From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 3C10A3858D33 for ; Mon, 30 Oct 2023 12:52:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3C10A3858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3C10A3858D33 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1698670334; cv=none; b=tcmR4Ic0ICZSh/3H+9qaHyqP7oyQPJNV8ygfeTw6bBZ5Z/sITEwhou+6WjbkqyTMf+WvQyaTIH3hwjoMU+xfsYOv7Qjg+jEdyllALiSfknRwaKsZim3hM+ng9hxyPFaR1FztUdJBshJzom3DRxzaeOWdcYg/lvEzlP8+ky9S6PU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1698670334; c=relaxed/simple; bh=SAkxHNCqCEG7ZUijZtaX4SxbEClLLaKdDphdo3ltMVk=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=YEIqDXM23uklS1D8WTbRzdxejxzsuO/0UtnY+vWIXL1zrazHLHCz8OidTgE2j+PvjUfMZJ7Ie+gRtqwHoOjTXWxuNsjqdGaeCZE7FonIoogIBWFn9ABcCQ2HDeXrgBdG1PvorrgZqr0EsTJXwUdiJpFjOo3h6hMqnRqjrvAle00= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698670331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aOh9FhNMKRoFlF12IRMO1/nmlHxDKRB22j1Pb7bR12g=; b=K8RaS5ByPOX9LIk6r5gTcY+siD+/wq7CeE7sVDf/Cl+5Z5BXSsvEtsGbHGSXtkSdaGqjnN NUQX9us3er0NMeJedBMHmUspcflHOKh0B8jXzO/yQ4pwseYriZTFR4TlnJan/q0vKslYNG mHWP6pXQJlf+q9vOQgPZcXJorEIrntE= Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-297-LsEOl1s7MZ6ArUkmdlJCHg-1; Mon, 30 Oct 2023 08:52:10 -0400 X-MC-Unique: LsEOl1s7MZ6ArUkmdlJCHg-1 Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-671ab3dab3cso21612146d6.2 for ; Mon, 30 Oct 2023 05:52:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698670329; x=1699275129; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aOh9FhNMKRoFlF12IRMO1/nmlHxDKRB22j1Pb7bR12g=; b=HE9rIzfAa7OYFXWEw2Mk3zWv0wqn1F0YdvKmN81o0gpAF/qQEkH95xx9qILNzaQQCx xQ7dMZzmK80QiYorsGIDO4/FHbx0MbVC5kxYwOpVBdWMBTwYQ4TWKkL5AH/3mCCKIix/ 5L5Px7hzqbCO/Npn2eyqv3abfNKfjRBc3Ih9H+8c8odbfvaHodNmSrdtOgIRk0fUFXpL NGB9MAOQSxhlQ6NapRSvV53y0WPlKljz16U77KhPS1L2cydit6h/eUnbiNbbyZSSiBvq 5gezX+Db/jqzcaobSvRhkS6u+nY0wzu5FtqAhJq46DoZYFKFQzVtkH50o8Y/hqV5QBNB KqZQ== X-Gm-Message-State: AOJu0Yy/VW4w2qmQuEEy+UiMrKy6sc8uxLTw3e1uSKwphnZs/tPGPSKf qLXvACLqb3o7mRNkGZK5FJtdVVM5Fc1x9RfenK9aKfcOH4PadZzHdQI05ng/DOruAbnqq6Smy/v 0+wnwCRAPw5KtdB3QfuwIP4lERDvK X-Received: by 2002:a05:6214:624:b0:671:560f:32fa with SMTP id a4-20020a056214062400b00671560f32famr6208034qvx.40.1698670328988; Mon, 30 Oct 2023 05:52:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE3HFwisNYCc19e2gJf5ewoxeK3EFh+NSjsqNHm+OGqc9JsNj3c7quth3L+oprLFiniP5xRrA== X-Received: by 2002:a05:6214:624:b0:671:560f:32fa with SMTP id a4-20020a056214062400b00671560f32famr6208021qvx.40.1698670328673; Mon, 30 Oct 2023 05:52:08 -0700 (PDT) Received: from [192.168.0.241] ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id p2-20020ac87402000000b0041cbf113c28sm3373555qtq.40.2023.10.30.05.52.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Oct 2023 05:52:08 -0700 (PDT) Message-ID: <9aad915e-a48a-107c-861b-22357f412da5@redhat.com> Date: Mon, 30 Oct 2023 08:52:07 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH v2 0/2] Remove libcrypt support To: Adhemerval Zanella , libc-alpha@sourceware.org, Zack Weinberg References: <20231002121149.2325402-1-adhemerval.zanella@linaro.org> From: Carlos O'Donell Organization: Red Hat In-Reply-To: <20231002121149.2325402-1-adhemerval.zanella@linaro.org> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-9.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 10/2/23 08:11, Adhemerval Zanella wrote: > The libcrypt is no longer built by default since 2.38, it lacks > support for newer password hashing schmes, and the code has some > code issues (like extensive use of alloca, where not all > architectures have stack haderning support). > > libxcrypt [1] provides full support along with ABI compatbility, > meaning it is a drop-in replacement without the need to either > code changes or rebuilding. It is also provided with a similar > licensing (LGPL 2.1). Downstream Fedora has been using libxcrypt since Fedora 28: https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt Since 2018 (glibc 2.27) Fedora has been using libxcrypt. Over the last 5 years we haven't had any problems with libcrypt. The direction this series takes is the right direction, which is to remove all of the extra interfaces from glibc which are not a part of the core C library and which can and should evolve at a different speed, and possibly with their own security policy. Reviewed-by: Carlos O'Donell > [1] https://github.com/besser82/libxcrypt > > Adhemerval Zanella (2): > sparc: Remove optimize md5, sha256, and sha512 > crypt: Remove libcrypt support > > CONTRIBUTED-BY | 15 - > INSTALL | 13 - > Makeconfig | 5 - > NEWS | 16 +- > SHARED-FILES | 2 - > config.make.in | 4 - > configure | 126 --- > configure.ac | 65 -- > conform/Makefile | 5 - > crypt/Makefile | 69 -- > crypt/README.ufc-crypt | 135 --- > crypt/Versions | 5 - > crypt/badsalttest.c | 54 - > crypt/cert.c | 135 --- > crypt/cert.input | 171 ---- > crypt/crypt-entry.c | 183 ---- > crypt/crypt-private.h | 76 -- > crypt/crypt.c | 115 --- > crypt/crypt.h | 70 -- > crypt/crypt_util.c | 946 ------------------ > crypt/md5-crypt.c | 331 ------ > crypt/md5c-test.c | 18 - > crypt/md5test-giant.c | 137 --- > crypt/md5test.c | 53 - > crypt/sha256-block.c | 98 -- > crypt/sha256-crypt.c | 423 -------- > crypt/sha256.c | 193 ---- > crypt/sha256.h | 69 -- > crypt/sha256c-test.c | 61 -- > crypt/sha256test.c | 102 -- > crypt/sha512-block.c | 105 -- > crypt/sha512-crypt.c | 445 -------- > crypt/sha512.c | 221 ---- > crypt/sha512.h | 72 -- > crypt/sha512c-test.c | 63 -- > crypt/sha512test.c | 113 --- > crypt/speeds.c | 153 --- > crypt/ufc-crypt.h | 28 - > crypt/ufc.c | 54 - > elf/Makefile | 38 - > elf/tst-linkall-static.c | 6 - > include/crypt.h | 3 - > locale/Makefile | 4 +- > locale/programs/locarchive.c | 2 +- > locale/programs/locfile.c | 2 +- > {crypt => locale/programs}/md5-block.c | 0 > {crypt => locale/programs}/md5.c | 104 +- > {crypt => locale/programs}/md5.h | 46 +- > manual/contrib.texi | 2 +- > manual/crypt.texi | 234 +---- > manual/examples/genpass.c | 59 -- > manual/examples/testpass.c | 67 -- > manual/users.texi | 4 +- > posix/unistd.h | 10 - > scripts/build-many-glibcs.py | 9 +- > scripts/documented.sh | 2 +- > shlib-versions | 3 - > stdio-common/Versions | 2 - > sysdeps/generic/fips-private.h | 36 - > sysdeps/generic/libcrypt.abilist | 0 > sysdeps/mach/Makefile | 4 +- > sysdeps/mach/hurd/i386/libcrypt.abilist | 7 - > sysdeps/mach/hurd/x86_64/libcrypt.abilist | 2 - > .../sparc/sparc32/sparcv9/multiarch/Makefile | 8 - > .../sparc32/sparcv9/multiarch/md5-block.c | 1 - > .../sparc32/sparcv9/multiarch/md5-crop.S | 1 - > .../sparc32/sparcv9/multiarch/sha256-block.c | 1 - > .../sparc32/sparcv9/multiarch/sha256-crop.S | 1 - > .../sparc32/sparcv9/multiarch/sha512-block.c | 1 - > .../sparc32/sparcv9/multiarch/sha512-crop.S | 1 - > sysdeps/sparc/sparc64/multiarch/Makefile | 8 - > sysdeps/sparc/sparc64/multiarch/md5-block.c | 29 - > sysdeps/sparc/sparc64/multiarch/md5-crop.S | 109 -- > .../sparc/sparc64/multiarch/sha256-block.c | 32 - > sysdeps/sparc/sparc64/multiarch/sha256-crop.S | 100 -- > .../sparc/sparc64/multiarch/sha512-block.c | 32 - > sysdeps/sparc/sparc64/multiarch/sha512-crop.S | 130 --- > .../unix/sysv/linux/aarch64/libcrypt.abilist | 7 - > .../unix/sysv/linux/alpha/libcrypt.abilist | 7 - > sysdeps/unix/sysv/linux/alpha/shlib-versions | 1 - > sysdeps/unix/sysv/linux/arc/libcrypt.abilist | 2 - > sysdeps/unix/sysv/linux/arm/Makefile | 4 - > .../unix/sysv/linux/arm/be/libcrypt.abilist | 7 - > .../unix/sysv/linux/arm/le/libcrypt.abilist | 7 - > sysdeps/unix/sysv/linux/csky/libcrypt.abilist | 2 - > sysdeps/unix/sysv/linux/fips-private.h | 74 -- > sysdeps/unix/sysv/linux/hppa/libcrypt.abilist | 7 - > sysdeps/unix/sysv/linux/i386/libcrypt.abilist | 7 - > sysdeps/unix/sysv/linux/ia64/libcrypt.abilist | 7 - > .../linux/loongarch/lp64/libcrypt.abilist | 2 - > .../sysv/linux/m68k/coldfire/libcrypt.abilist | 7 - > .../sysv/linux/m68k/m680x0/libcrypt.abilist | 7 - > .../sysv/linux/microblaze/be/libcrypt.abilist | 7 - > .../sysv/linux/microblaze/le/libcrypt.abilist | 7 - > .../sysv/linux/mips/mips32/libcrypt.abilist | 7 - > .../sysv/linux/mips/mips64/libcrypt.abilist | 7 - > .../unix/sysv/linux/nios2/libcrypt.abilist | 7 - > sysdeps/unix/sysv/linux/or1k/libcrypt.abilist | 2 - > .../linux/powerpc/powerpc32/libcrypt.abilist | 7 - > .../powerpc/powerpc64/be/libcrypt.abilist | 7 - > .../powerpc/powerpc64/le/libcrypt.abilist | 7 - > .../sysv/linux/riscv/rv32/libcrypt.abilist | 2 - > .../sysv/linux/riscv/rv64/libcrypt.abilist | 7 - > .../sysv/linux/s390/s390-32/libcrypt.abilist | 7 - > .../sysv/linux/s390/s390-64/libcrypt.abilist | 7 - > .../unix/sysv/linux/sh/be/libcrypt.abilist | 7 - > .../unix/sysv/linux/sh/le/libcrypt.abilist | 7 - > .../sysv/linux/sparc/sparc32/libcrypt.abilist | 7 - > .../sysv/linux/sparc/sparc64/libcrypt.abilist | 7 - > .../sysv/linux/x86_64/64/libcrypt.abilist | 7 - > .../sysv/linux/x86_64/x32/libcrypt.abilist | 7 - > 111 files changed, 61 insertions(+), 6259 deletions(-) > delete mode 100644 crypt/Makefile > delete mode 100644 crypt/README.ufc-crypt > delete mode 100644 crypt/Versions > delete mode 100644 crypt/badsalttest.c > delete mode 100644 crypt/cert.c > delete mode 100644 crypt/cert.input > delete mode 100644 crypt/crypt-entry.c > delete mode 100644 crypt/crypt-private.h > delete mode 100644 crypt/crypt.c > delete mode 100644 crypt/crypt.h > delete mode 100644 crypt/crypt_util.c > delete mode 100644 crypt/md5-crypt.c > delete mode 100644 crypt/md5c-test.c > delete mode 100644 crypt/md5test-giant.c > delete mode 100644 crypt/md5test.c > delete mode 100644 crypt/sha256-block.c > delete mode 100644 crypt/sha256-crypt.c > delete mode 100644 crypt/sha256.c > delete mode 100644 crypt/sha256.h > delete mode 100644 crypt/sha256c-test.c > delete mode 100644 crypt/sha256test.c > delete mode 100644 crypt/sha512-block.c > delete mode 100644 crypt/sha512-crypt.c > delete mode 100644 crypt/sha512.c > delete mode 100644 crypt/sha512.h > delete mode 100644 crypt/sha512c-test.c > delete mode 100644 crypt/sha512test.c > delete mode 100644 crypt/speeds.c > delete mode 100644 crypt/ufc-crypt.h > delete mode 100644 crypt/ufc.c > delete mode 100644 include/crypt.h > rename {crypt => locale/programs}/md5-block.c (100%) > rename {crypt => locale/programs}/md5.c (65%) > rename {crypt => locale/programs}/md5.h (74%) > delete mode 100644 manual/examples/genpass.c > delete mode 100644 manual/examples/testpass.c > delete mode 100644 sysdeps/generic/fips-private.h > delete mode 100644 sysdeps/generic/libcrypt.abilist > delete mode 100644 sysdeps/mach/hurd/i386/libcrypt.abilist > delete mode 100644 sysdeps/mach/hurd/x86_64/libcrypt.abilist > delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/md5-block.c > delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/md5-crop.S > delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha256-block.c > delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha256-crop.S > delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha512-block.c > delete mode 100644 sysdeps/sparc/sparc32/sparcv9/multiarch/sha512-crop.S > delete mode 100644 sysdeps/sparc/sparc64/multiarch/md5-block.c > delete mode 100644 sysdeps/sparc/sparc64/multiarch/md5-crop.S > delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha256-block.c > delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha256-crop.S > delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha512-block.c > delete mode 100644 sysdeps/sparc/sparc64/multiarch/sha512-crop.S > delete mode 100644 sysdeps/unix/sysv/linux/aarch64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/alpha/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/arc/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/arm/be/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/arm/le/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/csky/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/fips-private.h > delete mode 100644 sysdeps/unix/sysv/linux/hppa/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/i386/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/ia64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/loongarch/lp64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/m68k/coldfire/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/m68k/m680x0/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/microblaze/be/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/microblaze/le/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/mips/mips32/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/mips/mips64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/nios2/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/or1k/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/riscv/rv32/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/riscv/rv64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-32/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/s390/s390-64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/sh/be/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/sh/le/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/sparc/sparc32/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/sparc/sparc64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/x86_64/64/libcrypt.abilist > delete mode 100644 sysdeps/unix/sysv/linux/x86_64/x32/libcrypt.abilist > -- Cheers, Carlos.