From owner-freebsd-security@freebsd.org  Mon Dec 14 06:54:19 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7CDB54AF9EB
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Mon, 14 Dec 2020 06:54:19 +0000 (UTC)
 (envelope-from jmg@gold.funkthat.com)
Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gate2.funkthat.com",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CvXDp1JpFz4TlF
 for <freebsd-security@freebsd.org>; Mon, 14 Dec 2020 06:54:17 +0000 (UTC)
 (envelope-from jmg@gold.funkthat.com)
Received: from gold.funkthat.com (localhost [127.0.0.1])
 by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id 0BE6sAKH025145
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Sun, 13 Dec 2020 22:54:10 -0800 (PST)
 (envelope-from jmg@gold.funkthat.com)
Received: (from jmg@localhost)
 by gold.funkthat.com (8.15.2/8.15.2/Submit) id 0BE6s8mG025142;
 Sun, 13 Dec 2020 22:54:08 -0800 (PST) (envelope-from jmg)
Date: Sun, 13 Dec 2020 22:54:08 -0800
From: John-Mark Gurney <jmg@funkthat.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl
Message-ID: <20201214065408.GV31099@funkthat.com>
Mail-Followup-To: Benjamin Kaduk <kaduk@mit.edu>, freebsd-security@freebsd.org
References: <20201209230300.03251CA1@freefall.freebsd.org>
 <20201211064628.GM31099@funkthat.com>
 <813a04a4-e07a-9608-40a5-cc8e339351eb@FreeBSD.org>
 <20201213005708.GU31099@funkthat.com>
 <20201213020727.GP64351@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20201213020727.GP64351@kduck.mit.edu>
X-Operating-System: FreeBSD 11.3-STABLE amd64
X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7  ED9B D5FF 5A51 C0AC 3D65
X-Files: The truth is out there
X-URL: https://www.funkthat.com/
X-Resume: https://www.funkthat.com/~jmg/resume.html
X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
User-Agent: Mutt/1.6.1 (2016-04-27)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (gold.funkthat.com [127.0.0.1]); Sun, 13 Dec 2020 22:54:10 -0800 (PST)
X-Rspamd-Queue-Id: 4CvXDp1JpFz4TlF
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of jmg@gold.funkthat.com has no SPF policy
 when checking 208.87.223.18) smtp.mailfrom=jmg@gold.funkthat.com
X-Spamd-Result: default: False [0.98 / 15.00]; RCVD_TLS_ALL(0.00)[];
 ARC_NA(0.00)[]; FREEFALL_USER(0.00)[jmg]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[funkthat.com];
 RBL_DBL_DONT_QUERY_IPS(0.00)[208.87.223.18:from];
 AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[1.000];
 SPAMHAUS_ZRD(0.00)[208.87.223.18:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_LONG(-0.67)[-0.668];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.55)[-0.552];
 R_SPF_NA(0.00)[no SPF record];
 FORGED_SENDER(0.30)[jmg@funkthat.com,jmg@gold.funkthat.com];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_COUNT_TWO(0.00)[2];
 ASN(0.00)[asn:32354, ipnet:208.87.216.0/21, country:US];
 FROM_NEQ_ENVFROM(0.00)[jmg@funkthat.com,jmg@gold.funkthat.com];
 MAILMAN_DEST(0.00)[freebsd-security]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2020 06:54:19 -0000

Benjamin Kaduk wrote this message on Sat, Dec 12, 2020 at 18:07 -0800:
> On Sat, Dec 12, 2020 at 04:57:08PM -0800, John-Mark Gurney wrote:
> >
> > If FreeBSD is going to continue to use OpenSSL, better testing needs to
> > be done to figure out such breakage earliers, and how to not have them
> > go undetected for so long.
> 
> I don't think anyone would argue against increasing test coverage.
> The most important question seems to be how to know what should be getting
> tested but isn't.  Do you have any ideas for where to start looking?

Is there a CI pipeline setup for OpenSSL testing on -current and the
stable branches?  If so, where the results posted?  Are the existing
test suite being run?  Why was the engine test not being run?  Has that
now been fixed?

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."