Hi Vladislav, Where is openssl version used anyway? Would it make sense to support multiple crypto libraries? Why is just nettle support inadequate? Our crypto team asked me, why is nettle used. It has no independent FIPS ceritification, so they would like to use different library, like gnutls or openssl. Is that similar reason to yours?
I would like to remove dependency on hashing function altogether. It is not required and slows down the requests handling process IMO. It should be required only when actual cryptography operations are needed. But lets postpone it after the security updates are solved and without regressions. I just did not think long about the name, CRYPTOHASH sound much better. Thanks! On 1/25/21 10:53 AM, Vladislav Grishenko wrote: > Hi, > >> Patch modified to keep backwards compatibility with HAVE_NETTLEHASH >> because, why not? and applied. Looks like a sensible idea. > > Indeed, much better. Thank you > > -- > Best Regards, Vladislav Grishenko > >> -----Original Message----- >> From: Dnsmasq-discuss <dnsmasq-discuss-boun...@lists.thekelleys.org.uk> On >> Behalf Of Simon Kelley >> Sent: Monday, January 25, 2021 3:15 AM >> To: dnsmasq-discuss@lists.thekelleys.org.uk >> Subject: Re: [Dnsmasq-discuss] [PATCH] Rename HAVE_NETTLEHASH to >> HAVE_CRYPTOHASH >> >> On 24/01/2021 14:30, Vladislav Grishenko wrote: >>> Hi, >>> >>> >>> >>> Commit 2024f9729713fd657d65e64c2e4e471baa0a3e5b "Support hash >> function >>> from nettle (only)" has introduced HAVE_NETTLEHASH option (thanks, > Petr!). >>> But, I think, there's no much sense to bind feature name to specific >>> cryptolib because this will require rename or introduce more similar >>> opts for some other cryptolib backend if/when it'll be available (for >>> example in my dnsmasq-openssl fork). >>> >>> If no objections, let's name it "cryptohash" early before 2.84 is out? >>> Sorry, have missed pre-2.83, but it has dns issues so unlikely be >>> widely deployed. >>> >>> Please refer patch attached. >>> >>> >> >> Patch modified to keep backwards compatibility with HAVE_NETTLEHASH >> because, why not? and applied. Looks like a sensible idea. >> >> >> >> Cheers, >> >> Simon. >> >>> >>> -- >>> >>> Best Regards, Vladislav Grishenko >>> >>> >>> >>> >>> _______________________________________________ >>> Dnsmasq-discuss mailing list >>> Dnsmasq-discuss@lists.thekelleys.org.uk >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>> >> >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
