New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support libcrypto for hmac and sha256 #223
Conversation
Uploaded a new version with a few fixes. It should now respect |
Pushed another update based on the latest feedback. The prioritization in I also moved the openssl shims to I have tested on Ubuntu and OpenBSD, as mentioned above I would appreciate feedback on the DragonflyBSD diff. I left the workaround for MD5 in place but removed the "openssl/sha.h" part since that should now be handled automatically :) |
a3c2898
to
a27078d
Compare
Newest iteration uses |
Does dhcpcd even need to ship its own implementations in compat? It would make more sense to always build against upstream libraries that see active maintenance. |
There are several OS that exist where nothing is used in compat as these functions exist within libc. I don't even know if all these functions exist in any libraries available in Linux so it makes more sense to do it like this because as I said earlier some systems expect /usr to be network mounted after dhcpcd has started so just blindly using openssl isn't an option as it generally lives in /usr. |
A lot of the functions you have in compat are a part of libbsd in Linux, I am not sure making libbsd a requirement is a good thing, since it's not a required install. |
Which would be this library: https://libbsd.freedesktop.org/ |
Making OpenSSL a requirement, is not a good thing. Big distros like Ubuntu have all crypto libraries installed, but if you look on Embedded use, things are much more fragmented. There are OpenSSL, GnuTLS, wolfSSL and even "No SSL" builds... Are you going to support them all? OpenSSL is huge I wouldn't want to be required to include it. |
This can currently build using the minimal libmd instead of the built-ins shipped in compat/crypto. My guess is that Ubuntu would just rather use OpenSSL for all crypto. As long as this is configurable at build time and doesn't remove the possibility to use libmd or built-ins for other distros, we're good. |
I am not planning to limit the portability of dhcpcd in any way or even change the default. We would just like the be able to use OpenSSL where it is already available.
Right, our main motivation is having a small set of well reviewed cryptography in our base system. OpenSSL just happens to be the most widespread one and matches that criteria. |
Looking at libbsd on Linux, in detail, it includes libmd with all SHA functions, maybe we just replace compat with libbsd on Linux. |
Uploaded one more tiny fix to not have HAVE_MD5_H defined when using openssl. I think the rest of the |
I am sure the config refactoring wasn't easy to follow, so here's what the current version should default to:
Additionally, if |
Any advice on how we could move forward with this? Would it make more sense to not change the defaults for now and only enable openssl support if |
@rsmarples have we reached a conclusion about this (and other pending) merge requests? |
@ido Any feedback? |
One more update. I added an explicit call to |
I made another interesting discovery today which is that even if openssl doesn't expose |
Detect libcrypto in configure script. Only fall back to using libcrypto when /usr libs are allowed and no other compatible implementation is available or when --with-openssl is passed explicitly. Make sure libcrypto and libmd are never linked at the same time. Add OpenSSL based SHA256 and HMAC compat shims in compat/crypt_openssl. Depeding on version and build flags, libcrypto ships with a compatible SHA256 API in "openssl/sha.h". OpenSSL 3 has deprecated the SHA API, so if it is not detected we fall back to an EVP_DIGEST based version. Because the API might still be in use in OpenSSL internally, the compatibility wrappers have a dhcpcd_ prefix to avoid symbol conflicts.
That's always the danger of linking which I try and avoid in the first place :) I'm on holiday next week and without internet and will try and look at this some more when I get back. |
@rsmarples, is there any progress on this? |
@perkelix sorry for the late reply, my personal life has been interesting of late. @tobhe I've been hammering this PR on a lot of various OS's can cannot find any issue with it, so from the technical perspective it's good to merge and well done for getting here! I'll spend some time having a final look over the weekend to refresh and then merge it. |
In a recent security review for the Ubuntu package of dhcpcd we found that the packaged version uses the built-in crypto primitives from
compat/crypt
.We try to keep the number of low-level crypto implementations at a minimum to make it easier for the Ubuntu security team to review them, track eventual bugs as and ensure compliance in certified environments.
This PR adds alternative
compat/crypt
wrappers based on libcrypto and some tests to make sure they work correctly. I made sure that they also work across different OpenSSL versions and with LibreSSL.