Jeffrey Altman wrote: > > > > Please be very careful with the changes that are made to DES. The DES > > > structures and functions from OpenSSL were originally designed by Eric > > > to be compatible with the MIT Kerberos DES implementation. This has > > > allowed applications such as C-Kermit to implement both Kerberos and > > > SSL/TLS (as is needed for Telnet and SSH) by using only the OpenSSL > > > DES implementation. Changes that result in name conflicts or data > > > structure conflicts will be a serious problem for application that > > > require both Kerberos and SSL/TLS. > > > > I find it hard to believe that the Kerberos data structures are as > > broken as the OpenSSL ones were. > > Actually, I would think that they were identical because Eric Young > was reverse engineering the MIT implementation in order to add DES > back into the Bones implementation of Kerberos IV. > > > Are you saying that you use the same data structure for calls to > > Kerberos DES as to OpenSSL DES? Initialised by the same routines? Or > > what? > > When linking the app to both Kerberos IV and OpenSSL there is a > conflict between the libdes.a from MIT and libcrypto.a from OpenSSL > since they both implement the same functions. So what I have done in > the past is link to libkrb4.a and libcrypto.a instead of libdes.a. > Since they implemented identical data structures and the function > calls were the same, the OpenSSL DES routines would simply just work. Ah, now I understand - well, that strategy won't work any more, I guess. It sounds risky to me, anyway. I guess that the simplest answer would be to have an option to rename all of OpenSSL's DES stuff so they don't conflict (it has to be an option, of course). Or to have an option in Kerberos IV to use OpenSSL DES instead of MIT libdes. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
