Hey all,
As part of the discussion going on about Mesa on devel@, the situation around OpenSSL was brought up, and Adam Williamson brought up that we might not need to hobble OpenSSL anymore[1]. A quick check seems to indicate we no longer do it for GnuTLS either, and haven't for many years[2].
Could we just drop all this stuff and use pristine OpenSSL sources? All the crypto algorithm usability stuff is controlled through crypto-policies, so I don't think it makes sense to do this anymore for OpenSSL since all the patents indicated in the script have expired for a couple of years now[3].
Dropping this will eliminate a chunk of cruft that nobody needs around anymore and simplify OpenSSL maintenance.
[1]: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/... [2]: https://src.fedoraproject.org/rpms/gnutls/c/46d865d8451be0f4576dcc56841175a9... [3]: https://src.fedoraproject.org/rpms/openssl//blob/rawhide/f/hobble-openssl
Hi Neal,
Thanks for raising this here. I saw some of the thread on devel, but when thread get long, it's sometimes hard to know what the specific ask is.
To that end, could you provide a bit of a description as to what is currently being done in terms of "hobbling" OpenSSL? Just a high-level description would be helpful for context and a reminder as to the current state.
Also, am I correct to assume that by "use pristine OpenSSL sources" - the desired outcome it to be able to package OpenSSL for Fedora straight from the upstream project without needing to remove something or otherwise modify the upstream source in order to package it for Fedora?
Keep in mind, while Richard and I have been trying to provide more timely responses to all the various license requests, etc. as of lately, this is not a question either of us can answer directly, so it may take a bit longer.
Thanks, Jilayne
On 9/29/22 11:37 AM, Neal Gompa wrote:
Hey all,
As part of the discussion going on about Mesa on devel@, the situation around OpenSSL was brought up, and Adam Williamson brought up that we might not need to hobble OpenSSL anymore[1]. A quick check seems to indicate we no longer do it for GnuTLS either, and haven't for many years[2].
Could we just drop all this stuff and use pristine OpenSSL sources? All the crypto algorithm usability stuff is controlled through crypto-policies, so I don't think it makes sense to do this anymore for OpenSSL since all the patents indicated in the script have expired for a couple of years now[3].
Dropping this will eliminate a chunk of cruft that nobody needs around anymore and simplify OpenSSL maintenance.
On Thu, Sep 29, 2022 at 7:57 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi Neal,
Thanks for raising this here. I saw some of the thread on devel, but when thread get long, it's sometimes hard to know what the specific ask is.
To that end, could you provide a bit of a description as to what is currently being done in terms of "hobbling" OpenSSL? Just a high-level description would be helpful for context and a reminder as to the current state.
The hobble-openssl script was designed to prune from the OpenSSL source code a number of cryptographic algorithms that were patent encumbered. Over the years, the script has been pruned of things to purge as patents expired. However, the remaining things the script indicates it prunes today all expired during the pandemic. Currently, it prunes Elliptic Curve Cryptography (ECC, or otherwise called EC crypto) code. The script documentation indicates the patents related to it expired in 2020, so we should be able to drop it entirely.
Also, am I correct to assume that by "use pristine OpenSSL sources" - the desired outcome it to be able to package OpenSSL for Fedora straight from the upstream project without needing to remove something or otherwise modify the upstream source in order to package it for Fedora?
Yes.
-- 真実はいつも一つ!/ Always, there's only one truth!
On Thu, Sep 29, 2022 at 9:31 PM Neal Gompa ngompa13@gmail.com wrote:
On Thu, Sep 29, 2022 at 7:57 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi Neal,
Thanks for raising this here. I saw some of the thread on devel, but when thread get long, it's sometimes hard to know what the specific ask is.
To that end, could you provide a bit of a description as to what is currently being done in terms of "hobbling" OpenSSL? Just a high-level description would be helpful for context and a reminder as to the current state.
The hobble-openssl script was designed to prune from the OpenSSL source code a number of cryptographic algorithms that were patent encumbered. Over the years, the script has been pruned of things to purge as patents expired. However, the remaining things the script indicates it prunes today all expired during the pandemic. Currently, it prunes Elliptic Curve Cryptography (ECC, or otherwise called EC crypto) code. The script documentation indicates the patents related to it expired in 2020, so we should be able to drop it entirely.
Also, am I correct to assume that by "use pristine OpenSSL sources" - the desired outcome it to be able to package OpenSSL for Fedora straight from the upstream project without needing to remove something or otherwise modify the upstream source in order to package it for Fedora?
Yes.
The same applies to nettle ... their "hobbling" script removes code for some elliptic curves, some of which are actually already enabled in OpenSSL. It would be great if nettle could use "un-hobbled" sources, as well.
For example, I need to manually patch the nettle bindings for Rust to remove wrappers for these functions ... they're not used by Sequoia OpenPGP, but it's still a lot of manual work for nothing.
Fabio
On Thu, Sep 29, 2022 at 3:45 PM Fabio Valentini decathorpe@gmail.com wrote:
On Thu, Sep 29, 2022 at 9:31 PM Neal Gompa ngompa13@gmail.com wrote:
On Thu, Sep 29, 2022 at 7:57 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi Neal,
Thanks for raising this here. I saw some of the thread on devel, but when thread get long, it's sometimes hard to know what the specific ask is.
To that end, could you provide a bit of a description as to what is currently being done in terms of "hobbling" OpenSSL? Just a high-level description would be helpful for context and a reminder as to the current state.
The hobble-openssl script was designed to prune from the OpenSSL source code a number of cryptographic algorithms that were patent encumbered. Over the years, the script has been pruned of things to purge as patents expired. However, the remaining things the script indicates it prunes today all expired during the pandemic. Currently, it prunes Elliptic Curve Cryptography (ECC, or otherwise called EC crypto) code. The script documentation indicates the patents related to it expired in 2020, so we should be able to drop it entirely.
Also, am I correct to assume that by "use pristine OpenSSL sources" - the desired outcome it to be able to package OpenSSL for Fedora straight from the upstream project without needing to remove something or otherwise modify the upstream source in order to package it for Fedora?
Yes.
The same applies to nettle ... their "hobbling" script removes code for some elliptic curves, some of which are actually already enabled in OpenSSL. It would be great if nettle could use "un-hobbled" sources, as well.
For example, I need to manually patch the nettle bindings for Rust to remove wrappers for these functions ... they're not used by Sequoia OpenPGP, but it's still a lot of manual work for nothing.
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages).
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com wrote:
On Thu, Sep 29, 2022 at 3:45 PM Fabio Valentini decathorpe@gmail.com wrote:
On Thu, Sep 29, 2022 at 9:31 PM Neal Gompa ngompa13@gmail.com wrote:
On Thu, Sep 29, 2022 at 7:57 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi Neal,
Thanks for raising this here. I saw some of the thread on devel, but when thread get long, it's sometimes hard to know what the specific ask is.
To that end, could you provide a bit of a description as to what is currently being done in terms of "hobbling" OpenSSL? Just a high-level description would be helpful for context and a reminder as to the current state.
The hobble-openssl script was designed to prune from the OpenSSL source code a number of cryptographic algorithms that were patent encumbered. Over the years, the script has been pruned of things to purge as patents expired. However, the remaining things the script indicates it prunes today all expired during the pandemic. Currently, it prunes Elliptic Curve Cryptography (ECC, or otherwise called EC crypto) code. The script documentation indicates the patents related to it expired in 2020, so we should be able to drop it entirely.
Also, am I correct to assume that by "use pristine OpenSSL sources" - the desired outcome it to be able to package OpenSSL for Fedora straight from the upstream project without needing to remove something or otherwise modify the upstream source in order to package it for Fedora?
Yes.
The same applies to nettle ... their "hobbling" script removes code for some elliptic curves, some of which are actually already enabled in OpenSSL. It would be great if nettle could use "un-hobbled" sources, as well.
For example, I need to manually patch the nettle bindings for Rust to remove wrappers for these functions ... they're not used by Sequoia OpenPGP, but it's still a lot of manual work for nothing.
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote:
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com wrote:
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora
In netle dist-git:
commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno dueno@redhat.com Date: Thu Aug 22 14:25:26 2024 +0900
Switch from hobbling to patching to disable algorithms
Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to include the algorithm implementation in the source package, though we still want to disable them at build time.
This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify.
Signed-off-by: Daiki Ueno dueno@redhat.com
And in openssl dist-git:
commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad sahana@redhat.com Date: Tue Mar 14 17:07:58 2023 +0100
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672
Signed-off-by: Sahana Prasad sahana@redhat.com
With regards, Daniel
On Tue, Sep 10, 2024 at 12:20 PM Daniel P. Berrangé berrange@redhat.com wrote:
On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote:
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com wrote:
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora
In netle dist-git:
commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno dueno@redhat.com Date: Thu Aug 22 14:25:26 2024 +0900
Switch from hobbling to patching to disable algorithms Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to include the algorithm implementation in the source package, though we still want to disable them at build time. This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify. Signed-off-by: Daiki Ueno <dueno@redhat.com>
And in openssl dist-git:
commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad sahana@redhat.com Date: Tue Mar 14 17:07:58 2023 +0100
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672 Signed-off-by: Sahana Prasad <sahana@redhat.com>
Right, but that's still hobbling by other means. I'm asking for us to consider not doing even *that* anymore.
On Tue, Sep 10, 2024 at 12:26:02PM +0200, Neal Gompa wrote:
On Tue, Sep 10, 2024 at 12:20 PM Daniel P. Berrangé berrange@redhat.com wrote:
On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote:
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com wrote:
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora
In netle dist-git:
commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno dueno@redhat.com Date: Thu Aug 22 14:25:26 2024 +0900
Switch from hobbling to patching to disable algorithms Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to include the algorithm implementation in the source package, though we still want to disable them at build time. This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify. Signed-off-by: Daiki Ueno <dueno@redhat.com>
And in openssl dist-git:
commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad sahana@redhat.com Date: Tue Mar 14 17:07:58 2023 +0100
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672 Signed-off-by: Sahana Prasad <sahana@redhat.com>
Right, but that's still hobbling by other means. I'm asking for us to consider not doing even *that* anymore.
Ah ok, so you want Fedora to build & ship all algorithms that are implemented by upstream, with no downstream filtering. ie no hobbling source tarballs, no applying source patches, no disabling via configure time build args ?
With regards, Daniel
On Tue, Sep 10, 2024, 12:39 PM Daniel P. Berrangé berrange@redhat.com wrote:
On Tue, Sep 10, 2024 at 12:26:02PM +0200, Neal Gompa wrote:
On Tue, Sep 10, 2024 at 12:20 PM Daniel P. Berrangé berrange@redhat.com
wrote:
On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote:
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com
wrote:
I'm bumping this thread again to ask if we can make everyone's
lives
easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people
(such
as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora
In netle dist-git:
commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno dueno@redhat.com Date: Thu Aug 22 14:25:26 2024 +0900
Switch from hobbling to patching to disable algorithms Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to
include
the algorithm implementation in the source package, though we still want to disable them at build time. This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify. Signed-off-by: Daiki Ueno <dueno@redhat.com>
And in openssl dist-git:
commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad sahana@redhat.com Date: Tue Mar 14 17:07:58 2023 +0100
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now
allowed to ship
the sources of patented EC curves, however it is still made
unavailable to use
by compiling with the 'no-ec2m' Configure option. The
additional forbidden
curves such as P-160, P-192, wap-tls curves are manually
removed by updating
0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of
replacing them.
- Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro
OPENSSL_NO_EC2M.
┊ Resolves: rhbz#2130618, rhbz#2141672 Signed-off-by: Sahana Prasad <sahana@redhat.com>
Right, but that's still hobbling by other means. I'm asking for us to consider not doing even *that* anymore.
Ah ok, so you want Fedora to build & ship all algorithms that are implemented by upstream, with no downstream filtering. ie no hobbling source tarballs, no applying source patches, no disabling via configure time build args ?
Yes, because all of it massively complicates stuff that builds on them, particularly binding modules to connect them to other language ecosystems.
On Tue, Sep 10, 2024 at 12:48:26PM +0200, Neal Gompa wrote:
On Tue, Sep 10, 2024, 12:39 PM Daniel P. Berrangé berrange@redhat.com wrote:
On Tue, Sep 10, 2024 at 12:26:02PM +0200, Neal Gompa wrote:
On Tue, Sep 10, 2024 at 12:20 PM Daniel P. Berrangé berrange@redhat.com
wrote:
On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote:
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com
wrote:
I'm bumping this thread again to ask if we can make everyone's
lives
easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people
(such
as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora
In netle dist-git:
commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno dueno@redhat.com Date: Thu Aug 22 14:25:26 2024 +0900
Switch from hobbling to patching to disable algorithms Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to
include
the algorithm implementation in the source package, though we still want to disable them at build time. This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify. Signed-off-by: Daiki Ueno <dueno@redhat.com>
And in openssl dist-git:
commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad sahana@redhat.com Date: Tue Mar 14 17:07:58 2023 +0100
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now
allowed to ship
the sources of patented EC curves, however it is still made
unavailable to use
by compiling with the 'no-ec2m' Configure option. The
additional forbidden
curves such as P-160, P-192, wap-tls curves are manually
removed by updating
0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of
replacing them.
- Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro
OPENSSL_NO_EC2M.
┊ Resolves: rhbz#2130618, rhbz#2141672 Signed-off-by: Sahana Prasad <sahana@redhat.com>
Right, but that's still hobbling by other means. I'm asking for us to consider not doing even *that* anymore.
Ah ok, so you want Fedora to build & ship all algorithms that are implemented by upstream, with no downstream filtering. ie no hobbling source tarballs, no applying source patches, no disabling via configure time build args ?
Yes, because all of it massively complicates stuff that builds on them, particularly binding modules to connect them to other language ecosystems.
Yep, it creates pain for us in virtualization world too where firmware like EDK2 embeds openssl and needs custom patching to adapt. So if it is practical to officially remove restrictions, I'd welcome it.
With regards, Daniel
On Tue, 2024-09-10 at 12:26 +0200, Neal Gompa wrote:
On Tue, Sep 10, 2024 at 12:20 PM Daniel P. Berrangé berrange@redhat.com wrote:
On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote:
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com wrote:
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora
In netle dist-git:
commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno dueno@redhat.com Date: Thu Aug 22 14:25:26 2024 +0900
Switch from hobbling to patching to disable algorithms
Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to include the algorithm implementation in the source package, though we still want to disable them at build time.
This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify.
Signed-off-by: Daiki Ueno dueno@redhat.com
And in openssl dist-git:
commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad sahana@redhat.com Date: Tue Mar 14 17:07:58 2023 +0100
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672
Signed-off-by: Sahana Prasad sahana@redhat.com
Right, but that's still hobbling by other means. I'm asking for us to consider not doing even *that* anymore.
In 2015-12-14 was written this [1] I don't see a way to workaround it
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c3 I would view enabling EC curves smaller than 256 bits as a security regression. So I am wontfixing this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c4 +1 to the WONTFIX
They are too weak to support. And since most applications have no way to control which ones are enabled, we would need to enable them by default too, that would be serious security regression (even 256 bit curves have a shadow of doubt on them).
Enabling them will bring serious security issues with little to no additional compatibility.
On Wed, Sep 11, 2024 at 4:18 PM Sérgio Basto sergio@serjux.com wrote:
In 2015-12-14 was written this [1] I don't see a way to workaround it
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c3 I would view enabling EC curves smaller than 256 bits as a security regression. So I am wontfixing this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c4 +1 to the WONTFIX
They are too weak to support. And since most applications have no way to control which ones are enabled, we would need to enable them by default too, that would be serious security regression (even 256 bit curves have a shadow of doubt on them).
Enabling them will bring serious security issues with little to no additional compatibility.
I don't understand this argument. We're talking mostly about making the build and maintenance of openssl easier. Even if these curves would be considered "too weak", they would just not be enabled in the default crypto policy.
Fabio
On Wed, Sep 11, 2024 at 03:01:56PM +0100, Sérgio Basto wrote:
On Tue, 2024-09-10 at 12:26 +0200, Neal Gompa wrote:
On Tue, Sep 10, 2024 at 12:20 PM Daniel P. Berrangé berrange@redhat.com wrote:
On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote:
On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa ngompa13@gmail.com wrote:
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages).
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora
In netle dist-git:
commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno dueno@redhat.com Date: Thu Aug 22 14:25:26 2024 +0900
Switch from hobbling to patching to disable algorithms
Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to include the algorithm implementation in the source package, though we still want to disable them at build time.
This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify.
Signed-off-by: Daiki Ueno dueno@redhat.com
And in openssl dist-git:
commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad sahana@redhat.com Date: Tue Mar 14 17:07:58 2023 +0100
- Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672
Signed-off-by: Sahana Prasad sahana@redhat.com
Right, but that's still hobbling by other means. I'm asking for us to consider not doing even *that* anymore.
In 2015-12-14 was written this [1] I don't see a way to workaround it
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c3 I would view enabling EC curves smaller than 256 bits as a security regression. So I am wontfixing this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c4 +1 to the WONTFIX
They are too weak to support. And since most applications have no way to control which ones are enabled, we would need to enable them by default too, that would be serious security regression (even 256 bit curves have a shadow of doubt on them).
The lack of application control over crypto is exactly why we have system crypto policies. Weak crypto is expected to be disabled in the default sytem policy, such that if an app is hardcoded to only support weak crypto, it is broken out of the box until the user chooses to switch to the (weak) legacy policy.
Enabling them will bring serious security issues with little to no additional compatibility.
It would not introduce security issues if they're disabled by the default crypto policy, requiring explicit user opt-in to enable.
With regards, Daniel
This thread doesn't talk about hobbling due to insecurity - it is about hobbling due to the algorithms being potentially patent encumbered. If this were just about if they are secure enough or not, that would be a FESCO/FPC decision for inclusion and not legal. Legal needs to respond saying the algorithms are able to be legally shipped.
Saying that, it seems they still haven't responded and it has been over 2 years since Matthew's response saying it is under investigation. Matthew, is it still under investigation? Can you ping someone/a team about this?
On Thu, Sep 29, 2022 at 07:37:33PM +0200, Neal Gompa wrote:
around OpenSSL was brought up, and Adam Williamson brought up that we might not need to hobble OpenSSL anymore[1]. A quick check seems to indicate we no longer do it for GnuTLS either, and haven't for many years[2].
I think this is apples and oranges? The gnutls change you link references SRP, which is mentioned as no longer removed in the openssl "hobble" script. The remaining question is the ECC stuff.
Which, to give an update: is still under investigation.
On Thu, Sep 29, 2022 at 7:59 PM Matthew Miller mattdm@fedoraproject.org wrote:
On Thu, Sep 29, 2022 at 07:37:33PM +0200, Neal Gompa wrote:
around OpenSSL was brought up, and Adam Williamson brought up that we might not need to hobble OpenSSL anymore[1]. A quick check seems to indicate we no longer do it for GnuTLS either, and haven't for many years[2].
I think this is apples and oranges? The gnutls change you link references SRP, which is mentioned as no longer removed in the openssl "hobble" script. The remaining question is the ECC stuff.
SRP was the last thing the script did. It used to do more. It obviously does nothing now.