Re: UPDATE security/scrypt

Sun, 12 Jan 2020 07:50:04 -0800 

On Sun, 12 Jan 2020 15:38:21 +0100
Björn Ketelaars wrote:

> On Thu 02/01/2020 06:27, Björn Ketelaars wrote:
> > On Wed 01/01/2020 23:03, Ted Unangst wrote:
> > > Björn Ketelaars wrote:
> > > > - When estimating the amount of available RAM, scrypt ignores
> > > >   RLIMIT_DATA on systems which have mmap.
> > > 
> > > This is wrong on OpenBSD. I sent an email to Colin, but the
> > > update should patch this out in the meantime.
> > 
> > Although I'm not doubting that you are right, I fail to understand
> > why ignoring RLIMIT_DATA on OpenBSD is bad. Could you explain why?
> > 
> > I prepared a patch, which:
> > - addresses ignoring RLIMIT DATA, reverting
> >   
> > https://github.com/Tarsnap/scrypt/commit/2b478e7ce590a6564d89417ddad4f3dd4bbdcaf6
> > - fixes compiling on base-gcc archs (found by kmos@)
> > 
> > OK?

It builds and works fine on powerpc (i tried with low limits as well).

COMPILER_LANGS values are by convention in lowercase. If you wonder,
it's still working fine uppercase :)

OK cwen@ either way

 
> Diff below for your convenience.
> 
> diff --git Makefile Makefile
> index 31dc84c3443..04b73ef02b3 100644
> --- Makefile
> +++ Makefile
> @@ -3,6 +3,7 @@
>  COMMENT =    command-line encryption using scrypt key derivation
> function 
>  DISTNAME =   scrypt-1.3.0
> +REVISION =   0
>  
>  SHARED_LIBS +=       scrypt-kdf                0.0 # 1.0
>  
> @@ -18,6 +19,9 @@ WANTLIB =   c crypto
>  MASTER_SITES =       ${HOMEPAGE}
>  EXTRACT_SUFX =       .tgz
>  
>
> +COMPILER =           base-clang ports-gcc
> +COMPILER_LANGS =     C
> +
>  CONFIGURE_STYLE =    gnu
>  CONFIGURE_ARGS =     --enable-libscrypt-kdf
>  
> diff --git patches/patch-lib_util_memlimit_c
> patches/patch-lib_util_memlimit_c new file mode 100644
> index 00000000000..788724aa76e
> --- /dev/null
> +++ patches/patch-lib_util_memlimit_c
> @@ -0,0 +1,24 @@
> +$OpenBSD$
> +
> +Do not ignore RLIMIT_DATA on OpenBSD. Revert
> +https://github.com/Tarsnap/scrypt/commit/2b478e7ce590a6564d89417ddad4f3dd4bbdcaf6
> +
> +Index: lib/util/memlimit.c
> +--- lib/util/memlimit.c.orig
> ++++ lib/util/memlimit.c
> +@@ -167,14 +167,12 @@ memlimit_rlimit(size_t * memlimit)
> +             memrlimit = (uint64_t)rl.rlim_cur;
> + #endif
> + 
> +-#ifndef HAVE_MMAP
> +-    /* ... RLIMIT_DATA (if we're not using mmap)... */
> ++    /* ... RLIMIT_DATA... */
> +     if (getrlimit(RLIMIT_DATA, &rl))
> +             return (1);
> +     if ((rl.rlim_cur != RLIM_INFINITY) &&
> +         ((uint64_t)rl.rlim_cur < memrlimit))
> +             memrlimit = (uint64_t)rl.rlim_cur;
> +-#endif
> + 
> +     /* ... and RLIMIT_RSS. */
> + #ifdef RLIMIT_RSS
>

Reply via email to