Re: heimdal and OpenSSL

["Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>]

At 01:07 PM 1/4/01 -0600, Jacques A. Vidrine wrote:
>On Thu, Jan 04, 2001 at 07:28:45PM +0100, GOMBAS Gabor wrote:
>> On Thu, Jan 04, 2001 at 10:42:21AM -0600, Jacques A. Vidrine wrote:
>> > The crypto APIs in Heimdal's libdes appear different from those
>> > in OpenSSL, e.g. MD5Init versus MD5_Init.  Could I suggest the
>> > following for hiemdal-0.3e?
>> 
>> I argue against it: either leave lib/des alone so existing binaries using
>> it will continue to work
>
>I am not convinced that this would break any binaries.  In general,
>applications do not call these APIs directly.

Don't be so sure. 


>> or simply drop it and say "you need OpenSSL to build Heimdal". I
>> have a near complete patch for building with either OpenSSL or the
>> current lib/des; I'll post it if I finish sorting out my other
>> changes.
>>
>> Your patch has other problems too:
>
>No it doesn't.  My patch simply renames the APIs.  What you list below
>seem to be what you think are problems with Heimdal/OpenSSL.
> 
>> 1. OpenSSL does not have des_new_random_key(), which Heimdal uses
>
>The *BSD systems provide this in libcrypto.  One could always use the
>one Heimdal provides on systems without it. 
>
>> 2. It breaks on every operating system which do not have /dev/urandom
>>    (see the OpenSSL sources); my patch has egd support too
>
>What is `It' in the sentence above?
>
>> I'm using Heimdal with OpenSSL since 0.2l or something so I would not mind
>> dropping lib/des completely and depending on OpenSSL instead...
>
>I don't really mind either way.
>-- 
>Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org