On Tue, Mar 29, 2022 at 7:46 PM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote:
> Hi, > > I'm working on replacing res_crypto for a variety of reasons. It's a poor > API that's inflexible. It uses cryptographically deprecated methods and > key sizes. It doesn't support ECC. It isn't forward compatible with > Openssl-3.0. It doesn't have any test case coverage. etc. > My opinion is that a minimum of changes should be done to allow res_crypto to continue to exist. It's not a module that is really used except in legacy things and func_aes. I'm not even sure how much func_aes is used really. The only time res_crypto has really been used is in legacy modules that did their own crypto kind of thing. I don't think updating res_crypto for the sake of it is worthwhile as of this time. > > I've identified that: > > func/func_aes > chan/chan_iax2 > pbx/pbx_dundi > pbx/dundi-parser > > use res_crypto. Is there out-of-tree stuff that requires it as well? > > Anyway, I'm working on the requirements for the replacement here: > > https://wiki.asterisk.org/wiki/pages/viewpage.action?pageId=49153311 The page is not accessible. > > And feedback is appreciated. > Both chan_iax2 and pbx_dundi are effectively in a maintenance mode. The chan_iax2 module sees some changes as a result of community members still using it, but few. The pbx_dundi module never sees changes. I would be extremely hesitant in any changes to them to take advantage of any changes for the sake of it due to the possibility of regressions, and also any protocol changes that would have to occur if they were expanded for more recent cryptography. The func_aes module would be the only thing I could vaguely see using any improvements but there's nothing to say that it couldn't just be changed to not use res_crypto. -- Joshua C. Colp Asterisk Technical Lead Sangoma Technologies Check us out at www.sangoma.com and www.asterisk.org
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
