New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get rid of dependencies to OpenSSL/LibreSSL/WhateverSSL #2356
Comments
I wonder how hard it would be to instead fully DROP all OpenSSL/LibreSSL/CommonCrypto dependencies and just implement everything needed instead. Hashcat (and old CPU Hashcat) does so, I'm pretty sure. We already have MD4, MD5, SHA-1, RC4, DES, AES and whatnot. Nearly everything exist as perfectly fine and free RFC code we can just nick. |
That is what the 'other bug' (not searching right now), asks to do. It does not ask to 'drop' ossl, and I do not think we should. Having oSSL 'available' is much easier for people submitting code. Once they submit, then all we do is port it into our own primatives. We have almost all of libssl and libcrypto. BUT we do not have some of the other high level stuff. |
The 'insert' of oSSL code/project/snippets into john tree was just an interim work around to get a 'stable' ossl version, UNTIL we implement all that is required (high level shit). |
TBH we get about three format submissions a year (a really good year). It's not going to make any difference if we start saying they can't use OpenSSL. |
JFTR, #1686 is (I assume) the other issue Jim referred to. |
Yes, that is the one. Most of the low fruit (at the time) has been picked already. |
It did list EVP crap and other stuff but not, for example, the high-level DSA crap in gpg_common_plug.c which is what currently breaks a build against OpenSSL 1.1.0. So I think that hasn't even been looked at. It may be trivial, or maybe not. |
Originally that was on my list. I dropped it, as it did not appear to be trivial at all. |
I started a branch (not pushed anywhere yet) that doesn't use OpenSSL but the penalty for MD4/5 and SHA-1/SHA-512 is more significant than I would have thought (I think OpenSSL use assembler for x86). OTOH that was obviously a non-SIMD build so maybe it's worth it anyway (and anyone is free to improve our in-tree code). Once complete, I will push it as a PR and then we'll see if we want to merge it to bleeding-jumbo or keep it a fork (which will get stale)... |
See #2355 for more explanation. Right now, this is just a place holder issue. It needs a lot of fore thought, and can not simply be jumped into.
The text was updated successfully, but these errors were encountered: