
  AC_LIBOBJ([openssl])
  LIBS=$LIBSSL $LIBS
 +AC_CHECK_FUNCS([RAND_egd])
elif test x$with_ssl != x
then
  AC_MSG_ERROR([--with-ssl=openssl was given, but SSL is not 
 available.])
 diff --git a/src/openssl.c b/src/openssl.c
 index 81da5a2..3a975ff 100644
 --- a/src/openssl.c
 +++ b/src/openssl.c
 @@ -91,9 +91,11 @@ init_prng (void)
if (RAND_status ())
  return;
  
 +#ifdef HAVE_RAND_EGD
/* Get random data from EGD if opt.egd_file was used.  */
if (opt.egd_file  *opt.egd_file)
  RAND_egd (opt.egd_file);
 +#endif

we should also hide --rand-egd from wget --help and do not accept this
option when HAVE_RAND_EGD is not set.

Regards,
Giuseppe