Date: Fri, 25 Feb 2000 01:42:50 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: Peter Wemm <peter@netplex.com.au> Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/lib Makefile src/secure/lib/libcrypto Makefile Makefile.inc Message-ID: <Pine.BSF.4.21.0002250130090.57682-100000@freefall.freebsd.org> In-Reply-To: <20000225092902.427131CD7@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 25 Feb 2000, Peter Wemm wrote: > Where does libRSAglue actually come from? The case where openssl is configured > for using RSAREF? Well, things using openssl now don't even have to know. > We can totally leave out -lrsaref and -lRSAglue now. If OpenSSL is built with -DRSAref then it builds libRSAglue which contains the wrapper functions for librsaref. I really don't know why it's done outside of libcrypto - functionally I couldn't find a reason for it (in my initial version I didn't have a librsaglue and everything was fully functional), but perhaps it was an old infrastructural wart of some kind. (Incidentally, if you build the official OpenSSL distribution with -DRSAref then it still compiles in the "native" RSA cryptographic primitives, they just don't get called by the main code. You can call them directly from your own code if you like, which seems to me to be rather bad from a legal standpoint :-) Our version doesn't have this problem..) Even though it's perfectly functional to have librsaglue inside libcrypto, ports assume they must link with librsaglue if they decide they're using rsaref - this is perfectly justified because the official OpenSSL works that way (and requires it). Unfortunately, there is no consistency in how they go about looking for rsaref, and without at least emulating it we'll break out-of-the-box compilation for lots of software. > I spoke with a few folks about making libRSAglue.a an empty stub file to > fix ports that use it. However, if they just left it out (and -lrsaref) > it would also work, even though libcrypto uses rsaref internally at runtime. > The ports shouldn't even need to know. Yes, but a lot of them explicitly look for librsaref.so and use that to decide whether they need librsaglue and librsaref. They dont need it for our version as of the past few days, but in practise they do because standard OpenSSL needs it. > So that brings me back to the question.. How do ports decide if they are going > to use -lrsaref and -lRSAglue? Using ./configure to test if -lcrypto works? > USA_RESIDENT? other? All of the above, plus more. > Anyway, making a fake libRSAglue.a will fix the ports although it'd be > better to fix the problem completely I think. We could make yet another pass over all of the openssl ports in the ports collection for the New Order, but it's an uphill job unless our openssl works "the same" as the standard one, i.e. has the same library semantics. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0002250130090.57682-100000>