Current status of --enable-crypto

Gary E. Miller gem at rellim.com
Fri Jan 27 18:37:53 UTC 2017


Yo Mark!

On Fri, 27 Jan 2017 18:14:15 +0000
Mark Atwood <fallenpegasus at gmail.com> wrote:

> If we are going to have an SSL dependency, I have a pretty strong
> preference towards WolfSSL

It may be the best, but it is not in Gentoo.  I suspect few distros have
it.  As we see from the libsodium mess, using non standard libs is a
massive increase in difficulty.

> if we are going to have an OpenSSL dependency, it needs to be to the
> latest stable OpenSSL release.

We gotta support what crap users have.

> What would be using an SSL library for, that libsodium does not
> already provide?

That really needs an audit.  waf seems to check for a lot of openssl stuff
that is never used.

My quick check shows md5 and sha1.

And even though --enable-crypto is gone, there are still a lot of 
#ifdef HAVE_OPENSSL around.

> What all are we using libsodium right now for?

We use libsodium to read /dev/random, or whatever equivalanet the OS
has.  libsodium does not support md5 or sha1.

OTOH, openssl does have RAND_bytes().  Why do we not use that, and get rid
of libsodium?  Most projects consider it good enough.

And, don't forget, libisc is still in the tree with its own copies of
md5 and sha1.  Nuke it!

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170127/ea15c676/attachment.bin>


More information about the devel mailing list