> ...I've just discovered that changing DES functions to be DES_* clashes
> with Kerberos... for example:
> 
> static void
> DES_random_key(krb5_context context,
>              krb5_keyblock *key)
> 
> - do we have any views on this?
> 
> Cheers,
> 
> Ben.

Ben:

I thought one of the primary reasons for changing the function names
was to ensure that there were no name clashes with Kerberos.
(Kerberos Bones of course being the reason that Eric Young wrote the
DES library in the first place.)  Kerberos and OpenSSL need to be able
to be built and used on the same system and in the same applications.
Not just because an application wants to be able to support both a
Kerberos authentication or a TLS session, but because several
protocols including TLS provide the combination of TLS and Kerberos 
as an option.

Someone suggested that the functions be named

  OPENSSL_DES_xxxxxx()

I think we should accept that suggestion.  

FYI, this name collision does not take place with MIT Kerberos or I
would have discovered it myself.

Heimdal's crypto library uses the naming convention

  ALGORITHM_function()

with ALGORITHM currently equal to DES, DES3, ARCFOUR

- Jeff





 Jeffrey Altman * Sr.Software Designer      C-Kermit 8.0 Beta available
 The Kermit Project @ Columbia University   includes Secure Telnet and FTP
 http://www.kermit-project.org/             using Kerberos, SRP, and 
 [EMAIL PROTECTED]          OpenSSL.  SSH soon to follow.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to