From owner-freebsd-arch Thu Aug 1 12:56:46 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18EB537B400 for ; Thu, 1 Aug 2002 12:56:42 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7685143E42 for ; Thu, 1 Aug 2002 12:56:41 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id D83DA9; Thu, 1 Aug 2002 14:56:40 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g71JueU4027196; Thu, 1 Aug 2002 14:56:40 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g71JueE1027195; Thu, 1 Aug 2002 14:56:40 -0500 (CDT) Date: Thu, 1 Aug 2002 14:56:40 -0500 From: "Jacques A. Vidrine" To: Terry Lambert Cc: Mikhail Teterin , Alexandr Kovalenko , arch@FreeBSD.ORG Subject: Re: OpenSSL vs. -lmd Message-ID: <20020801195640.GQ26797@madman.nectar.cc> References: <200207311641.g6VGfRWj099655@freefall.freebsd.org> <20020801143059.GA536@nevermind.kiev.ua> <200208011151.55478.mi+mx@aldan.algebra.com> <3D498FB4.6987B696@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D498FB4.6987B696@mindspring.com> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Aug 01, 2002 at 12:44:52PM -0700, Terry Lambert wrote: > Inclusion of OpenSSL in FreeBSD was probably a mistake, since > it was not brought in on a vendor branch, Er, it was. > and is so mixed up > in various code that it's hard to keep up with changes for > security updates. Updating it required only some very minor build-infrastructure changes outside of src/crypto/openssl. I'm not sure what you mean here. > As a matter of general principle, it seems to me that MD5 and > friends are unlikely to ever change functionally, OK. > whereas the > other things that come with the package can change rather > frequently, since they speak to policy. I don't understand. > Consider that it is very hard to use an updated OpenSSL (e.g. > 0.9.7-Beta or 0.9.6e) with FreeBSD these days. Hmm, all versions of FreeBSD have OpenSSL 0.9.6e. I haven't looked at 0.9.7 personally, but I can't imagine what would prevent one from using it on FreeBSD. > Also consider that it's hard to build a project whose code is > independent of FreeBSD itself, with all these interfaces in > the base OS by default. If I grasp what you mean: Only for lazy programmers who don't understand the interfaces that they are using. :-) > My recommendation is to keep the "md" library. It satisfies > the "mechanism, not policy" philosophy in a way that OpenSSL > does not. I'm not sure how providing duplicate implementations of the digest functions is useful or desirable. I'm in no hurry to ditch libmd, but I do hope to get around to it someday. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message