This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
- From: Florian Weimer <fweimer at redhat dot com>
- To: Joseph Myers <joseph at codesourcery dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 1 Jun 2017 22:28:35 +0200
- Subject: Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com C056A20265
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C056A20265
- References: <79469eab-c809-a5b8-3297-2536320a834d@gmail.com> <CAKCAbMiRUozNA9UF5R0=8+-Gt9ShPBtMvFyxTswazu+q1J5kpw@mail.gmail.com> <8dcc3319-0ad0-5359-0ba2-d79e4edc317e@redhat.com> <alpine.DEB.2.20.1706011956511.27473@digraph.polyomino.org.uk>
On 06/01/2017 10:16 PM, Joseph Myers wrote:
> Using OpenSSL in a crypt implementation does of course bring in the same
> namespace issues as with NSS modules linked with external libraries.
That's why I want to build the replacement *from* (or as part of) a
cryptographic library, not using it. This way, the internal mechanics
can be hidden easily, and we still can use tried-and-test (and
optimized) implementations of the cryptographic primitives.
We may have a technical namespace violation with
pthread_mutex_lock/pthread_mutex_unlock if there is a PRNG for salt
generation, but I don't think that's particularly worrisome.
Thanks,
Florian