On Thu, Sep 29, 2022 at 3:45 PM Fabio Valentini <[email protected]> wrote: > > On Thu, Sep 29, 2022 at 9:31 PM Neal Gompa <[email protected]> wrote: > > > > On Thu, Sep 29, 2022 at 7:57 PM Jilayne Lovejoy <[email protected]> wrote: > > > > > > Hi Neal, > > > > > > Thanks for raising this here. I saw some of the thread on devel, but when > > > thread get long, it's sometimes hard to know what the specific ask is. > > > > > > To that end, could you provide a bit of a description as to what is > > > currently being done in terms of "hobbling" OpenSSL? Just a high-level > > > description would be helpful for context and a reminder as to the current > > > state. > > > > > > > The hobble-openssl script was designed to prune from the OpenSSL > > source code a number of cryptographic algorithms that were patent > > encumbered. Over the years, the script has been pruned of things to > > purge as patents expired. However, the remaining things the script > > indicates it prunes today all expired during the pandemic. Currently, > > it prunes Elliptic Curve Cryptography (ECC, or otherwise called EC > > crypto) code. The script documentation indicates the patents related > > to it expired in 2020, so we should be able to drop it entirely. > > > > > Also, am I correct to assume that by "use pristine OpenSSL sources" - the > > > desired outcome it to be able to package OpenSSL for Fedora straight from > > > the upstream project without needing to remove something or otherwise > > > modify the upstream source in order to package it for Fedora? > > > > > > > Yes. > > The same applies to nettle ... their "hobbling" script removes code > for some elliptic curves, some of which are actually already enabled > in OpenSSL. It would be great if nettle could use "un-hobbled" > sources, as well. > > For example, I need to manually patch the nettle bindings for Rust to > remove wrappers for these functions ... they're not used by Sequoia > OpenPGP, but it's still a lot of manual work for nothing. >
I'm bumping this thread again to ask if we can make everyone's lives easier by dropping all the hobbling we do today to OpenSSL, nettle, etc.. We *definitely* don't need it now at this point, so it's just needless work that creates a lot of second-order pain for people (such as library bindings for other programming languages). -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ legal mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
