Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
On Friday 05 December 2014 18:12:59 Jérémie Courrèges-Anglas wrote: Hi, Tim Rühsen tim.rueh...@gmx.de writes: Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas: Hi, Giuseppe Scrivano gscriv...@gnu.org writes: [...] we should also hide --rand-egd from wget --help and do not accept this option when HAVE_RAND_EGD is not set. I thought about that and took the lazy approach: the option is still available even if gnutls is used, even though it's a nop. Why then change the interface if libressl is used instead of openssl/gnutls? Or maybe this was merely overlooked and openssl should really be a special case here, dunno. IMHO, we should accept --rand-egd to not introduce regressions. But instead of silently ignoring the users demand, we should print a warning about the LibreSSL/RAND_egd() issue. LibreSSL doesn't have any issue wrt RAND_egd(). This function was deleted on purpose. Maybe saying, that a modern /dev/random is more secure than the EGD ? It would not be nice if someone loses security without being warned. LibreSSL users won't lose anything. LibreSSL does the right thing wrt RNG initialization, consumer applications don't need to mess with this. If you *really* want to print a warning message for LibreSSL users please make it rude. :) Or... another alternative would be to get rid of RAND_egd altogether, with --egd-file staying for compat for a few releases. :) The question here is, where and in which way is EGD still useful !? Maybe it is already obsolete on very most systems ? We should keep this in mind for 1.17+. Looking at the openssl code, it looks like egd is automatically queried - since 2001 - if /dev/*random didn't return enough bytes. See rand_unix.c Your call... I wouldn't bother about that stuff in your place. Thanks for your contribution. I pushed your patch together with some little changes around it (different commits). Tim signature.asc Description: This is a digitally signed message part.
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
Tim Ruehsen tim.rueh...@gmx.de writes: [...] I pushed your patch together with some little changes around it (different commits). Cool, thanks. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE signature.asc Description: PGP signature
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
Hi, Tim Rühsen tim.rueh...@gmx.de writes: Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas: Hi, Giuseppe Scrivano gscriv...@gnu.org writes: [...] we should also hide --rand-egd from wget --help and do not accept this option when HAVE_RAND_EGD is not set. I thought about that and took the lazy approach: the option is still available even if gnutls is used, even though it's a nop. Why then change the interface if libressl is used instead of openssl/gnutls? Or maybe this was merely overlooked and openssl should really be a special case here, dunno. IMHO, we should accept --rand-egd to not introduce regressions. But instead of silently ignoring the users demand, we should print a warning about the LibreSSL/RAND_egd() issue. LibreSSL doesn't have any issue wrt RAND_egd(). This function was deleted on purpose. Maybe saying, that a modern /dev/random is more secure than the EGD ? It would not be nice if someone loses security without being warned. LibreSSL users won't lose anything. LibreSSL does the right thing wrt RNG initialization, consumer applications don't need to mess with this. If you *really* want to print a warning message for LibreSSL users please make it rude. :) Or... another alternative would be to get rid of RAND_egd altogether, with --egd-file staying for compat for a few releases. :) The question here is, where and in which way is EGD still useful !? Maybe it is already obsolete on very most systems ? We should keep this in mind for 1.17+. Looking at the openssl code, it looks like egd is automatically queried - since 2001 - if /dev/*random didn't return enough bytes. See rand_unix.c Your call... I wouldn't bother about that stuff in your place. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE signature.asc Description: PGP signature
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
On Wednesday 03 December 2014 20:19:48 Tim Rühsen wrote: Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas: Hi, Giuseppe Scrivano gscriv...@gnu.org writes: [...] we should also hide --rand-egd from wget --help and do not accept this option when HAVE_RAND_EGD is not set. I thought about that and took the lazy approach: the option is still available even if gnutls is used, even though it's a nop. Why then change the interface if libressl is used instead of openssl/gnutls? Or maybe this was merely overlooked and openssl should really be a special case here, dunno. IMHO, we should accept --rand-egd to not introduce regressions. But instead of silently ignoring the users demand, we should print a warning about the LibreSSL/RAND_egd() issue. Maybe saying, that a modern /dev/random is more secure than the EGD ? It would not be nice if someone loses security without being warned. Or... another alternative would be to get rid of RAND_egd altogether, with --egd-file staying for compat for a few releases. :) Ok, I read a bit more. I think we need it. But the documentation should be amended (this is an OpenSSL feature). This also goes for --random-file which is only used in src/openssl.c. GnuTLS is configured to read from (egd/prngd) files at compilation time from what I read so far. Or does someone know a way to set a random data file explicitely for GnuTLS ? If yes, we should use it if the user requests it. Tim signature.asc Description: This is a digitally signed message part.
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
Hi, Giuseppe Scrivano gscriv...@gnu.org writes: [...] we should also hide --rand-egd from wget --help and do not accept this option when HAVE_RAND_EGD is not set. I thought about that and took the lazy approach: the option is still available even if gnutls is used, even though it's a nop. Why then change the interface if libressl is used instead of openssl/gnutls? Or maybe this was merely overlooked and openssl should really be a special case here, dunno. Or... another alternative would be to get rid of RAND_egd altogether, with --egd-file staying for compat for a few releases. :) -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas: Hi, Giuseppe Scrivano gscriv...@gnu.org writes: [...] we should also hide --rand-egd from wget --help and do not accept this option when HAVE_RAND_EGD is not set. I thought about that and took the lazy approach: the option is still available even if gnutls is used, even though it's a nop. Why then change the interface if libressl is used instead of openssl/gnutls? Or maybe this was merely overlooked and openssl should really be a special case here, dunno. IMHO, we should accept --rand-egd to not introduce regressions. But instead of silently ignoring the users demand, we should print a warning about the LibreSSL/RAND_egd() issue. Maybe saying, that a modern /dev/random is more secure than the EGD ? It would not be nice if someone loses security without being warned. Or... another alternative would be to get rid of RAND_egd altogether, with --egd-file staying for compat for a few releases. :) The question here is, where and in which way is EGD still useful !? Maybe it is already obsolete on very most systems ? We should keep this in mind for 1.17+. Tim signature.asc Description: This is a digitally signed message part.
[Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
The problem is that wget --security-protocol=auto and wget --security-protocol=pfs are restricted to the use of TLSv1.0 only. Sites that enforce the use of eg TLSv1.2 are unreachable by default. The issue was reported by Mikolaj Kucharski, and I have already a fix in the OpenBSD ports tree: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/wget/patches/patch-src_openssl_c The attached patch fixes this problem. Regards, From 68a1f70275d3ceefa8f2759c5dc6f6e498e073d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= j...@wxcvbn.org Date: Mon, 1 Dec 2014 13:41:59 +0100 Subject: [PATCH 1/2] openssl backend: repair use of TLSv1+ protocols The use of TLSv1_client_method() means that the protocol used will be limited to TLSv1.0. This is not desirable for --secure-protocol values of auto (default) and pfs. Fix by using SSLv23_client_method() and disabling SSLv[23]. Issue reported by Mikolaj Kucharski. --- src/openssl.c | 8 1 file changed, 8 insertions(+) diff --git a/src/openssl.c b/src/openssl.c index 38c6ac4..81da5a2 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -203,6 +203,8 @@ ssl_init (void) SSLeay_add_all_algorithms (); SSLeay_add_ssl_algorithms (); + long ssl_options = 0; + switch (opt.secure_protocol) { #ifndef OPENSSL_NO_SSL2 @@ -219,6 +221,9 @@ ssl_init (void) case secure_protocol_auto: case secure_protocol_pfs: + meth = SSLv23_client_method (); + ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + break; case secure_protocol_tlsv1: meth = TLSv1_client_method (); break; @@ -253,6 +258,9 @@ ssl_init (void) if (!ssl_ctx) goto error; + if (ssl_options) +SSL_CTX_set_options (ssl_ctx, ssl_options); + /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html * Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more) */ -- 2.1.3 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE signature.asc Description: PGP signature
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
On Tuesday 02 December 2014 14:09:00 Jérémie Courrèges-Anglas wrote: The problem is that wget --security-protocol=auto and wget --security-protocol=pfs are restricted to the use of TLSv1.0 only. Sites that enforce the use of eg TLSv1.2 are unreachable by default. The issue was reported by Mikolaj Kucharski, and I have already a fix in the OpenBSD ports tree: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/wget/patches/patch-src_o penssl_c The attached patch fixes this problem. Thanks, Jérémie. @Guiseppe || Darshit: I am fine with this patch, could you push it, I'm away from console in two minutes... Tim signature.asc Description: This is a digitally signed message part.
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
I'll push it in a while after adding the ChangeLog entry. Though I noticed a Patch 1/2 in the git mail header. Is there any other patch that we should know about? Thanking You, Darshit Shah Sent from mobile device. Please excuse my brevity On 02-Dec-2014 9:36 pm, Tim Ruehsen tim.rueh...@gmx.de wrote: On Tuesday 02 December 2014 14:09:00 Jérémie Courrèges-Anglas wrote: The problem is that wget --security-protocol=auto and wget --security-protocol=pfs are restricted to the use of TLSv1.0 only. Sites that enforce the use of eg TLSv1.2 are unreachable by default. The issue was reported by Mikolaj Kucharski, and I have already a fix in the OpenBSD ports tree: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/wget/patches/patch-src_o penssl_c The attached patch fixes this problem. Thanks, Jérémie. @Guiseppe || Darshit: I am fine with this patch, could you push it, I'm away from console in two minutes... Tim
Re: [Bug-wget] [PATCH] OpenSSL TLSv1+ regression in wget-1.16
j...@wxcvbn.org (Jérémie Courrèges-Anglas) writes: From 4142db8a2ba462cd2d764c09d0e4996e23ca13c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= j...@wxcvbn.org Date: Mon, 1 Dec 2014 13:43:22 +0100 Subject: [PATCH 2/2] openssl backend: detect the availability of RAND_egd Alternatives like LibreSSL don't provide RAND_egd() anymore. Fixes compilation on OpenBSD. --- configure.ac | 1 + src/openssl.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index 43949a2..26d72b6 100644 --- a/configure.ac +++ b/configure.ac @@ -392,6 +392,7 @@ AS_IF([test x$with_ssl = xopenssl], [ AC_MSG_NOTICE([compiling in support for SSL via OpenSSL]) AC_LIBOBJ([openssl]) LIBS=$LIBSSL $LIBS +AC_CHECK_FUNCS([RAND_egd]) elif test x$with_ssl != x then AC_MSG_ERROR([--with-ssl=openssl was given, but SSL is not available.]) diff --git a/src/openssl.c b/src/openssl.c index 81da5a2..3a975ff 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -91,9 +91,11 @@ init_prng (void) if (RAND_status ()) return; +#ifdef HAVE_RAND_EGD /* Get random data from EGD if opt.egd_file was used. */ if (opt.egd_file *opt.egd_file) RAND_egd (opt.egd_file); +#endif we should also hide --rand-egd from wget --help and do not accept this option when HAVE_RAND_EGD is not set. Regards, Giuseppe