From owner-freebsd-security Sun May 2 9:46:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 797F514D9E for ; Sun, 2 May 1999 09:46:27 -0700 (PDT) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id SAA17858; Sun, 2 May 1999 18:46:26 +0200 (CEST) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id SAA33620; Sun, 2 May 1999 18:46:26 +0200 (MET DST) Date: Sun, 2 May 1999 18:46:25 +0200 From: Eivind Eklund To: Mark Murray Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <19990502184625.E32819@bitbox.follo.net> References: <21634.925539195@critter.freebsd.dk> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za> <19990502170929.B32819@bitbox.follo.net> <199905021541.RAA02885@greenpeace.grondar.za> <19990502181647.C32819@bitbox.follo.net> <199905021627.SAA03150@greenpeace.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <199905021627.SAA03150@greenpeace.grondar.za>; from Mark Murray on Sun, May 02, 1999 at 06:27:29PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, May 02, 1999 at 06:27:29PM +0200, Mark Murray wrote: > Eivind Eklund wrote: > > As for the libcrypto naming conflict - is the Kerberos libcrypto used > > by things outside Kerberos, or is it feasible to rename it? When I > > get around to integrating the signature support into pkg_* (I have > > code that work in a test environment, but haven't had time to > > integrate it), we'll need libcrypto from OpenSSL in order to support > > signatures - and renaming it in the port would IMO be fairly evil. > > Ditto for Kerberos, and Kerberos got there first :-) I know - I'm trying to find the lesser of the two evils. That's why I was asking if it was used outside of Kerberos itself. > How do your signatures work? Can you not just use the MD? and SHA > algorithms out of libmd? If not, can we not extend libmd? They use x.509 and the Sun package signature standard. As far as I remember, it would be possible to re-implement parts of the code based on something other than x.509 (e.g, DSA) and still be marginally compliant (no other tools would work, but the standard allows alternate signature algorithms, and signatures based on several public key system on the same package). However, that would be more work than I'll have time for in the forseeable future :-( The code was written with the assumption that we could make it work by just requiring the libcrypto from (then) SSLeay in order to actually do any signature checking by just opening it dynamically and check signatures if it was there. The signatures aren't "mine", BTW - the code was written by one of my co-workers (rmz@yes.no) on company time. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message