subject:"libressl\-2.1.6 on AIX"

Re: libressl-2.1.6 on AIX

2015-04-10 Thread Michael Felt

After this change and autoconf, and configure...
diff -ur ../portable.a/configure.ac ../portable.b/configure.ac
--- ../portable.a/configure.ac  2015-04-10 03:59:16 +
+++ ../portable.b/configure.ac  2015-04-10 20:41:33 +
@@ -15,8 +15,6 @@
 AC_PROG_LIBTOOL
 LT_INIT

-CFLAGS="$CFLAGS -Wall -std=gnu99"
-
 case $host_os in
*aix*)
HOST_OS=aix

...
config.status: executing depfiles commands
config.status: executing libtool commands

root@x064:[/data/prj/openbsd/libressl/portable]make
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh
/data/prj/openbsd/libressl/portable/missing aclocal-1.15 -I m4
 cd . && /bin/sh /data/prj/openbsd/libressl/portable/missing automake-1.15
--gnu
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh
/data/prj/openbsd/libressl/portable/missing autoconf
/bin/sh ./config.status --recheck
running CONFIG_SHELL=/bin/sh /bin/sh ./configure --prefix=/opt
--sysconfdir=/var/libressl/etc --sharedstatedir=/var/libressl/com
--localstatedir=/var/libressl --mandir=/opt/share/man/libressl
--infodir=/opt/share/info/libressl --program-suffix=_64 CC=xlc --no-create
--no-recursion
checking build system type... powerpc-ibm-aix5.3.7.0
checking host system type... powerpc-ibm-aix5.3.7.0
...
config.status: creating libcrypto.pc
config.status: creating libssl.pc
config.status: creating libtls.pc
config.status: creating openssl.pc
config.status: executing depfiles commands
config.status: executing libtool commands
Making all in crypto
make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto'
  CC   aes/libcrypto_la-aes_cbc.lo
  CC   aes/libcrypto_la-aes_core.lo
  CC   camellia/libcrypto_la-camellia.lo
  CC   camellia/libcrypto_la-cmll_cbc.lo
  CC   rc4/libcrypto_la-rc4_enc.lo




On Fri, Apr 10, 2015 at 3:34 PM, Michael Felt  wrote:

> >Also, I didn't add the configure.ac line that set CFLAGS to empty string
> that was in >the original patch. The current master branch has switched to
> letting autoconf >initialize the CFLAGS directly. This worked fine with gcc
> when I tried it, but I'd be >interested in seeing how it works with other
> AIX compilers.
>
> Looks like autoconf is broken then:
>
> --- libressl-2.1.6.0/configure.ac   2015-03-19 05:40:26 +
> +++ portable/configure.ac   2015-04-10 03:59:16 +
> @@ -9,10 +9,22 @@
>
>  m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
>
> -AC_SUBST([USER_CFLAGS], "$CFLAGS")
> -CFLAGS="-Wall -std=gnu99 -g -O2"
> +AC_PROG_CC
> +AC_PROG_CC_STDC
> +AM_PROG_CC_C_O
> +AC_PROG_LIBTOOL
> +LT_INIT
> +
> +CFLAGS="$CFLAGS -Wall -std=gnu99"
>
>  case $host_os in
> +   *aix*)
> +   HOST_OS=aix
> +   AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread'])
> +   ;;
> +   *cygwin*)
> +   HOST_OS=cygwin
> +   ;;
> *darwin*)
>
> config.status: executing depfiles commands
> config.status: executing libtool commands
> root@x064:[/data/prj/openbsd/libressl/portable]make
> Making all in crypto
> make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto'
>   CC   aes/libcrypto_la-aes_cbc.lo
> cc: 1501-210 (S) command option Wall contains an incorrect subargument
>
> more verbose
>
> root@x064:[/data/prj/openbsd/libressl/portable]make V=1
> Making all in crypto
> make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto'
> source='aes/aes_cbc.c' object='aes/libcrypto_la-aes_cbc.lo' libtool=yes \
> DEPDIR=.deps depmode=xlc /bin/sh ../depcomp \
> /bin/sh ../libtool  --tag=CC   --mode=compile cc -qlanglvl=extc89
> -qlanglvl=extc99 -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\"
> -DPACKAGE_VERSION=\"2.2.0\" -DPACKAGE_STRING=\"libressl\ 2.2.0\"
> -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\"
> -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
> -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
> -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
> -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I.  -DOPENSSL_NO_HW_PADLOCK
> -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall
> -std=gnu99-DHAVE_GNU_STACK -c -o aes/libcrypto_la-aes_cbc.lo `test -f
> 'aes/aes_cbc.c' || echo './'`aes/aes_cbc.c
> libtool: compile:  cc -qlanglvl=extc89 -qlanglvl=extc99
> -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\"
> -DPACKAGE_VERSION=\"2.2.0\" "-DPACKAGE_STRING=\"libressl 2.2.0\""
> -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\"
> -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
> -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
> -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
> -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK
> -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall
> -std=gnu99 -DHAVE_GNU_STACK -c aes/aes_cbc.c
> -Wp,-qmakedep=gcc,-MFaes/.deps/libcrypto_la-aes_cbc.TPlo  -DPIC -o
> aes/.libs

Re: libressl-2.1.6 on AIX

2015-04-10 Thread Michael Felt

>Also, I didn't add the configure.ac line that set CFLAGS to empty string
that was in >the original patch. The current master branch has switched to
letting autoconf >initialize the CFLAGS directly. This worked fine with gcc
when I tried it, but I'd be >interested in seeing how it works with other
AIX compilers.

Looks like autoconf is broken then:

--- libressl-2.1.6.0/configure.ac   2015-03-19 05:40:26 +
+++ portable/configure.ac   2015-04-10 03:59:16 +
@@ -9,10 +9,22 @@

 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])

-AC_SUBST([USER_CFLAGS], "$CFLAGS")
-CFLAGS="-Wall -std=gnu99 -g -O2"
+AC_PROG_CC
+AC_PROG_CC_STDC
+AM_PROG_CC_C_O
+AC_PROG_LIBTOOL
+LT_INIT
+
+CFLAGS="$CFLAGS -Wall -std=gnu99"

 case $host_os in
+   *aix*)
+   HOST_OS=aix
+   AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread'])
+   ;;
+   *cygwin*)
+   HOST_OS=cygwin
+   ;;
*darwin*)

config.status: executing depfiles commands
config.status: executing libtool commands
root@x064:[/data/prj/openbsd/libressl/portable]make
Making all in crypto
make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto'
  CC   aes/libcrypto_la-aes_cbc.lo
cc: 1501-210 (S) command option Wall contains an incorrect subargument

more verbose

root@x064:[/data/prj/openbsd/libressl/portable]make V=1
Making all in crypto
make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto'
source='aes/aes_cbc.c' object='aes/libcrypto_la-aes_cbc.lo' libtool=yes \
DEPDIR=.deps depmode=xlc /bin/sh ../depcomp \
/bin/sh ../libtool  --tag=CC   --mode=compile cc -qlanglvl=extc89
-qlanglvl=extc99 -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\"
-DPACKAGE_VERSION=\"2.2.0\" -DPACKAGE_STRING=\"libressl\ 2.2.0\"
-DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\"
-DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
-DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
-DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
-DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I.  -DOPENSSL_NO_HW_PADLOCK
-I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall
-std=gnu99-DHAVE_GNU_STACK -c -o aes/libcrypto_la-aes_cbc.lo `test -f
'aes/aes_cbc.c' || echo './'`aes/aes_cbc.c
libtool: compile:  cc -qlanglvl=extc89 -qlanglvl=extc99
-DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\"
-DPACKAGE_VERSION=\"2.2.0\" "-DPACKAGE_STRING=\"libressl 2.2.0\""
-DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\"
-DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
-DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
-DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
-DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK
-I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall
-std=gnu99 -DHAVE_GNU_STACK -c aes/aes_cbc.c
-Wp,-qmakedep=gcc,-MFaes/.deps/libcrypto_la-aes_cbc.TPlo  -DPIC -o
aes/.libs/libcrypto_la-aes_cbc.o
cc: 1501-210 (S) command option Wall contains an incorrect subargument
make[1]: *** [aes/libcrypto_la-aes_cbc.lo] Error 1
make[1]: Leaving directory `/data/prj/openbsd/libressl/portable/crypto'
make: *** [all-recursive] Error 1

and when I change CC to xlc I get the same error (after rerunning configure)

config.status: executing depfiles commands
config.status: executing libtool commands
root@x064:[/data/prj/openbsd/libressl/portable]make V=1
Making all in crypto
make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto'
source='aes/aes_cbc.c' object='aes/libcrypto_la-aes_cbc.lo' libtool=yes \
DEPDIR=.deps depmode=xlc /bin/sh ../depcomp \
/bin/sh ../libtool  --tag=CC   --mode=compile xlc
-DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\"
-DPACKAGE_VERSION=\"2.2.0\" -DPACKAGE_STRING=\"libressl\ 2.2.0\"
-DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\"
-DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
-DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
-DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
-DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I.  -DOPENSSL_NO_HW_PADLOCK
-I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall
-std=gnu99-DHAVE_GNU_STACK -c -o aes/libcrypto_la-aes_cbc.lo `test -f
'aes/aes_cbc.c' || echo './'`aes/aes_cbc.c
libtool: compile:  xlc -DPACKAGE_NAME=\"libressl\"
-DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.2.0\"
"-DPACKAGE_STRING=\"libressl 2.2.0\"" -DPACKAGE_BUGREPORT=\"\"
-DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.2.0\"
-DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1
-DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1
-DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\"
-I. -DOPENSSL_NO_HW_PADLOCK -I../include -I../crypto/asn1 -I../crypto/evp
-I../crypto/modes -g

Re: libressl-2.1.6 on AIX

2015-04-09 Thread Theo de Raadt

> Just to make sure I understand what is expected of isssetguid() - could you
> perhaps, in terms of ls -l output with suid programs describe the
> sequence(s) where the value should be 1 - and especially, when they might
> (read should) be 0.
> 
> >From memory of what I read (how I understood) the man page, if was
> superuser, and am still user - then 0 is appropriate. However, if was
> superuser (euid == 0) and a setuid call is used to demote/lower privilidge
> then 1 is the correct value.

Completely wrong, and I have no no idea where you got that from!

Read the man page again!

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/issetugid.2?query=issetugid

The issetugid status of a process is only affected by execve().

Let's look at the OpenBSD kernel, where this system call was invented,
for the exact semantics.

This issetugid() system call simply returns the status:

if (p->p_p->ps_flags & PS_SUGIDEXEC)
*retval = 1;
else
*retval = 0;

What affects PS_SUGIDEXEC?  It is only set or cleared in execve()
based on variables which are probably self-evident:

/*
 * If process does execve() while it has a mismatched real,
 * effective, or saved uid/gid, we set PS_SUGIDEXEC.
 */
if (cred->cr_uid != cred->cr_ruid ||
cred->cr_uid != cred->cr_svuid ||
cred->cr_gid != cred->cr_rgid ||
cred->cr_gid != cred->cr_svgid)
atomic_setbits_int(&pr->ps_flags, PS_SUGIDEXEC);
else
atomic_clearbits_int(&pr->ps_flags, PS_SUGIDEXEC);

Meanwhile, at fork() time, the child simply inherits the status of
the parent:

pr->ps_flags = parent->ps_flags & (PS_SUGID | PS_SUGIDEXEC);

You will note a second flag called PS_SUGID at fork, which dates back
to the dawn of time.  The difference between these flags is very
subtly described in the .h file:

#define PS_SUGID0x0010  /* Had set id privs since last exec. */
#define PS_SUGIDEXEC0x0020  /* last execve() was set[ug]id */

The dominant usage pattern for issetugid() is to prevent inspection of
the environment via getenv(), down in a library.

The issetugid() API relieves programs from having to sanitize their
environment before calling into libraries, because the 90's showed us
someone always screws up that pattern the libraries need a
method to save themselves.  Patterns like getuid() != geteuid() do not
give you the same guarantees.  issetugid() tells you that your
priviledge level is incompatible with the provinance of the
environment strings.

Re: libressl-2.1.6 on AIX

2015-04-09 Thread Michael Felt

I shall look at collecting the in-tree stuff. My servers are in the
netherlands, and I am in austin atm. I have a meeting with the security
team in about 30 minutes and I am going to mention libressl and get a
discussion going.

One of the things I wanted to discuss is about priv escalation.

Just to make sure I understand what is expected of isssetguid() - could you
perhaps, in terms of ls -l output with suid programs describe the
sequence(s) where the value should be 1 - and especially, when they might
(read should) be 0.

>From memory of what I read (how I understood) the man page, if was
superuser, and am still user - then 0 is appropriate. However, if was
superuser (euid == 0) and a setuid call is used to demote/lower privilidge
then 1 is the correct value.
Also, if euid != 0 and an suid bit makes euid == 0 then the value should be
one.

Lastly, I am thinking that if a program starts as euid (even ruid) == 0,
but used setuid to implement a safe-mode (i.e., not running as root)
issetuid() should also return 1.

I just repeated the process of configure, make, make check - but with
OBJECT_MODE=64 and one test fails: asn1test.

No time to look at it right now. This evening I will download the tree and
test.

Atm I am testing with no openssl installed. I would like to be able to run
the whole process without needint autoconf/automake (because that requires
additional libraries). And I need to figure out a better way to get the
libraries to take a suffix of _64 so I can have both 32 and 64 bit support
- eventually.

Adding the configure setting: --program-suffix="_64" did not have any
effect I could discover.

re: the library loader - you can see what libpath is compiled into an
program and/or a library member using "dump -H". At least, that is how I
examine it.

regards,
Michael

On Wed, Apr 8, 2015 at 10:28 PM, Brent Cook  wrote:

> Thanks Michael,
>
> I have incorporated some initial AIX patches - can you please check out
> the latest tree?
>
>
> https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf
>
>
> https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03
>
> There are a few changes from your original patch set, but this should make
> it easier to move forward now that they are in-tree. You can just patch on
> top of that rather than sending the whole thing.
>
> I undid some of the formatting changes for the getentropy file so it
> matched the other files - the style is intentional between the files so its
> easy to diff between them to spot changes. The perfstat stuff moves into
> the inner loop like the other files as well. I added the network counters
> (we have network counters on OS X too), but also added wpar cpu stats.
>
> The issetugid currently short circuits to always return '1' because I
> think it still needs some work, as we discussed earlier. If we can't find a
> way to make it work, a failsafe version isn't really a bad thing for most
> uses.
>
> Also, I didn't add the configure.ac line that set CFLAGS to empty string
> that was in the original patch. The current master branch has switched to
> letting autoconf initialize the CFLAGS directly. This worked fine with gcc
> when I tried it, but I'd be interested in seeing how it works with other
> AIX compilers.
>
> One slightly annoying thing I found was the system library loader would
> find other versions of libcrypto.a / libssl.a under LIBPATH and try to load
> those when running binaries in-tree rather than the build versions. I don't
> know if that was just a misconfiguration with my system.
>
>  - Brent
>
> > On Apr 8, 2015, at 9:19 PM, Michael Felt  wrote:
> >
> > I applied the patch I had sent in before, made one change (correction) -
> correcting a typo that brent had pointed out (netinfo that needs to be
> "diskinfo") in the getentrophy_aix.c
> >
> > If you need the patch again, I can send it again. I am curious about
> whether this is moving forward - and if there is anything extra I can do to
> assist.
> >
> >
> 
> > Testsuite summary for libressl 2.1.6
> >
> 
> > # TOTAL: 47
> > # PASS:  47
> > # SKIP:  0
> > # XFAIL: 0
> > # FAIL:  0
> > # XPASS: 0
> > # ERROR: 0
> >
> 
> >
> > regards,
> > Michael
>
>

Re: libressl-2.1.6 on AIX

2015-04-08 Thread Brent Cook

Thanks Michael,

I have incorporated some initial AIX patches - can you please check out the 
latest tree?

https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf

https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03

There are a few changes from your original patch set, but this should make it 
easier to move forward now that they are in-tree. You can just patch on top of 
that rather than sending the whole thing.

I undid some of the formatting changes for the getentropy file so it matched 
the other files - the style is intentional between the files so its easy to 
diff between them to spot changes. The perfstat stuff moves into the inner loop 
like the other files as well. I added the network counters (we have network 
counters on OS X too), but also added wpar cpu stats.

The issetugid currently short circuits to always return '1' because I think it 
still needs some work, as we discussed earlier. If we can't find a way to make 
it work, a failsafe version isn't really a bad thing for most uses.

Also, I didn't add the configure.ac line that set CFLAGS to empty string that 
was in the original patch. The current master branch has switched to letting 
autoconf initialize the CFLAGS directly. This worked fine with gcc when I tried 
it, but I'd be interested in seeing how it works with other AIX compilers.

One slightly annoying thing I found was the system library loader would find 
other versions of libcrypto.a / libssl.a under LIBPATH and try to load those 
when running binaries in-tree rather than the build versions. I don't know if 
that was just a misconfiguration with my system.

 - Brent

> On Apr 8, 2015, at 9:19 PM, Michael Felt  wrote:
> 
> I applied the patch I had sent in before, made one change (correction) - 
> correcting a typo that brent had pointed out (netinfo that needs to be 
> "diskinfo") in the getentrophy_aix.c
> 
> If you need the patch again, I can send it again. I am curious about whether 
> this is moving forward - and if there is anything extra I can do to assist.
> 
> 
> Testsuite summary for libressl 2.1.6
> 
> # TOTAL: 47
> # PASS:  47
> # SKIP:  0
> # XFAIL: 0
> # FAIL:  0
> # XPASS: 0
> # ERROR: 0
> 
> 
> regards,
> Michael

libressl-2.1.6 on AIX

2015-04-08 Thread Michael Felt

I applied the patch I had sent in before, made one change (correction) -
correcting a typo that brent had pointed out (netinfo that needs to be
"diskinfo") in the getentrophy_aix.c

If you need the patch again, I can send it again. I am curious about
whether this is moving forward - and if there is anything extra I can do to
assist.


Testsuite summary for libressl 2.1.6

# TOTAL: 47
# PASS:  47
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0


regards,
Michael

Re: libressl-2.1.6 on AIX

Re: libressl-2.1.6 on AIX

Re: libressl-2.1.6 on AIX

Re: libressl-2.1.6 on AIX

Re: libressl-2.1.6 on AIX

libressl-2.1.6 on AIX

6 matches

Site Navigation

Mail list logo

Footer information