Hello, with recent openssl vulnerabilities I have been looking a bit for all packages that actually depend on openssl and I have found that xorg-server has a dependency on openssl just for the SHA1 algorithm. The configure script help prints: --with-sha1= libc|libmd|libnettle|libgcrypt|libcrypto|libsha1|CommonCrypto|CryptoAPI choose SHA1 implementation It would be nice if I could choose from these with USE flags, istead of hard dependency on openssl. Reproducible: Always
The server's use of OpenSSL is strictly limited to this one file http://cgit.freedesktop.org/xorg/xserver/tree/os/xsha1.c#n223 In fact, nowhere else is the #include to be found. As bad as the SSL/TLS handling parts of OpenSSL may be, I've yet to hear horror stories about OpenSSL's libcrypto (which is where the SHA1 implementation is). Given the recent vulnerabilities in _all_ crypto libraries, I don't trust any of the offered choices more than I trust OpenSSL. So my initial reaction would be not to change anything. @security, you guys are probably better read than us mere mortals on the subject, what say you?
I still would like to have the ability to choose. Still, in the main package x_sha1_* are only used in HashGlyph http://cgit.freedesktop.org/xorg/xserver/tree/render/glyph.c#n164 and HashGlyph is only used in http://cgit.freedesktop.org/xorg/xserver/tree/render/render.c#n1084 It seems glyphs are stored in something like a hashmap, using sha1 as the hash. Using external crypto library for a hashmap is insane. I will try to ask xserver developers if it could not be done other way. Still, there is the possibility to use libnettle or libgcrypt.
There was a recent discussion about ssl related USE_EXPAND on the -dev mailing list. http://thread.gmane.org/gmane.linux.gentoo.devel/91280 I think it could be expanded to general crypto providers instead of just SSL, and then the xorg-server ebuild could be ported to that.
<security team member hat> There is nothing to do for security@. Xorg-server itself does not vulnerable to any stuff here. It's up to maintainer to decide how implement deps on crypto providers. But if they can do it, and this does not bloat user configurations, i am strongly suggest to do this. </security team member hat>
I'd maybe be receptive to patches (against xorg-server-9999.ebuild) that allow selection of the sha1 implementation, but I'm not interested in doing it myself.
Reopening as we consider adding libressl support in bug 561906, then we might as well go the whole way.
openssl and libressl are both options now.