Re: Linux linking issues moving from 1.0.2t to 1.1.1c

2019-10-08 Thread Richard Levitte 
On Tue, 08 Oct 2019 18:53:37 +0200,
Dan Heinz wrote:
> 
> Another question is why I now need to link pthreads when I did not
> in the 1.0.2 version?  I've added no-threads to the configuration,
> but I'm curious why I didn't need to previously link it.  And I'd
> prefer not to change too many configuration parameters if possible.

We have radically changed how threads-related things are handled.
Previous to 1.1.0, we required the application to provide us with the
locking functionality in form of callbacks.  Since 1.1.0, these
matters are entirely internal, so libcrypto requires the presence of
the platform specific thread implementation of our choosing, which is
pthread on everything but Windows, where we use Windows thread calls.

So if you really really really want to have nothing to do with threads
in your applications, the 'no-threads' configuration option is the
right move.  However, if your applications do deal with threads,
directly or indirectly, disabling threads in libcrypto is of course a
bad move.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Re: debian openssh issue with openssl 1.1.1d

2019-10-08 Thread Viktor Dukhovni 
> On Oct 8, 2019, at 6:27 AM, Benjamin Kaduk via openssl-users 
>  wrote:
> 
> The RNG uses sysV shm to convey to other processes that /dev/[u]random has 
> been
> properly seeded, under some configurations/kernel versions.

This apprently affects some sandboxed configurations:

  
https://anongit.mindrot.org/openssh.git/commit/?id=3ef92a657444f172b61f92d5da66d94fa8265602

aka

  
https://github.com/openssh/openssh-portable/commit/3ef92a657444f172b61f92d5da66d94fa8265602

-- 
Viktor.

RE: Linux linking issues moving from 1.0.2t to 1.1.1c

2019-10-08 Thread Dan Heinz 
> > > >The no-dso is silently not valid in 1.1.1c.  That option didn't work 
> > > >right, so it was unusable in practice anyway.  However, someone recently 
> > > >fixed that up, unfortunately after the last 1.1.1 release.
> > > >The specific patch may be possible to find on github (unless that branch 
> > > >has been deleted), otherwise you will have to cherry-pick the 
> > > >appropriate commit.
> > > 
> > > >Github PR: https://github.com/openssl/openssl/pull/9889
> > > >Commit ID: 8dcd57461972dceaaf014b71d173d0a8758e7054
> > > 
> > > >Cheers,
> > > >Richard
> > > 
> > > Thanks for the info.  I did some more digging and you had actually posted 
> > > a workaround in this thread:
> > > https://github.com/openssl/openssl/issues/9036
> > > 
> > > I thought I would try it out.
> > > I used your example and created my own config target in file named 
> > > no_dos.conf. 
> > > (
> > > 'my-linux-x86_64' => {
> > > inherit_from=> [ 'linux-x86_64' ],
> > > dso_scheme => undef,
> > > }
> > > );
> > > 
> > > ./Configure --config ../no_dso.conf my-linux-x86_64  -m32 
> > > --prefix=$install_path/openssl_32 -DPURIFY -DOPENSSL_NO_COMP no-asm 
> > > no-shared no-dso no-sse2 no-idea no-mdc2 no-rc5 no-ssl3 no-zlib 
> > > no-comp no-afalgeng no-pinshared
> > > 
> > > But I'm getting this error from the script when Configure is run:
> > > target already defined - ../no_dso.conf (offending arg: 
> > > my-linux-x86_64)
> > > 
> > > What did I miss?
> > 
> > You don't happen to have edited some Configurations/*.conf and added 
> > that name already?  I'm otherwise unsure for the moment.
>
> Figured it out.  Configure requires that '--config' be joined to its value 
> with an equal sign.  In other words, this slight variation
> works:
>
>./Configure --config=../no_dso.conf my-linux-x86_64  -m32 
>--prefix=$install_path/openssl_32 -DPURIFY -DOPENSSL_NO_COMP no-asm no-shared 
>no-dso no-sse2 no-idea no-mdc2 no-rc5 no-ssl3 no-zlib no-comp no-afalgeng 
>no-pinshared
>

Thank you!  That seems to have fixed things up nicely, and I no longer need to 
link libdl when linking my library.  

Another question is why I now need to link pthreads when I did not in the 1.0.2 
version?  I've added no-threads to the configuration, but I'm curious why I 
didn't need to previously link it.  And I'd prefer not to change too many 
configuration parameters if possible.

Re: Blake2b with key

2019-10-08 Thread Blumenthal, Uri - 0553 - MITLL 
 >   > Is keyed blake2b supported in openssl-dgst (latest OpenSSL release)?

 >   No, sorry.  It has been added for upcoming OpenSSL 3.0, though.

Doesn't look like it's there:

$ openssl3 version
OpenSSL 3.0.0-dev xx XXX  (Library: OpenSSL 3.0.0-dev xx XXX )
$ echo -n "hello" | openssl3 dgst -blake2b512
BLAKE2b512(stdin)= 
e4cfa39a3d37be31c59609e807970799caa68a19bfaa15135f165085e01d41a65ba1e1b146aeb6bd0092b49eac214c103ccfa3a365954bbbe52f74a2b3620c94
$ echo -n "hello" | openssl3 dgst -blake2b512 -mac blake2bmac -macopt key:secret
Algorithm blake2bmac not found
$

Besides, how does one print a list of supported MAC algorithms?

  




smime.p7s
Description: S/MIME cryptographic signature

Re: Blake2b with key

2019-10-08 Thread Blumenthal, Uri - 0553 - MITLL 
Answered my own questions:

$ openssl3 list -mac-algorithms
Provided MACs:
  BLAKE2bMAC @ default
  BLAKE2sMAC @ default
  CMAC @ default
  GMAC @ default
  HMAC @ default
  KMAC128 @ default
  KMAC256 @ default
  Poly1305 @ default
  SipHash @ default
$
$ echo -n "hello" | openssl3 mac -macopt key:secret blake2bmac

6EDF9AA44DFC7590DE00FCFDBE2F0D917CDEEB170301416929CC625D19D24EDC1040FF760C1F9BB61AD439A0AF5D492FBB01B46ED3FEB4E6076383B7885A9486
$


On 10/8/19, 11:03 AM, "Uri Blumenthal"  wrote:

 >   > Is keyed blake2b supported in openssl-dgst (latest OpenSSL release)?

 >   No, sorry.  It has been added for upcoming OpenSSL 3.0, though.

Doesn't look like it's there:

$ openssl3 version
OpenSSL 3.0.0-dev xx XXX  (Library: OpenSSL 3.0.0-dev xx XXX )
$ echo -n "hello" | openssl3 dgst -blake2b512
BLAKE2b512(stdin)= 
e4cfa39a3d37be31c59609e807970799caa68a19bfaa15135f165085e01d41a65ba1e1b146aeb6bd0092b49eac214c103ccfa3a365954bbbe52f74a2b3620c94
$ echo -n "hello" | openssl3 dgst -blake2b512 -mac blake2bmac -macopt 
key:secret
Algorithm blake2bmac not found
$

Besides, how does one print a list of supported MAC algorithms?

  





smime.p7s
Description: S/MIME cryptographic signature

Re: Blake2b with key

2019-10-08 Thread Richard Levitte 
On Tue, 08 Oct 2019 15:44:23 +0200,
van Hemel, Wouter J M wrote:
> 
> Hello,
> 
> I'm trying to create a blake2b512 digest with a key. I've made an attempt to 
> follow the source code and I'm assuming the algorithm's name for blake2b MAC 
> is blake2bmac, though I have tried different values. I don't seem to be able 
> to create a valid checksum:
> 
> $ openssl version; echo -n "hello" | openssl dgst -blake2b512 -mac blake2bmac 
> -macopt key:secret
> OpenSSL 1.1.1d  10 Sep 2019
> Algorithm blake2bmac not found
> 
> Is keyed blake2b supported in openssl-dgst (latest OpenSSL release)?

No, sorry.  It has been added for upcoming OpenSSL 3.0, though.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Re: Linux linking issues moving from 1.0.2t to 1.1.1c

2019-10-08 Thread Richard Levitte 
On Tue, 08 Oct 2019 14:59:23 +0200,
Richard Levitte wrote:
> 
> On Mon, 07 Oct 2019 21:55:50 +0200,
> Dan Heinz wrote:
> > 
> > >The no-dso is silently not valid in 1.1.1c.  That option didn't work 
> > >right, so it was unusable in practice anyway.  However, someone recently 
> > >fixed that up, unfortunately after the last 1.1.1 release.
> > >The specific patch may be possible to find on github (unless that branch 
> > >has been deleted), otherwise you will have to cherry-pick the appropriate 
> > >commit.
> > 
> > >Github PR: https://github.com/openssl/openssl/pull/9889
> > >Commit ID: 8dcd57461972dceaaf014b71d173d0a8758e7054
> > 
> > >Cheers,
> > >Richard
> > 
> > Thanks for the info.  I did some more digging and you had actually posted a 
> > workaround in this thread:
> > https://github.com/openssl/openssl/issues/9036
> > 
> > I thought I would try it out.
> > I used your example and created my own config target in file named 
> > no_dos.conf. 
> > (
> > 'my-linux-x86_64' => {
> > inherit_from=> [ 'linux-x86_64' ],
> > dso_scheme => undef,
> > }
> > );
> > 
> > ./Configure --config ../no_dso.conf my-linux-x86_64  -m32 
> > --prefix=$install_path/openssl_32 -DPURIFY -DOPENSSL_NO_COMP no-asm 
> > no-shared no-dso no-sse2 no-idea no-mdc2 no-rc5 no-ssl3 no-zlib no-comp 
> > no-afalgeng no-pinshared
> > 
> > But I'm getting this error from the script when Configure is run:
> > target already defined - ../no_dso.conf (offending arg: my-linux-x86_64)
> > 
> > What did I miss?
> 
> You don't happen to have edited some Configurations/*.conf and added
> that name already?  I'm otherwise unsure for the moment.

Figured it out.  Configure requires that '--config' be joined to its
value with an equal sign.  In other words, this slight variation
works:

./Configure --config=../no_dso.conf my-linux-x86_64  -m32 
--prefix=$install_path/openssl_32 -DPURIFY -DOPENSSL_NO_COMP no-asm no-shared 
no-dso no-sse2 no-idea no-mdc2 no-rc5 no-ssl3 no-zlib no-comp no-afalgeng 
no-pinshared

Cheers,
Richard ( is just a messenger in this case, yeah? )

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Blake2b with key

2019-10-08 Thread van Hemel, Wouter J M 
Hello,

I'm trying to create a blake2b512 digest with a key. I've made an attempt to 
follow the source code and I'm assuming the algorithm's name for blake2b MAC is 
blake2bmac, though I have tried different values. I don't seem to be able to 
create a valid checksum:

$ openssl version; echo -n "hello" | openssl dgst -blake2b512 -mac blake2bmac 
-macopt key:secret
OpenSSL 1.1.1d  10 Sep 2019
Algorithm blake2bmac not found

Is keyed blake2b supported in openssl-dgst (latest OpenSSL release)?

Thanks!

Re: Linux linking issues moving from 1.0.2t to 1.1.1c

2019-10-08 Thread Richard Levitte 
On Mon, 07 Oct 2019 21:55:50 +0200,
Dan Heinz wrote:
> 
> >The no-dso is silently not valid in 1.1.1c.  That option didn't work right, 
> >so it was unusable in practice anyway.  However, someone recently fixed that 
> >up, unfortunately after the last 1.1.1 release.
> >The specific patch may be possible to find on github (unless that branch has 
> >been deleted), otherwise you will have to cherry-pick the appropriate commit.
> 
> >Github PR: https://github.com/openssl/openssl/pull/9889
> >Commit ID: 8dcd57461972dceaaf014b71d173d0a8758e7054
> 
> >Cheers,
> >Richard
> 
> Thanks for the info.  I did some more digging and you had actually posted a 
> workaround in this thread:
> https://github.com/openssl/openssl/issues/9036
> 
> I thought I would try it out.
> I used your example and created my own config target in file named 
> no_dos.conf. 
> (
> 'my-linux-x86_64' => {
> inherit_from=> [ 'linux-x86_64' ],
> dso_scheme => undef,
> }
> );
> 
> ./Configure --config ../no_dso.conf my-linux-x86_64  -m32 
> --prefix=$install_path/openssl_32 -DPURIFY -DOPENSSL_NO_COMP no-asm no-shared 
> no-dso no-sse2 no-idea no-mdc2 no-rc5 no-ssl3 no-zlib no-comp no-afalgeng 
> no-pinshared
> 
> But I'm getting this error from the script when Configure is run:
> target already defined - ../no_dso.conf (offending arg: my-linux-x86_64)
> 
> What did I miss?

You don't happen to have edited some Configurations/*.conf and added
that name already?  I'm otherwise unsure for the moment.

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

Re: debian openssh issue with openssl 1.1.1d

2019-10-08 Thread Benjamin Kaduk via openssl-users 
On Tue, Oct 08, 2019 at 05:23:56AM -0400, Michael Richardson wrote:
> Salvatore Bonaccorso  wrote:
> > 
> -
> > Debian Security Advisory DSA-4539-2   
> secur...@debian.org
> > https://www.debian.org/security/ Salvatore 
> Bonaccorso
> > October 07, 2019  
> https://www.debian.org/security/faq
> > 
> -
> 
> > Package: openssh
> > Debian Bug : 941663
> 
> > A change introduced in openssl 1.1.1d (which got released as DSA 4539-1)
> > requires sandboxing features which are not available in Linux kernels
> > before 3.19, resulting in OpenSSH rejecting connection attempts if
> 
> I've gone through the changelog for 1.1.1d, but I can't figure out what
> 1.1.1d would have changed that would have caused this.

The RNG uses sysV shm to convey to other processes that /dev/[u]random has been
properly seeded, under some configurations/kernel versions.

-Ben

debian openssh issue with openssl 1.1.1d

2019-10-08 Thread Michael Richardson 
Salvatore Bonaccorso  wrote:
> -
> Debian Security Advisory DSA-4539-2   secur...@debian.org
> https://www.debian.org/security/ Salvatore Bonaccorso
> October 07, 2019  https://www.debian.org/security/faq
> -

> Package: openssh
> Debian Bug : 941663

> A change introduced in openssl 1.1.1d (which got released as DSA 4539-1)
> requires sandboxing features which are not available in Linux kernels
> before 3.19, resulting in OpenSSH rejecting connection attempts if

I've gone through the changelog for 1.1.1d, but I can't figure out what
1.1.1d would have changed that would have caused this.

--
]   Never tell me the odds! | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works| network architect  [
] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on rails[

Re: OPENSSL_config vs OPENSSL_init_crypto

2019-10-08 Thread Matt Caswell 



On 08/10/2019 00:20, Samuel Williams wrote:
> Hello,
> 
> I am trying to understand what is the correct initialization process for 
> Ruby's
> SSL module. It's not my area so any input would be most welcome.
> 
> https://github.com/ruby/openssl/pull/267

Reading that PR it seems your objective is to ensure that the config file is
loaded before you do any libssl work.

How OpenSSL behaves depends on the version. Note that OpenSSL 1.1.0 is now out
of support, and OpenSSL 1.0.2 goes out of support at the end of this year.

>From OpenSSL 1.1.0 and onwards OpenSSL auto-initialises so, in most cases, 
>there
is no need to explicitly call initialisation functions such as
OPENSSL_init_crypto() or OPENSSL_init_ssl(). The only reason for applications to
ever call these functions directly is if you want some non-default
initialisation to occur. I notice that Ruby's SSL module is explicitly calling
OPENSSL_init_ssl() with 0 and NULL for arguments - which just gives you the
default initialisation. There seems little point in this - that will happen
automatically the first time you create an SSL_CTX.

>From OpenSSL 1.1.1 onwards loading the config file is part of libssl's default
initialisation, i.e. as soon as you create an SSL_CTX OPENSSL_init_ssl() is
called automatically and the config file is loaded. Therefore there is no need
to take any specific action on this version of OpenSSL.

In OpenSSL 1.1.0 (which is now out of support), loading the config file was
*not* part of the default initialisation. You can force it to be loaded using
the OPENSSL_INIT_LOAD_CONFIG option to OPENSSL_init_ssl():

OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);

You *may* choose to do this unconditionally in both 1.1.0 and 1.1.1 if you wish.
In 1.1.1 it has no effect because that's the default anyway - but it does no 
harm.

OpenSSL 1.0.2 (out of support from the end of this year) does not automatically
initialise/de-initialise and OPENSSL_init_crypto() and OPENSSL_init_ssl() do not
even exist. Therefore you have to call initialisation functions explicitly.
Calling OPENSSL_config() there would seem reasonable.

Hope that helps,

Matt