From nobody Mon Jan 15 16:40:18 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TDHtt0kRpz57JmY; Mon, 15 Jan 2024 16:40:22 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TDHts4MDlz3xRS; Mon, 15 Jan 2024 16:40:21 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4002a.ext.cloudfilter.net ([10.228.9.250]) by cmsmtp with ESMTPS id PJAarpIoQGAIJPQ0arW7iY; Mon, 15 Jan 2024 16:40:20 +0000 Received: from spqr.komquats.com ([70.66.152.170]) by cmsmtp with ESMTPSA id PQ0ZrxAHBwbmvPQ0ZrbCEl; Mon, 15 Jan 2024 16:40:20 +0000 X-Authority-Analysis: v=2.4 cv=O6wqATxW c=1 sm=1 tr=0 ts=65a55ff4 a=y8EK/9tc/U6QY+pUhnbtgQ==:117 a=y8EK/9tc/U6QY+pUhnbtgQ==:17 a=kj9zAlcOel0A:10 a=dEuoMetlWLkA:10 a=7LAwx-u0AAAA:8 a=YxBL1-UpAAAA:8 a=VxmjJ2MpAAAA:8 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=YRXlNdjjCfrx9UpPGPAA:9 a=CjuIK1q_8ugA:10 a=pK3_ou3pLUoA:10 a=Wbql1O7w7MJ4N54WVBAX:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=7gXAzLPJhVmCkEl4_tsf:22 a=IjZwj45LgO3ly-622nXo:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 7AAFE74D; Mon, 15 Jan 2024 08:40:18 -0800 (PST) Received: by slippy.cwsent.com (Postfix, from userid 1000) id 68990AC; Mon, 15 Jan 2024 08:40:18 -0800 (PST) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Gordon Tetlow cc: Cy Schubert , Jessica Clarke , Cy Schubert , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" , FreeBSD Security Officer Subject: Re: git: cb350ba7bf7c - main - kerberos: Fix numerous segfaults when using weak crypto In-reply-to: <75357052-F1AF-4E48-B2A8-5FE23EFB2B54@tetlows.org> References: <202401111331.40BDVZfn015429@gitrepo.freebsd.org> <20240112071106.C72D8235@slippy.cwsent.com> <20240112074339.A581B23D@slippy.cwsent.com> <20240113141123.01FCD22B@slippy.cwsent.com> <20240113141953.E79B716E@slippy.cwsent.com> <75357052-F1AF-4E48-B2A8-5FE23EFB2B54@tetlows.org> Comments: In-reply-to Gordon Tetlow message dated "Mon, 15 Jan 2024 07:17:08 -0800." List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 15 Jan 2024 08:40:18 -0800 Message-Id: <20240115164018.68990AC@slippy.cwsent.com> X-CMAE-Envelope: MS4xfLtm4PwPbFOdf/u/HVvv4yobhS6b/VRRe5z5TwLY5/amn1murDcPHGm5XDD0dylMWiJEdogbL7ZobZ31eGM2Z7sfFC/WuMTc/Me417nJETO95wDEG2Xy cnCbD/jqjRPSldFGjsKwluWzTV6sOa0Ue5Cfc+oUJi27E5iHPzskX64pFV3kXfQPmGI7ySWCrBzONuthwzrlHFw12fC/Jhg7sTLKhWxpsa43awefNQumk5Gd EZSxVyloUB0tUP9M7rfxdlfdg+mMQrRnOiokSO8jDmbL7GQHDzglFxyNyHPrErMgDCiKr9KQsbc9A4mg3Nm0WKTAJ1/0n/sSrAGnU9ZGYyUdwrDg9rzav2XW ML8Nuuc1O0SKCWQ7bRH1nIpHpem7RvCs7NiQgzt/5HUNbB+Bi3NRo9pnM6tOtLqEovkUIO1C X-Rspamd-Queue-Id: 4TDHts4MDlz3xRS X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] In message <75357052-F1AF-4E48-B2A8-5FE23EFB2B54@tetlows.org>, Gordon Tetlow wr ites: > > > > On Jan 13, 2024, at 6:19 AM, Cy Schubert = > wrote: > >=20 > > In message <20240113141123.01FCD22B@slippy.cwsent.com>, Cy Schubert = > writes: > >> In message <20240112074339.A581B23D@slippy.cwsent.com>, Cy Schubert = > writes: > >>>=20 > >>> I think the correct approach would be to separate the new=20 > >>> fbsd_ossl_provider_load() and unload functions into their own = > library=20 > >>> (instead of libroken). This avoids the less desirable option of = > including=20 > >>> bsd.cpu.mk in secure/lib/Makefile.common, which does build but could = > affect > >>=20 > >>> future work. > >>=20 > >> The alternative approach also requires secure/lib/libcrypto (because = > of=20 > >> libkrb5) being built during prebuild phase. Either way bsd.cpu.mk = > will need=20 > >> to be included in the secure/lib/libcrypto/Makefile.common. Both of = > these=20 > >> similar approaches, attempting to limit the change to local to = > Heimdal only=20 > >> result in the same Linux MacOS failure. This leaves us with enabling = > legacy=20 > >> (weak) crypto globally, like this: > >>=20 > >> diff --git a/crypto/openssl/apps/openssl.cnf = > b/crypto/openssl/apps/openssl.c > >> nf > >> index 7996120cc67e..659c0b21abbd 100644 > >> --- a/crypto/openssl/apps/openssl.cnf > >> +++ b/crypto/openssl/apps/openssl.cnf > >> @@ -57,6 +57,7 @@ providers =3D provider_sect > >> # List of providers to load > >> [provider_sect] > >> default =3D default_sect > >> +legacy =3D legacy_set > >> # The fips section name should match the section name inside the > >> # included fipsmodule.cnf. > >> # fips =3D fips_sect > >> @@ -70,8 +71,10 @@ default =3D default_sect > >> # OpenSSL may not work correctly which could lead to significant = > system > >> # problems including inability to remotely access the system. > >> [default_sect] > >> -# activate =3D 1 > >> +activate =3D 1 > >>=20 > >> +[legacy_sect] > >> +activate =3D 1 > >>=20 > >> #################################################################### > >> [ ca ] > >>=20 > >> Would this be acceptable or would we prefer to add bsd.cpu.mk to=20 > >> secure/libcrypto/Makefile.inc? > >=20 > > Adding so@freebsd.org. > > Globally enabling weak crypto to serve the needs of a cross-building = > issue in software that less than 1% users use is a bad idea. Let=E2=80=99s= > find a different path please. > > Best, > Gordon > Hat: security-officer.= I have another solution, being worked on. It will dlopen()/dlsym(). Unorthodox but should work around the Linux and MacOS issues. I'll create a GH PR (gotta love reusing and recycling acronyms) to test build on Linux as jrtc27 suggested, so please, nobody take the PR and commit it. As it uses dlopen()/dlsym() it does not touch Makefile.inc1 nor src.libnames.mk, so it should build everywhere. I don't use weak crypto here (with my MIT KDC). I'll ask those watching the bugzilla PR (gotta love recycling acronyms again) to test the new patch. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0