Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Builds without OpenSSL #2

Closed
vks opened this issue Mar 13, 2019 · 6 comments
Closed

Builds without OpenSSL #2

vks opened this issue Mar 13, 2019 · 6 comments

Comments

@vks
Copy link
Contributor

vks commented Mar 13, 2019

It would be nice to have to build ffsend using ring instead of OpenSSL. This would likely simplify the build on Windows and use a more minimal crypto library.

As far as I can see, this requires the following changes:

  • Make reqwest use rustls:
diff --git a/Cargo.toml b/Cargo.toml
index ad5df53..f6259c1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -48,7 +48,7 @@ mime = "0.3.12" # same as reqwest
 mime_guess = "2.0.0-alpha.4"
 openssl = "0.10"
 regex = "1.1"
-reqwest = "0.9.2"
+reqwest = { version = "0.9.2", features = ["rustls"] }
 serde = "1.0"
 serde_derive = "1.0"
 serde_json = "1.0"
  • Port random data generation to ring.
  • Port signing to ring.
  • Port encryption to ring.

The last part is likely the most tedious.
@timvisee
Copy link
Owner

timvisee commented Mar 13, 2019
edited

I've tried this before but canceled it because it was too much work.

I'm in for it though, implementing this would be awesome! I think the requirements you mentioned are spot on. The crypto logic is currently isolated quite well in the src/crypto directory.

Currently I want to focus on other things first, and might start with this at a later time. Working on a ring branch along with master to slowly implement ringsupport would probably be a good idea. I'd like to emphasize that I would prefer supporting both crypto backends, togglable using a compiler feature flag.

If there's someone else that wants to start with this, go for it!

@timvisee
Copy link
Owner

I've created the following issue for this: https://gitlab.com/timvisee/ffsend-api/issues/6

Work will be made in the crypto-ring branch.

@vks
Copy link
Contributor Author

vks commented Mar 14, 2019

Thanks for the follow up! I ported some parts to ring on my branch, you might want to use that:

@timvisee
Copy link
Owner

Awesome, thanks for your changes! This looks perfect.

I would like to note that the primary repository is on GitLab infact, this repository on GIthub is just a mirror (the crypto-ring branch is only on GitLab). I'll probably merge your changes over there.

I'll be sure to take a look into this later this day after work.

@timvisee
Copy link
Owner

I've implemented your changes in crypto-ring with conditional compilation (to support both back-ends).

Now, what's left is some cryptography using openssl in src/pipe/crypto/:

image

@timvisee
Copy link
Owner

This has now been implemented. Ring is now used as default crypto backend.

This is released as part of v0.6.0.

See the issue over on GitLab for more details: https://gitlab.com/timvisee/ffsend-api/-/issues/6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vks @timvisee