From owner-freebsd-arch@FreeBSD.ORG  Thu May 15 11:18:38 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A90337B401
	for <arch@freebsd.org>; Thu, 15 May 2003 11:18:38 -0700 (PDT)
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8632243F3F
	for <arch@freebsd.org>; Thu, 15 May 2003 11:18:37 -0700 (PDT)
	(envelope-from mark@grondar.org)
Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1])
	by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h4FIIZgw085128;
	Thu, 15 May 2003 19:18:35 +0100 (BST)
	(envelope-from mark@grondar.org)
Received: (from Ugrondar@localhost)h4FIIZgV085127;
	Thu, 15 May 2003 19:18:35 +0100 (BST)
X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to
	mark@grondar.org using -f
Received: from grondar.org (localhost [127.0.0.1])h4FIK2gN027630;
	Thu, 15 May 2003 19:20:02 +0100 (BST)
	(envelope-from mark@grondar.org)
From: Mark Murray <mark@grondar.org>
Message-Id: <200305151820.h4FIK2gN027630@grimreaper.grondar.org>
To: Dag-Erling Smorgrav <des@ofug.org>
In-Reply-To: Your message of "Thu, 15 May 2003 16:20:08 +0200."
             <xzpr870mgvb.fsf@flood.ping.uio.no> 
Date: Thu, 15 May 2003 19:20:02 +0100
Sender: mark@grondar.org
cc: arch@freebsd.org
Subject: Re: NOCRYPT / NOSECURE 
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2003 18:18:38 -0000

Dag-Erling Smorgrav writes:
> I would therefore like to remove NOSECURE, preferably before 5.1.

I will applaud this!

> NO_OPENSSL is also a subset of NOCRYPT.  There is so little that
> builds with NO_OPENSSL but not with NOCRYPT that I think it might be
> worthwhile to deprecate NO_OPENSSL and change the description of
> NOCRYPT from "will prevent building of crypt versions" to "do not
> build crypto-related software"

I like this too.

> We also have something called libcipher which is only used by bdes(1);
> the OpenSSL distribution contains a similar and AFAIK compatible
> utility (src/crypto/openssl/crypto/des/des.c) which we don't currently
> build.  We should probably ditch both libcipher and bdes(1), and
> perhaps add OpenSSL's des(1) to the build if our users really want it,
> though 'ln -s /usr/bin/openssl /usr/bin/des' goes a long way.

If openssl's des(1) is the same as our bdes(1) (ie, gives the same results)
then I'm in support of this. I'd also approve of a wrapper script that
calls openssl(1) or des(1) and make a compatible bdes(1). Similar scripts
may be a good idea for md5(1) and sha1(1).

If folks don't shoot the idea down, I'm happy to help out.

M
--
Mark Murray
iumop ap!sdn w,I idlaH