Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

To: 754513@bugs.debian.org
Cc: "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org>, 754513-submitter@bugs.debian.org
Subject: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Sat, 12 Jul 2014 02:09:48 +0100
Message-id: <[🔎] 53C08ADC.8000506@pyro.eu.org>
Reply-to: Steven Chamberlain <steven@pyro.eu.org>, 754513@bugs.debian.org

This is good to see already :)

I expect it builds fine on GNU/Linux, with GCC and Clang, unless
hardening options are used, then these warnings would be treated as errors:

> In file included from md5/md5_locl.h:98:0,
>                  from md5/md5_dgst.c:60:
> md5/md5_dgst.c: In function 'md5_block_data_order':
> ./md32_common.h:237:66: warning: right-hand operand of comma expression has no effect [-Wunused-value]
>  #  define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
>                                                                   ^
> md5/md5_dgst.c:107:2: note: in expansion of macro 'HOST_c2l'
>   HOST_c2l(data,l); X( 0)=l;  HOST_c2l(data,l); X( 1)=l;
>   ^

> ./md32_common.h:213:41: warning: right-hand operand of comma expression has no effect [-Wunused-value]
>      l|=(((unsigned long)(*((c)++)))    ),  \
>                                          ^
> sha/sha256.c:245:3: note: in expansion of macro 'HOST_c2l'
>    HOST_c2l(data,l); T1 = X[0] = l;  ROUND_00_15(0,a,b,c,d,e,f,g,h);
>    ^

We'd want to configure with --disable-silent-rules, if debhelper scripts
don't already do that.

Compiling on GNU/kFreeBSD is possible (and potentially GNU/Hurd) but
requires the attached patch *and* a solution for getentropy:

1. try to use getentropy_linux.c - but would have to disable use of
Linux-specific sysctls and headers;  it is dangerous to rely on only
/dev/random, so we should implement replacement sysctls to use on
FreeBSD - that could be a bit messy

2. create a new getentropy_freebsd.c - but seems silly as FreeBSD itself
does not need it (see solution 3);  also does not help GNU/Hurd

3. (my preference) link with libbsd, which already provides a
arc4random_buf and so getentropy is not needed at all - WARNING: the
libbsd arc4random implementation still uses RC4 at the moment (as on
FreeBSD), but OpenBSD has already changed it to use ChaCha20 (see Bug
#747671);  we'd also want to make sure libbsd's entropy gathering is at
least as robust as in getentropy_linux.c

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

--- configure.orig	2014-07-11 18:42:02.000000000 +0100
+++ configure	2014-07-12 01:26:15.064409115 +0100
@@ -2915,7 +2915,7 @@
 		TARGET_OS=darwin;
 		LDFLAGS="$LDFLAGS -Qunused-arguments"
 		;;
-	*linux*)
+	*linux* | *gnu*)
 		TARGET_OS=linux;
 		CFLAGS="$CFLAGS -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
 		;;

Reply to:

Follow-Ups:
- Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Processed: Debian bugs
Next by Date: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Previous by thread: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by thread: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Index(es):
- Date
- Thread