[ANNOUNCE] ELL switching to new mailing list
by James Prestwood
Hello All,
ELL is swiching to a new mailing list: ell(a)lists.linux.dev. This list
is currently active and ready so any future patches, questions, or
comments can be sent there!
You might be wondering, why is this being done? The reason for this
change is to enable an automated CI for ELL to catch regressions, build
breaks, or any other issues which previously required manual testing.
You will see the CI results from you're changes in patchwork:
https://patchwork.kernel.org/project/ell/list/
Note the CI is still in a trial stage, so email notifications have been
disabled. You will not receive any notifications about test results but
know that maintainers are checking the results and will point you to
any problems that are found.
If you have any questions please don't hesitate to ask.
Thanks,
James
1 month, 1 week
[PATCH] build: Check for openssl legacy provider requirement
by Mat Martineau
OpenSSL 3 introduced some command line incompatibilities and removed
some old algorithms from the defaults. This broke some of the unit test
cert generation commands on distros like Ubuntu 22.04 and Fedora 36.
Detect support of "providers" by the system openssl command and insert
the necessary command line parameters to enable legacy algorithms for
openssl v3, but leave the commands unchanged for older openssl versions.
---
Tested on Ubuntu 22.04, Fedora 36, and Fedora 35.
---
Makefile.am | 26 ++++++++++++++++++--------
configure.ac | 3 +++
2 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index d8ba99caa47e..df99e0dfc6bc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -355,6 +355,12 @@ if GLIB
examples += examples/glib-eventloop
endif
+if OPENSSL_PROVIDER
+openssl_legacy = -provider legacy -provider default
+else
+openssl_legacy =
+endif
+
if MAINTAINER_MODE
noinst_PROGRAMS += $(examples)
endif
@@ -444,7 +450,8 @@ unit/cert-client-key-pkcs1.pem:
$(AM_V_GEN)openssl genrsa -out $@ $($(AM_V_P)_redirect_openssl)
unit/cert-client-key-pkcs1-des.pem: unit/cert-client-key-pkcs1.pem
- $(AM_V_GEN)openssl rsa -in $< -out $@ -des -passout pass:abc
+ $(AM_V_GEN)openssl rsa -in $< -out $@ -des -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs1-des3.pem: unit/cert-client-key-pkcs1.pem
$(AM_V_GEN)openssl rsa -in $< -out $@ -des3 -passout pass:abc
@@ -463,15 +470,18 @@ unit/cert-client-key-pkcs8.pem: unit/cert-client-key-pkcs1.pem
unit/cert-client-key-pkcs8-md5-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out $@ \
- -topk8 -v1 PBE-MD5-DES -passout pass:abc
+ -topk8 -v1 PBE-MD5-DES -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs8-sha1-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out $@ \
- -topk8 -v1 PBE-SHA1-DES -passout pass:abc
+ -topk8 -v1 PBE-SHA1-DES -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs8-v2-des.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out $@ \
- -topk8 -v2 des-cbc -v2prf hmacWithSHA1 -passout pass:abc
+ -topk8 -v2 des-cbc -v2prf hmacWithSHA1 -passout pass:abc \
+ $(openssl_legacy)
unit/cert-client-key-pkcs8-v2-des-ede3.pem: unit/cert-client-key-pkcs8.pem
$(AM_V_GEN)openssl pkcs8 -in $< -out $@ \
@@ -575,19 +585,19 @@ unit/cert-entity-pkcs12-nomac.p12: unit/cert-entity-int-key.pem unit/cert-entity
$(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -out $@ -export -passout pass:abc -nomac # defaut ciphers
unit/cert-entity-pkcs12-rc2-sha1.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out $@ -export -passout pass:abc -certpbe PBE-SHA1-RC2-40 -keypbe PBE-SHA1-RC2-128 -macalg sha1
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out $@ -export -passout pass:abc -certpbe PBE-SHA1-RC2-40 -keypbe PBE-SHA1-RC2-128 -macalg sha1 $(openssl_legacy)
unit/cert-entity-pkcs12-des-sha256.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
$(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out $@ -export -passout pass:abc -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-2DES -macalg sha256
unit/cert-entity-pkcs12-rc4-sha384.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out $@ -export -passout pass:abc -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC2-40 -macalg sha384
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out $@ -export -passout pass:abc -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC2-40 -macalg sha384 $(openssl_legacy)
unit/cert-entity-pkcs12-pkcs5-sha512.p12: unit/cert-entity-int-key.pem unit/cert-entity-int.pem unit/cert-chain.pem
- $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out $@ -export -passout pass:abc -certpbe des-cbc -keypbe des-cbc -macalg sha512
+ $(AM_V_GEN)openssl pkcs12 -inkey $< -in $(builddir)/unit/cert-entity-int.pem -certfile $(builddir)/unit/cert-chain.pem -out $@ -export -passout pass:abc -certpbe des-cbc -keypbe des-cbc -macalg sha512 $(openssl_legacy)
unit/cert-entity-combined.pem: unit/cert-entity-pkcs12-rc2-sha1.p12
- $(AM_V_GEN)openssl pkcs12 -in $< -out $@ -passin pass:abc -passout pass:abc
+ $(AM_V_GEN)openssl pkcs12 -in $< -out $@ -passin pass:abc -passout pass:abc $(openssl_legacy)
unit/key-plaintext.h: unit/plaintext.txt
$(AM_V_GEN)xxd -i < $< > $@
diff --git a/configure.ac b/configure.ac
index 62338079bc50..87894dba8a6b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -131,6 +131,9 @@ fi
AM_CONDITIONAL(DBUS_TESTS, test "${little_endian}" = "yes")
AM_CONDITIONAL(CERT_TESTS, test "${have_openssl}" = "yes")
+AM_CONDITIONAL(OPENSSL_PROVIDER, test "${have_openssl}" = "yes" &&
+ openssl list -providers > /dev/null 2>&1 )
+AC_SUBST(OPENSSL_PROVIDER)
AC_CONFIG_FILES(Makefile ell/ell.pc)
--
2.36.1
1 month, 2 weeks
[PATCH 01/14] netconfig: Reset {v4,v6}_configured to false on netconfig stop
by Andrew Zaborowski
---
ell/netconfig.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ell/netconfig.c b/ell/netconfig.c
index 2a1b3ed..5de5d74 100644
--- a/ell/netconfig.c
+++ b/ell/netconfig.c
@@ -1163,6 +1163,8 @@ LIB_EXPORT void l_netconfig_stop(struct l_netconfig *netconfig)
netconfig->v4_subnet_route = NULL;
netconfig->v4_default_route = NULL;
netconfig->v6_address = NULL;
+ netconfig->v4_configured = false;
+ netconfig->v6_configured = false;
l_dhcp_client_stop(netconfig->dhcp_client);
l_dhcp6_client_stop(netconfig->dhcp6_client);
--
2.34.1
2 months
[PATCH 1/3] acd: Emit event as the last statement in handler
by Andrew Zaborowski
Move l_acd_stop() to before the call to the event handler for
L_ACD_EVENT_LOST to allow the handler to free the l_acd instance if
needed.
---
ell/acd.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ell/acd.c b/ell/acd.c
index 2d84843..723ae17 100644
--- a/ell/acd.c
+++ b/ell/acd.c
@@ -317,12 +317,12 @@ static bool acd_read_handler(struct l_io *io, void *user_data)
if (acd->policy == L_ACD_DEFEND_POLICY_NONE) {
ACD_DEBUG("Conflict detected, giving up address");
+ l_acd_stop(acd);
+
if (acd->event_func)
acd->event_func(L_ACD_EVENT_LOST,
acd->user_data);
- l_acd_stop(acd);
-
break;
}
@@ -387,6 +387,8 @@ static bool acd_read_handler(struct l_io *io, void *user_data)
acd->timeout = NULL;
ACD_DEBUG("Lost address");
+ l_acd_stop(acd);
+
/*
* RFC 5227 Section 2.4(b)
* "if this is not the first conflicting ARP packet the host has seen,
@@ -398,8 +400,6 @@ static bool acd_read_handler(struct l_io *io, void *user_data)
if (acd->event_func)
acd->event_func(L_ACD_EVENT_LOST, acd->user_data);
- l_acd_stop(acd);
-
break;
}
--
2.34.1
2 months
[PATCH 1/2] cert-crypto: pragma false positive (-Wmaybe-uninitialized)
by James Prestwood
On musl-gcc 'bmpstring' was detected as maybe uninitialized. This
is actually a false positive since the usage is guarded by
if (p_len) but the compiler isn't aware. Pragma to ignore this
warning.
ell/cert-crypto.c: In function 'cert_pkcs12_pbkdf':
ell/cert-crypto.c:246:17: error: 'bmpstring' may be used uninitialized in this function [-Werror=maybe-uninitialized]
246 | explicit_bzero(bmpstring, passwd_len);
---
ell/cert-crypto.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ell/cert-crypto.c b/ell/cert-crypto.c
index cc312e2..e6e8876 100644
--- a/ell/cert-crypto.c
+++ b/ell/cert-crypto.c
@@ -236,6 +236,8 @@ uint8_t *cert_pkcs12_pbkdf(const char *password,
ptr += s_len + salt_len - j;
}
+_Pragma("GCC diagnostic push")
+_Pragma("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
if (p_len) {
for (j = passwd_len; j < p_len;
j += passwd_len, ptr += passwd_len)
@@ -246,6 +248,7 @@ uint8_t *cert_pkcs12_pbkdf(const char *password,
explicit_bzero(bmpstring, passwd_len);
l_free(bmpstring);
}
+_Pragma("GCC diagnostic pop")
key = l_malloc(key_len + hash->len);
--
2.34.1
2 months, 1 week