From owner-freebsd-current@FreeBSD.ORG Mon May 21 19:37:40 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A34B16A49A for ; Mon, 21 May 2007 19:37:40 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 1326D13C4C6 for ; Mon, 21 May 2007 19:37:39 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mr2so.prod.shaw.ca (pd4mr2so-qfe3.prod.shaw.ca [10.0.141.213]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JIE00LPLMBJZUD0@l-daemon> for freebsd-current@freebsd.org; Mon, 21 May 2007 12:35:43 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd4mr2so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JIE0051MMBJ7WC1@pd4mr2so.prod.shaw.ca> for freebsd-current@freebsd.org; Mon, 21 May 2007 12:35:44 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0JIE009YPMBIVD70@l-daemon> for freebsd-current@freebsd.org; Mon, 21 May 2007 12:35:42 -0600 (MDT) Received: (qmail 66841 invoked from network); Mon, 21 May 2007 16:48:54 +0000 Received: from unknown (HELO hexahedron.daemonology.net) (127.0.0.1) by localhost with SMTP; Mon, 21 May 2007 16:48:54 +0000 Date: Mon, 21 May 2007 12:48:53 -0400 From: Colin Percival In-reply-to: <20070520184324.GA41576@xor.obsecurity.org> To: Kris Kennaway Message-id: <4651CD75.5090903@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.95.0 References: <20070520022722.1f5a0cda@kan.dnsalias.net> <465034CE.4060802@freebsd.org> <20070520184324.GA41576@xor.obsecurity.org> User-Agent: Thunderbird 2.0.0.0 (X11/20070511) Cc: FreeBSD Current Subject: Re: HEADS UP: OpenSSL problems after GCC 4.2 upgrade X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2007 19:37:40 -0000 Kris Kennaway wrote: > On Sun, May 20, 2007 at 07:45:18AM -0400, Colin Percival wrote: >> For the record (since I know several people were asking at BSDCan), this is >> a great example of why it makes sense to have libmd as well as libcrypto: A >> minimal hashing library which we maintain ourselves is far less likely to >> randomly break than a bloated^W more feature-complete library which is >> maintained outside of FreeBSD and occasionally imported onto a vendor branch. > > Well that's kind of a straw man because it's not actually what I > suggested. You're not the only person who was asking about libmd vs. libcrypto. There are two suggestions which come up frequently (including at bsdcan): 1. Kill libmd entirely and tell people to link to libcrypto instead. 2. Kill src/lib/libmd/*.c and build libmd from the C code in crypto/openssl. > I was advocating [option #2] > > At least the last time I looked at openssl this was possible, and one > ends up with something very similar to our current libmd, plus > additional bug fixes. Several reasons for not doing this come to mind: 1. It takes longer to fix bugs in contrib code (e.g., the current problem had to wait for our OpenSSL maintainer to return to .dk, while a bug in libmd could have been fixed immediately -- I don't think the current bug affects the hashing functions, but the point remains). 2. Importing a new version of OpenSSL is enough of a headache already without needing to make sure that everything is where libmd expects to find it and doesn't require any changes in the compile options. 3. The license on the current libmd code is more sane. I don't want to have to include "This product includes cryptographic software written by Eric Young