Re: Remove All Software Generators
On Wed, Oct 30, 2019 at 02:12:19PM -, Frederick Gotham wrote: > > It appears that OpenSSL will kick and scream and refuse to die not > matter how hard you hit it. If I try to generate a random number like > this: > > openssl rand -hex 8 > > Then it seems it will try in this order: > > 1) The TPM2 chip > 2) The software simulator of the TPM2 chip > 3) The built-in RDRAND number > 4) Another one that I can't find Which version of OpenSSL are you using? > I have recompiled OpenSSL with the flag OPENSSL_NO_RDRAND to get rid of > the in-built engine. I have even done "rm /dev/random" and "rm > /dev/urandom", but SOME HOW, SOME WAY, I'm still getting output when I > run openssl rand -hex 8. Depending on the version of OpenSSL and the kernel, you might also use the getentropy()/getrandom() cal. Since 1.1.0 we Configure supports the --with-rand-seed=none option. Kurt
Re: Remove All Software Generators
Why not just change things so that if your module fails to load, the library exits? Don't change the RAND code, change the INIT code.
Re: Remove All Software Generators
Frederick Gotham wrote: > static int drbg_bytes(unsigned char *out, int count) > { > int const retval = drbg_bytes_REAL(out, count); > > /* Try to get a semi-unique value for the first byte */ > char unsigned rotating_value = (unsigned)out ^ ((unsigned)count << > 4u); > > while ( count-- ) > *out++ = rotating_value++; > > return retval; > } Ugh This doesn't work either. It fails to boot up when it tries to generate keys for SSH. Next I'll try to make every nibble sequential -- instead of just every byte.
Re: Remove All Software Generators
Frederick Gotham wrote: > > I will change the random number generator built into OpenSSL to always > return sequential numbers, something like: Here's what I have: static int drbg_bytes(unsigned char *out, int count) { int const retval = drbg_bytes_REAL(out, count); /* Try to get a semi-unique value for the first byte */ char unsigned rotating_value = (unsigned)out ^ ((unsigned)count << 4u); while ( count-- ) *out++ = rotating_value++; return retval; }
Re: Remove All Software Generators
Frederick Gotham wrote: > > And anyway this behaviour didn't come from deleting /dev/random, but > rather from making the default generator inside OpenSSL always give 0 > for a random byte. I will change the random number generator built into OpenSSL to always return sequential numbers, something like: { static char unsigned val = 0; while ( num-- ) *buff++ = val++; } This shouldn't break anything. Then if ever I am in doubt about where a random number came from, I just check to see if it's something like 0102030405.
Re: Remove All Software Generators
Frederick Gotham wrote in news:XnsAAF8BACC24C3Bfgotham@195.159.176.226: > Jochen Bern > wrote: > >> SSH logins from remote that fail > > > This is my exact problem right now. My device has booted up and I > can't SSH into it.But this doesn't entirely make sense since it should > be getting random numbers from the TPM2 chip anyway. And anyway this behaviour didn't come from deleting /dev/random, but rather from making the default generator inside OpenSSL always give 0 for a random byte.
Re: Remove All Software Generators
Jochen Bern wrote: > SSH logins from remote that fail This is my exact problem right now. My device has booted up and I can't SSH into it.But this doesn't entirely make sense since it should be getting random numbers from the TPM2 chip anyway.
Re: Remove All Software Generators
On 10/30/2019 04:19 PM, openssl-users-requ...@openssl.org digested: > From: Frederick Gotham > To: openssl-users@openssl.org > > I even tried deleting /dev/random and /dev/urandom ... don't do that. The Linux kernel is both a provider and a consumer of entropy, e.g., to randomize the TCP sequence numbers as it establishes TCP connections on behalf of applications. Unless you go all the way and add a TPM driver (as the only source of entropy) to *the kernel*, you risk ending up with "good crypto" on the application layer but easily hijacked connections, defeated stack randomization, SSH logins from remote that fail, etc. etc.. Kind regards, -- Jochen Bern Systemingenieur E jochen.b...@binect.de W www.binect.de
Re: Remove All Software Generators
Dmitry Belyavsky wrote: > You should do in your engine the following: Just so you know, I'm not a developer of the TPM2 engine for OpenSSL. Of course though I can still go in and edit the code here and there. > Implement the TPM-provided RAND_METHOD in the engine > call ENGINE_set_RAND for RAND method in the engine bind fuction > > and write a config file similar to > Even if I do all that, there is still the possibility that OpenSSL might use its built-in generator (for example if my library fails to load). So it seems I must get the built-in generator to either: 1) Always return 0 2) Call 'abort'
Re: Remove All Software Generators
On Wed, Oct 30, 2019 at 6:58 PM Frederick Gotham wrote: > Dmitry Belyavsky wrote > in > news:cadqlbz+jctu_yqiw9w-fyo0o56mqua2nri6helr6pggxqdh...@mail.gmail.com: > > > On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham > > wrote: > > > >> Dmitry Belyavsky > >> wrote: > >> > >> >> You still have the OpenSSL built-in RNG. > >> > >> > >> > >> Is there a simple compiler flag to remove this? > >> > >> Or do I need to go into the source code and stick a "return -1;" > >> somewhere? > >> > >> No. Openssl will not work if you do not provide a valid RAND_METHOD > >> except > > a very minimal set of operations. > > > > > So I have to go into the source code and do the following? > > int RAND_bytes(unsigned char *buf, int num) > { > memset(buf,0,num); > return 1; > } > > I can either make this function fail (e.g. call 'abort'), or I can always > make it return 0. > > What do you think? > > No. It just makes the RNG unsuitable for any purpose but does not help you. You should do in your engine the following: Implement the TPM-provided RAND_METHOD in the engine call ENGINE_set_RAND for RAND method in the engine bind fuction and write a config file similar to = openssl_conf = openssl_def [ openssl_def ] engines = engines_section [ engines_section ] cryptocom = my_section [ my_section ] engine_id = myengine.so default_algorithms = RAND = -- SY, Dmitry Belyavsky
Re: Remove All Software Generators
Dmitry Belyavsky wrote in news:cadqlbz+jctu_yqiw9w-fyo0o56mqua2nri6helr6pggxqdh...@mail.gmail.com: > On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham > wrote: > >> Dmitry Belyavsky >> wrote: >> >> >> You still have the OpenSSL built-in RNG. >> >> >> >> Is there a simple compiler flag to remove this? >> >> Or do I need to go into the source code and stick a "return -1;" >> somewhere? >> >> No. Openssl will not work if you do not provide a valid RAND_METHOD >> except > a very minimal set of operations. > So I have to go into the source code and do the following? int RAND_bytes(unsigned char *buf, int num) { memset(buf,0,num); return 1; } I can either make this function fail (e.g. call 'abort'), or I can always make it return 0. What do you think?
Re: Remove All Software Generators
On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham wrote: > Dmitry Belyavsky wrote: > > >> You still have the OpenSSL built-in RNG. > > > > Is there a simple compiler flag to remove this? > > Or do I need to go into the source code and stick a "return -1;" somewhere? > > No. Openssl will not work if you do not provide a valid RAND_METHOD except a very minimal set of operations. -- SY, Dmitry Belyavsky
Re: Remove All Software Generators
Dmitry Belyavsky wrote: >> You still have the OpenSSL built-in RNG. Is there a simple compiler flag to remove this? Or do I need to go into the source code and stick a "return -1;" somewhere?
Re: Remove All Software Generators
On Wed, Oct 30, 2019 at 6:20 PM Frederick Gotham wrote: > Dmitry Belyavsky wrote > > >> /etc/ssl/openssl.cnf > > > > Yes, or any custom. > > But the engine must provide the RAND_METHOD and set it as default. > > > > > > > > But if my TPM2 engine fails to load, then OpenSSL will just use the > 'rdrand' engine. > > So my defense agains this is to rebuild OpenSSL with the flag > OPENSSL_NO_RDRAND. > It means that you've disabled the RDRAND engine. > After I rebuild OpenSSL, I can then remove my TPM2 engine so that there's > no engine at all. > > I tried running OpenSSL at my commandline just now, and here's what I got: > > ~# openssl > OpenSSL> engine > (dynamic) Dynamic engine loading support > OpenSSL> rand -hex 10 > f49ca711e3056cf9064a > OpenSSL> > > > Where is it it getting that random data from ? ? ? There's no engine and > yet it can still get a random number! I even tried deleting /dev/random > and > /dev/urandom, but it somehow is still getting random data from somewhere! > But where? > > > > You still have the OpenSSL built-in RNG. -- SY, Dmitry Belyavsky
Re: Remove All Software Generators
Dmitry Belyavsky wrote >> /etc/ssl/openssl.cnf > > Yes, or any custom. > But the engine must provide the RAND_METHOD and set it as default. > > But if my TPM2 engine fails to load, then OpenSSL will just use the 'rdrand' engine. So my defense agains this is to rebuild OpenSSL with the flag OPENSSL_NO_RDRAND. After I rebuild OpenSSL, I can then remove my TPM2 engine so that there's no engine at all. I tried running OpenSSL at my commandline just now, and here's what I got: ~# openssl OpenSSL> engine (dynamic) Dynamic engine loading support OpenSSL> rand -hex 10 f49ca711e3056cf9064a OpenSSL> Where is it it getting that random data from ? ? ? There's no engine and yet it can still get a random number! I even tried deleting /dev/random and /dev/urandom, but it somehow is still getting random data from somewhere! But where?
Re: Remove All Software Generators
On Wed, Oct 30, 2019 at 6:08 PM Frederick Gotham wrote: > Dmitry Belyavsky wrote: > > > >> It can be done via the engine code and config. > > > Do you mean > > /etc/ssl/openssl.cnf > > ? > Yes, or any custom. But the engine must provide the RAND_METHOD and set it as default. -- SY, Dmitry Belyavsky
Re: Remove All Software Generators
Dmitry Belyavsky wrote: >> It can be done via the engine code and config. Do you mean /etc/ssl/openssl.cnf ?
Re: Remove All Software Generators
On Wed, Oct 30, 2019 at 6:00 PM Frederick Gotham wrote: > Dmitry Belyavsky wrote: > > > Did you try to create your own RAND_METHOD and set it as default on > > loading the engine? > > > No, I didn't try that. > > Note that I'm only using the OpenSSL binary, I'm not interfacing with an > API. > > It can be done via the engine code and config. -- SY, Dmitry Belyavsky
Re: Remove All Software Generators
Dmitry Belyavsky wrote: > Did you try to create your own RAND_METHOD and set it as default on > loading the engine? No, I didn't try that. Note that I'm only using the OpenSSL binary, I'm not interfacing with an API.
Re: Remove All Software Generators
Did you try to create your own RAND_METHOD and set it as default on loading the engine? On Wed, Oct 30, 2019 at 5:40 PM Frederick Gotham wrote: > > I'm working on Linux with a x86-64 CPU. > > I have a TPM2 chip, and so I want OpenSSL to do all of its encryption > and random number generation through the TPM2 chip. > > In the event that the chip fails, I do NOT want there to be a backup > system. I do NOT want any kind of software psuedorandom number generator > nor any software encryption routines. > > The engine that I'm using for OpenSSL is "libtpm2tss.so". This engine > library requires two more libraries, "libtss2-tcti-device.so" and > "libtss2-tcti-mssim.so". (The former is for using the TPM2 chip, whereas > the latter is a software simulator). > > As I don't want to have a simulator, I tried simply deleting the > simulator library, but this caused linkage problems for the mother > engine library. As an alternative, I made a new dummy library in which > all of the functions return an error value, and I put this dummy library > in the place of the simulator. This transplant went fine. > > It appears that OpenSSL will kick and scream and refuse to die not > matter how hard you hit it. If I try to generate a random number like > this: > > openssl rand -hex 8 > > Then it seems it will try in this order: > > 1) The TPM2 chip > 2) The software simulator of the TPM2 chip > 3) The built-in RDRAND number > 4) Another one that I can't find > > I have recompiled OpenSSL with the flag OPENSSL_NO_RDRAND to get rid of > the in-built engine. I have even done "rm /dev/random" and "rm > /dev/urandom", but SOME HOW, SOME WAY, I'm still getting output when I > run openssl rand -hex 8. > > How on earth to get OpenSSL to simply give up? I simply cannot have it > use anything other than my TPM2 chip. > > Frederick > > > -- SY, Dmitry Belyavsky