From: Carlos O'Donell <carlos@redhat.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>,
libc-alpha@sourceware.org, Zack Weinberg <zack@owlfolio.org>
Subject: Re: [PATCH v2 0/2] Remove libcrypt support
Date: Mon, 30 Oct 2023 08:52:07 -0400 [thread overview]
Message-ID: <9aad915e-a48a-107c-861b-22357f412da5@redhat.com> (raw)
In-Reply-To: <20231002121149.2325402-1-adhemerval.zanella@linaro.org>
On 10/2/23 08:11, Adhemerval Zanella wrote:
> The libcrypt is no longer built by default since 2.38, it lacks
> support for newer password hashing schmes, and the code has some
> code issues (like extensive use of alloca, where not all
> architectures have stack haderning support).
>
> libxcrypt [1] provides full support along with ABI compatbility,
> meaning it is a drop-in replacement without the need to either
> code changes or rebuilding. It is also provided with a similar
> licensing (LGPL 2.1).
Downstream Fedora has been using libxcrypt since Fedora 28:
https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
Since 2018 (glibc 2.27) Fedora has been using libxcrypt. Over the last 5 years
we haven't had any problems with libcrypt.
The direction this series takes is the right direction, which is to remove all
of the extra interfaces from glibc which are not a part of the core C library
and which can and should evolve at a different speed, and possibly with their
own security policy.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> [1] https://github.com/besser82/libxcrypt
>
> Adhemerval Zanella (2):
> sparc: Remove optimize md5, sha256, and sha512
> crypt: Remove libcrypt support
>
> CONTRIBUTED-BY | 15 -
> INSTALL | 13 -
> Makeconfig | 5 -
> NEWS | 16 +-
> SHARED-FILES | 2 -
> config.make.in | 4 -
> configure | 126 ---
> configure.ac | 65 --
> conform/Makefile | 5 -
> crypt/Makefile | 69 --
> crypt/README.ufc-crypt | 135 ---
> crypt/Versions | 5 -
> crypt/badsalttest.c | 54 -
> crypt/cert.c | 135 ---
> crypt/cert.input | 171 ----
> crypt/crypt-entry.c | 183 ----
> crypt/crypt-private.h | 76 --
> crypt/crypt.c | 115 ---
> crypt/crypt.h | 70 --
> crypt/crypt_util.c | 946 ------------------
> crypt/md5-crypt.c | 331 ------
> crypt/md5c-test.c | 18 -
> crypt/md5test-giant.c | 137 ---
> crypt/md5test.c | 53 -
> crypt/sha256-block.c | 98 --
> crypt/sha256-crypt.c | 423 --------
> crypt/sha256.c | 193 ----
> crypt/sha256.h | 69 --
> crypt/sha256c-test.c | 61 --
> crypt/sha256test.c | 102 --
> crypt/sha512-block.c | 105 --
> crypt/sha512-crypt.c | 445 --------
> crypt/sha512.c | 221 ----
> crypt/sha512.h | 72 --
> crypt/sha512c-test.c | 63 --
> crypt/sha512test.c | 113 ---
> crypt/speeds.c | 153 ---
> crypt/ufc-crypt.h | 28 -
> crypt/ufc.c | 54 -
> elf/Makefile | 38 -
> elf/tst-linkall-static.c | 6 -
> include/crypt.h | 3 -
> locale/Makefile | 4 +-
> locale/programs/locarchive.c | 2 +-
> locale/programs/locfile.c | 2 +-
> {crypt => locale/programs}/md5-block.c | 0
> {crypt => locale/programs}/md5.c | 104 +-
> {crypt => locale/programs}/md5.h | 46 +-
> manual/contrib.texi | 2 +-
> manual/crypt.texi | 234 +----
> manual/examples/genpass.c | 59 --
> manual/examples/testpass.c | 67 --
> manual/users.texi | 4 +-
> posix/unistd.h | 10 -
> scripts/build-many-glibcs.py | 9 +-
> scripts/documented.sh | 2 +-
> shlib-versions | 3 -
> stdio-common/Versions | 2 -
> sysdeps/generic/fips-private.h | 36 -
> sysdeps/generic/libcrypt.abilist | 0
> sysdeps/mach/Makefile | 4 +-
> sysdeps/mach/hurd/i386/libcrypt.abilist | 7 -
> sysdeps/mach/hurd/x86_64/libcrypt.abilist | 2 -
> .../sparc/sparc32/sparcv9/multiarch/Makefile | 8 -
> .../sparc32/sparcv9/multiarch/md5-block.c | 1 -
> .../sparc32/sparcv9/multiarch/md5-crop.S | 1 -
> .../sparc32/sparcv9/multiarch/sha256-block.c | 1 -
> .../sparc32/sparcv9/multiarch/sha256-crop.S | 1 -
> .../sparc32/sparcv9/multiarch/sha512-block.c | 1 -
> .../sparc32/sparcv9/multiarch/sha512-crop.S | 1 -
> sysdeps/sparc/sparc64/multiarch/Makefile | 8 -
> sysdeps/sparc/sparc64/multiarch/md5-block.c | 29 -
> sysdeps/sparc/sparc64/multiarch/md5-crop.S | 109 --
> .../sparc/sparc64/multiarch/sha256-block.c | 32 -
> sysdeps/sparc/sparc64/multiarch/sha256-crop.S | 100 --
> .../sparc/sparc64/multiarch/sha512-block.c | 32 -
> sysdeps/sparc/sparc64/multiarch/sha512-crop.S | 130 ---
> .../unix/sysv/linux/aarch64/libcrypt.abilist | 7 -
> .../unix/sysv/linux/alpha/libcrypt.abilist | 7 -
> sysdeps/unix/sysv/linux/alpha/shlib-versions | 1 -
> sysdeps/unix/sysv/linux/arc/libcrypt.abilist | 2 -
> sysdeps/unix/sysv/linux/arm/Makefile | 4 -
> .../unix/sysv/linux/arm/be/libcrypt.abilist | 7 -
> .../unix/sysv/linux/arm/le/libcrypt.abilist | 7 -
> sysdeps/unix/sysv/linux/csky/libcrypt.abilist | 2 -
> sysdeps/unix/sysv/linux/fips-private.h | 74 --
> sysdeps/unix/sysv/linux/hppa/libcrypt.abilist | 7 -
> sysdeps/unix/sysv/linux/i386/libcrypt.abilist | 7 -
> sysdeps/unix/sysv/linux/ia64/libcrypt.abilist | 7 -
> .../linux/loongarch/lp64/libcrypt.abilist | 2 -
> .../sysv/linux/m68k/coldfire/libcrypt.abilist | 7 -
> .../sysv/linux/m68k/m680x0/libcrypt.abilist | 7 -
> .../sysv/linux/microblaze/be/libcrypt.abilist | 7 -
> .../sysv/linux/microblaze/le/libcrypt.abilist | 7 -
> .../sysv/linux/mips/mips32/libcrypt.abilist | 7 -
> .../sysv/linux/mips/mips64/libcrypt.abilist | 7 -
> .../unix/sysv/linux/nios2/libcrypt.abilist | 7 -
> sysdeps/unix/sysv/linux/or1k/libcrypt.abilist | 2 -
> .../linux/powerpc/powerpc32/libcrypt.abilist | 7 -
> .../powerpc/powerpc64/be/libcrypt.abilist | 7 -
> .../powerpc/powerpc64/le/libcrypt.abilist | 7 -
> .../sysv/linux/riscv/rv32/libcrypt.abilist | 2 -
> .../sysv/linux/riscv/rv64/libcrypt.abilist | 7 -
> .../sysv/linux/s390/s390-32/libcrypt.abilist | 7 -
> .../sysv/linux/s390/s390-64/libcrypt.abilist | 7 -
> .../unix/sysv/linux/sh/be/libcrypt.abilist | 7 -
> .../unix/sysv/linux/sh/le/libcrypt.abilist | 7 -
> .../sysv/linux/sparc/sparc32/libcrypt.abilist | 7 -
> .../sysv/linux/sparc/sparc64/libcrypt.abilist | 7 -
> .../sysv/linux/x86_64/64/libcrypt.abilist | 7 -
> .../sysv/linux/x86_64/x32/libcrypt.abilist | 7 -
> 111 files changed, 61 insertions(+), 6259 deletions(-)
> delete mode 100644 crypt/Makefile
> delete mode 100644 crypt/README.ufc-crypt
> delete mode 100644 crypt/Versions
> delete mode 100644 crypt/badsalttest.c
> delete mode 100644 crypt/cert.c
> delete mode 100644 crypt/cert.input
> delete mode 100644 crypt/crypt-entry.c
> delete mode 100644 crypt/crypt-private.h
> delete mode 100644 crypt/crypt.c
> delete mode 100644 crypt/crypt.h
> delete mode 100644 crypt/crypt_util.c
> delete mode 100644 crypt/md5-crypt.c
> delete mode 100644 crypt/md5c-test.c
> delete mode 100644 crypt/md5test-giant.c
> delete mode 100644 crypt/md5test.c
> delete mode 100644 crypt/sha256-block.c
> delete mode 100644 crypt/sha256-crypt.c
> delete mode 100644 crypt/sha256.c
> delete mode 100644 crypt/sha256.h
> delete mode 100644 crypt/sha256c-test.c
> delete mode 100644 crypt/sha256test.c
> delete mode 100644 crypt/sha512-block.c
> delete mode 100644 crypt/sha512-crypt.c
> delete mode 100644 crypt/sha512.c
> delete mode 100644 crypt/sha512.h
> delete mode 100644 crypt/sha512c-test.c
> delete mode 100644 crypt/sha512test.c
> delete mode 100644 crypt/speeds.c
> delete mode 100644 crypt/ufc-crypt.h
> delete mode 100644 crypt/ufc.c
> delete mode 100644 include/crypt.h
> rename {crypt => locale/programs}/md5-block.c (100%)
> rename {crypt => locale/programs}/md5.c (65%)
> rename {crypt => locale/programs}/md5.h (74%)
> delete mode 100644 manual/examples/genpass.c
> delete mode 100644 manual/examples/testpass.c
> delete mode 100644 sysdeps/generic/fips-private.h
> delete mode 100644 sysdeps/generic/libcrypt.abilist
> delete mode 100644 sysdeps/mach/hurd/i386/libcrypt.abilist
> delete mode 100644 sysdeps/mach/hurd/x86_64/libcrypt.abilist
> delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/md5-block.c
> delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/md5-crop.S
> delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha256-block.c
> delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha256-crop.S
> delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha512-block.c
> delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha512-crop.S
> delete mode 100644 sysdeps/sparc/sparc64/multiarch/md5-block.c
> delete mode 100644 sysdeps/sparc/sparc64/multiarch/md5-crop.S
> delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha256-block.c
> delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha256-crop.S
> delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha512-block.c
> delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha512-crop.S
> delete mode 100644 sysdeps/unix/sysv/linux/aarch64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/alpha/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/arc/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/arm/be/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/arm/le/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/csky/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/fips-private.h
> delete mode 100644 sysdeps/unix/sysv/linux/hppa/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/i386/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/ia64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/loongarch/lp64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/m68k/coldfire/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/m68k/m680x0/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/microblaze/be/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/microblaze/le/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/mips/mips32/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/mips/mips64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/nios2/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/or1k/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/riscv/rv32/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/riscv/rv64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/sh/be/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/sh/le/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/sparc/sparc32/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/sparc/sparc64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/x86_64/64/libcrypt.abilist
> delete mode 100644 sysdeps/unix/sysv/linux/x86_64/x32/libcrypt.abilist
>
--
Cheers,
Carlos.
prev parent reply other threads:[~2023-10-30 12:52 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 12:11 Adhemerval Zanella
2023-10-02 12:11 ` [PATCH v2 1/2] sparc: Remove optimize md5, sha256, and sha512 Adhemerval Zanella
2023-10-30 12:52 ` Carlos O'Donell
2023-10-30 13:04 ` Carlos O'Donell
2023-10-02 12:11 ` [PATCH v2 2/2] crypt: Remove libcrypt support Adhemerval Zanella
2023-10-02 14:21 ` Zack Weinberg
2023-10-30 12:52 ` Carlos O'Donell
2023-10-31 13:43 ` Joseph Myers
2023-10-31 14:00 ` Adhemerval Zanella Netto
2024-01-16 12:00 ` Szabolcs Nagy
2024-01-16 12:21 ` Andreas Schwab
2023-10-30 12:52 ` Carlos O'Donell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9aad915e-a48a-107c-861b-22357f412da5@redhat.com \
--to=carlos@redhat.com \
--cc=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).