Date: Fri, 10 Mar 2023 10:45:02 -0800 From: Enji Cooper <yaneurabeya@gmail.com> To: Baptiste Daroussin <bapt@FreeBSD.org> Cc: "kevans@freebsd.org" <kevans@FreeBSD.org>, =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@freebsd.org>, "src-committers@freebsd.org" <src-committers@FreeBSD.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org> Subject: Re: git: e5dd5bfa55dc - main - pkg(7): now that we do use libmd, use it completly Message-ID: <3051E279-F8C3-4AF8-AD21-A6582F3C57D8@gmail.com> In-Reply-To: <202303092031.329KVbCG021742@gitrepo.freebsd.org> References: <202303092031.329KVbCG021742@gitrepo.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] > On Mar 9, 2023, at 12:31 PM, Baptiste Daroussin <bapt@FreeBSD.org> wrote: > > The branch main has been updated by bapt: > > URL: https://cgit.FreeBSD.org/src/commit/?id=e5dd5bfa55dc82686870330f547932486ba48db2 > > commit e5dd5bfa55dc82686870330f547932486ba48db2 > Author: Baptiste Daroussin <bapt@FreeBSD.org> > AuthorDate: 2023-03-09 20:29:15 +0000 > Commit: Baptiste Daroussin <bapt@FreeBSD.org> > CommitDate: 2023-03-09 20:31:30 +0000 > > pkg(7): now that we do use libmd, use it completly > > Use SHA256_Fd and SHA256_Data instead of home made equivalent. > wrap those functions into hash.c to avoid header collition between > openssl and libmd > > Suggested by: kevans Hi bapt@, Thank you for the quick build fix! - The Makefile wasn’t updated to use just libmd or libcrypto — it’s linking both today (there are other areas in base where this is present, though, so it’s less of an issue). - I don’t remember the details 100%, but I vaguely remember there being an effort in the past to avoid overlinking binaries with libmd and libcrypto. Some components like ntp for instance go out of their way to link one implementation or the other, not both. - The libmd library exports interfaces named like the OpenSSL 3 deprecated interfaces. Not sure if that’s going to cause issues in the future. - When going to OpenSSL 3, FreeBSD and third-parties will have access to a FIPS 140-3 certified crypto provider library — libmd doesn’t have that same guarantee. It would be good if the entire system was linked with either libcrypto or libmd so the crypto interface would be consistent across the board. I’m going to post an email to arch@ soon about the need for the OpenSSL 1.1 -> OpenSSL 3 import. I think some of these topics should be brought up as requirements/prerequisites for doing the work or considerations to make when doing it. What do you think? Cheers, -Enji [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtvtxN6kOllEF3nmX5JFNMZeDGN4FAmQLeq4ACgkQ5JFNMZeD GN6IUA/+NDQx/zXwHN1K4OF+3DrPA1izjDCKjzcRkQFRZPQ04L9XMh417hjgneqm nKI/MlirAhFKYWHikr1kxqzJpGRg1xB/M4f7elWLah5ULYFzxu+45Jz0TDyzaZa2 nRFfjg8myWJbIueDdJU5dEQalRRZkQBcxbmYprN9R7WY9AssPQXaPLE9N1B49EFT XL8pq+RNE3JkYA2rwQg4ZA1diVoyRdK+UoxeBzjnFtnnAG9NSVHxi4gAjbAKGQs6 svc4XBWTHgD1+isGHsjIXbI3Ndsv5ID6gLJAuIh/BgOiW8psj8PpcbX5b34WBaLR WiW4KO9dcHDw9HY6qAgYxufox/EknikwVEfy0bbM6bhLsfYx8CMGv+thjV+ftibx kI3RijRDW22iahw/RGMJQSqoUUCC8gZJosBMJ09Bz1I+AQ8HSHHAWaW9dYCSuOLX E9b/M/KVlST+3rg2E6M7+JiMRvJKUhUA2x/3fTagw2k4YV63zxZ+6UX0n+ZvvkUi XGUSk08iu/D1zdkvnafd3akWym2QL+pppyhQ7yWS1a/J/iuImpmB+F+lHmW5pjdO h5AQ3E+lCaF8IVA6yDE+Wpwr0vKdYT7D5fISI7Rf7Vy0qPDJHnIS0lPJ+SvYt7/k JBiGWIpiKzY04XPPSinecG0C9wdV37skISucZvlMY0C1JQ1pIew= =3MNl -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3051E279-F8C3-4AF8-AD21-A6582F3C57D8>