[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal and OpenSSL

On Thu, Jan 04, 2001 at 07:28:45PM +0100, GOMBAS Gabor wrote:
> On Thu, Jan 04, 2001 at 10:42:21AM -0600, Jacques A. Vidrine wrote:
> > The crypto APIs in Heimdal's libdes appear different from those
> > in OpenSSL, e.g. MD5Init versus MD5_Init.  Could I suggest the
> > following for hiemdal-0.3e?
> I argue against it: either leave lib/des alone so existing binaries using
> it will continue to work

I am not convinced that this would break any binaries.  In general,
applications do not call these APIs directly.

> or simply drop it and say "you need OpenSSL to build Heimdal". I
> have a near complete patch for building with either OpenSSL or the
> current lib/des; I'll post it if I finish sorting out my other
> changes.
> Your patch has other problems too:

No it doesn't.  My patch simply renames the APIs.  What you list below
seem to be what you think are problems with Heimdal/OpenSSL.
> 1. OpenSSL does not have des_new_random_key(), which Heimdal uses

The *BSD systems provide this in libcrypto.  One could always use the
one Heimdal provides on systems without it. 

> 2. It breaks on every operating system which do not have /dev/urandom
>    (see the OpenSSL sources); my patch has egd support too

What is `It' in the sentence above?

> I'm using Heimdal with OpenSSL since 0.2l or something so I would not mind
> dropping lib/des completely and depending on OpenSSL instead...

I don't really mind either way.
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org