Re: convert libgmp to a port?
*snip* > No. We are talking about removing a GPL infected library from the base > tree that is used by a couple of utterly performance irrelevant utilities > and making these couple of utilities (secure-rpc key generation tools) > use the OpenSSL bignum API - where OpenSSL has a BSD-style license. > > This has absolutely no effect on openssl at all. > > > Really? This hardly seems like a good idea. > > No. We can't plug libgmp into openssl anyway due to GPL infection and the > resulting license conflicts. openssl *explicitly* may not be distributed > under GPL. And building libgmp into openssl would require exactly that. *snip* Oh, I see. Nevermind then, sounds good. (Somehow I missed the libgmp<->GPL relationship.) gh (Apologies to the CC's who didn't need this aside.) > Cheers, > -Peter > -- > Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] > "All of this is for nothing if we don't go to the stars" - JMS/B5 > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
GH wrote: > On Thu, Jun 21, 2001 at 01:15:12PM -0700, some SMTP stream spewed forth: > > On Tue, Jun 19, 2001 at 12:44:40PM -0700, Terry Lambert wrote: > > > Giorgos Keramidas wrote: > > > > > > > > On Sun, Jun 17, 2001 at 01:51:56PM -0700, Kris Kennaway wrote: > > > > > > > > > libbn is already part of OpenSSH; it's a trivial matter to make it > >^^^ > > I meant to say OpenSSL here, of course. > > > > > > > into a standalone library. In other words, we already include two > > > > > functionally equivalent bignum libraries in FreeBSD, so one of them > > > > > should go. > > > > > > > > I couldn't agree more :) > > > > > > I'm going to word this strongly, mostly because I feel > > > strongly about the underlying issues. > > > > > > The SSL one is known to be very slow, and was written > > > as a proof of concept by the author. Please read the > > > release notes; it is seriously slow. Replacing it will > > > increase your SSL performance significantly. > > > > I know of no-one who has developed patches to make OpenSSL work with > > an external math library (e.g. libgmp). The OpenSSL guys are very > > interested in cleaning up their legacy code; you should work with them > > if you are interested. > > > > In FreeBSD, the only use of the libgmp code is for non-speed-critical > > applications, so replacing it with a less efficient library doesn't > > cost anything. libgmp will still exist in ports for applications > > which want to make use of a more efficient library. > > > > Am I understanding this correctly? > We currently have implemented a more efficient library than one you > propose expending effort to plug in? > > You propose that people remove the currently implemented and more > efficient library and replace it with a less-efficient library of > non-native BSD origin? No. We are talking about removing a GPL infected library from the base tree that is used by a couple of utterly performance irrelevant utilities and making these couple of utilities (secure-rpc key generation tools) use the OpenSSL bignum API - where OpenSSL has a BSD-style license. This has absolutely no effect on openssl at all. > Really? This hardly seems like a good idea. No. We can't plug libgmp into openssl anyway due to GPL infection and the resulting license conflicts. openssl *explicitly* may not be distributed under GPL. And building libgmp into openssl would require exactly that. If you want to add hooks for plugging in another bignum library into openssl, go for your life. But if that adds GPL exposure, then we're not interested because we cannot distribute it. Cheers, -Peter -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Thu, Jun 21, 2001 at 01:15:12PM -0700, some SMTP stream spewed forth: > On Tue, Jun 19, 2001 at 12:44:40PM -0700, Terry Lambert wrote: > > Giorgos Keramidas wrote: > > > > > > On Sun, Jun 17, 2001 at 01:51:56PM -0700, Kris Kennaway wrote: > > > > > > > libbn is already part of OpenSSH; it's a trivial matter to make it >^^^ > I meant to say OpenSSL here, of course. > > > > > into a standalone library. In other words, we already include two > > > > functionally equivalent bignum libraries in FreeBSD, so one of them > > > > should go. > > > > > > I couldn't agree more :) > > > > I'm going to word this strongly, mostly because I feel > > strongly about the underlying issues. > > > > The SSL one is known to be very slow, and was written > > as a proof of concept by the author. Please read the > > release notes; it is seriously slow. Replacing it will > > increase your SSL performance significantly. > > I know of no-one who has developed patches to make OpenSSL work with > an external math library (e.g. libgmp). The OpenSSL guys are very > interested in cleaning up their legacy code; you should work with them > if you are interested. > > In FreeBSD, the only use of the libgmp code is for non-speed-critical > applications, so replacing it with a less efficient library doesn't > cost anything. libgmp will still exist in ports for applications > which want to make use of a more efficient library. > Am I understanding this correctly? We currently have implemented a more efficient library than one you propose expending effort to plug in? You propose that people remove the currently implemented and more efficient library and replace it with a less-efficient library of non-native BSD origin? Really? This hardly seems like a good idea. gh > Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Tue, Jun 19, 2001 at 12:44:40PM -0700, Terry Lambert wrote: > Giorgos Keramidas wrote: > > > > On Sun, Jun 17, 2001 at 01:51:56PM -0700, Kris Kennaway wrote: > > > > > libbn is already part of OpenSSH; it's a trivial matter to make it ^^^ I meant to say OpenSSL here, of course. > > > into a standalone library. In other words, we already include two > > > functionally equivalent bignum libraries in FreeBSD, so one of them > > > should go. > > > > I couldn't agree more :) > > I'm going to word this strongly, mostly because I feel > strongly about the underlying issues. > > The SSL one is known to be very slow, and was written > as a proof of concept by the author. Please read the > release notes; it is seriously slow. Replacing it will > increase your SSL performance significantly. I know of no-one who has developed patches to make OpenSSL work with an external math library (e.g. libgmp). The OpenSSL guys are very interested in cleaning up their legacy code; you should work with them if you are interested. In FreeBSD, the only use of the libgmp code is for non-speed-critical applications, so replacing it with a less efficient library doesn't cost anything. libgmp will still exist in ports for applications which want to make use of a more efficient library. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
> No, I'm saying that the author of the SRA patches did the right thing > and used the traditional BSD math library when extending the > traditional BSD telnet utility. I am furthermore making the point > that FreeBSD should continue to ship with a library that provides > the `libmp' interface, regardless of how it is implemented internally. Strongly disagree. The libmp interface is not very fault-tolerant, and not well used (anymore). The bignum (BN) bits of libcrypto are much more fault tolerant and ubiquitous. Time to throw out the trash. The "its traditionally part of BSD" argument holds no water - the BSD books that I have point to MH and Emacs in the same way. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
< said: > But telnet in historic BSD didn't have sra or any other authentication > mechanism that uses libmp. Or are you saying that we cannot change > `historical BSD software'? No, I'm saying that the author of the SRA patches did the right thing and used the traditional BSD math library when extending the traditional BSD telnet utility. I am furthermore making the point that FreeBSD should continue to ship with a library that provides the `libmp' interface, regardless of how it is implemented internally. -GAWollman To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
Garrett Wollman <[EMAIL PROTECTED]> writes: > < said: > > > telnet* should never have used libmp in the first place, > > Yes, it should have, since telnet is historic BSD software and libmp > is the historic BSD arbitrary-precision-math library. But telnet in historic BSD didn't have sra or any other authentication mechanism that uses libmp. Or are you saying that we cannot change `historical BSD software'? /assar To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
< said: > telnet* should never have used libmp in the first place, Yes, it should have, since telnet is historic BSD software and libmp is the historic BSD arbitrary-precision-math library. That is also (one reason) why we should continue to supply a libmp, regardless of what code it is actually backed with. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same [EMAIL PROTECTED] | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Sun, Jun 17, 2001 at 01:51:56PM -0700, Kris Kennaway wrote: > libbn is already part of OpenSSH; it's a trivial matter to make it > into a standalone library. In other words, we already include two > functionally equivalent bignum libraries in FreeBSD, so one of them > should go. I couldn't agree more :) -giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Sun, Jun 17, 2001 at 06:22:56PM +0300, Giorgos Keramidas wrote: > On Sat, Jun 16, 2001 at 11:38:45PM -0700, Peter Wemm wrote: > > > It should not be too hard to have build a lightweight 'libbignum' that > > is extracted from the openssl sources and make that available in the base > > system. It would not be hard to convert the lib*mp consumers to use the > > libbignum (libbn, -lbn ?) and then we can get rid of it. > > > > telnet* should never have used libmp in the first place, it should have > > used libcrypto/bignum. chkey/newkey/keyserv are using libmp for > > diffie-helmann key exchange. (just large integer multiplication). It > > should be really easy to convert those three. > > Since there are a few things that are using libgmp (and I missed them > in my quick search through the sources), no I would not prefer > removing libgmp and making a new, probably buggier, libbignum that > will replace our current libgmp. > > If we do need some of the functionality of libgmp in the base-system, > then we really should import some newer version of libgmp, instead of > trying to make our own new library. I dont really like reinventing > wheels :) libbn is already part of OpenSSH; it's a trivial matter to make it into a standalone library. In other words, we already include two functionally equivalent bignum libraries in FreeBSD, so one of them should go. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Sun, Jun 17, 2001 at 11:48:41AM -0400, Joseph A. Mallett wrote: > > If we do need some of the functionality of libgmp in the base-system, > > then we really should import some newer version of libgmp, instead of > > trying to make our own new library. I dont really like reinventing > > wheels :) > > Unless you are the one charged with doing the work, you shouldn't complain > about the circumstances of the job. If someone wants to implement > something which already exists with a good reason for doing so, let them. > It can't hurt. > > Honestly, the odds that you would end up doing this, are NULL. Giving > concise reasons as to why it doesn't need replaced would be nice, rather > than "why not bring in more vendor code". You can replace each use of libgmp with the BIGNUM's in the openssl libraries. OpenBSD did this long ago in order to remove libgmp from their code base. If no one else wants to write the code then I'd be happy to do so. Its not really all that hard to do. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Sun, 17 Jun 2001, Giorgos Keramidas wrote: > > If we do need some of the functionality of libgmp in the base-system, > then we really should import some newer version of libgmp, instead of > trying to make our own new library. I dont really like reinventing > wheels :) > Unless you are the one charged with doing the work, you shouldn't complain about the circumstances of the job. If someone wants to implement something which already exists with a good reason for doing so, let them. It can't hurt. Honestly, the odds that you would end up doing this, are NULL. Giving concise reasons as to why it doesn't need replaced would be nice, rather than "why not bring in more vendor code". -- [ Joseph Mallett<[EMAIL PROTECTED]> ] [ http://srcsys.org ] [ xMach Core Team xMach: Proactively Unbloated Microkernel BSD ] [ FreeBSD, NetBSD, & xMach User; (Obj)C(++) Coder ] [ http://xMach.org ] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Sat, Jun 16, 2001 at 11:38:45PM -0700, Peter Wemm wrote: > It should not be too hard to have build a lightweight 'libbignum' that > is extracted from the openssl sources and make that available in the base > system. It would not be hard to convert the lib*mp consumers to use the > libbignum (libbn, -lbn ?) and then we can get rid of it. > > telnet* should never have used libmp in the first place, it should have > used libcrypto/bignum. chkey/newkey/keyserv are using libmp for > diffie-helmann key exchange. (just large integer multiplication). It > should be really easy to convert those three. Since there are a few things that are using libgmp (and I missed them in my quick search through the sources), no I would not prefer removing libgmp and making a new, probably buggier, libbignum that will replace our current libgmp. If we do need some of the functionality of libgmp in the base-system, then we really should import some newer version of libgmp, instead of trying to make our own new library. I dont really like reinventing wheels :) -giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
Steve Kargl wrote:
> On Sun, Jun 17, 2001 at 05:48:48AM +0300, Giorgos Keramidas wrote:
> >
> > I dont seem to be able to find some part of the base system that
> > actually *does* use libgmp. Being out of date as it is, do you think
> > it's proper to remove it from the base system and make it a port?
> >
>
> It is a port. See ports/math/libgmp3. Note also that libmp depends
> on sources from libgmp.
>
> kargl[219] find . -name Makefile | xargs grep lmp
> ./kerberosIV/libexec/telnetd/Makefile: -L${KRBOBJDIR} -lkrb -lcrypt
-lcom_err -lmp ${MINUSLPAM}
> ./kerberosIV/usr.bin/telnet/Makefile: -L${KRBOBJDIR} -lkrb -lcrypt
-lcom_err -lmp -lipsec ${MINUSLPAM}
> ./secure/libexec/telnetd/Makefile: -lcrypt -lmp ${MINUSLPAM}
> ./secure/usr.bin/telnet/Makefile:LDADD= -ltermcap ${LIBTELNET} -lcryp
to -lcrypt -lmp \
> ./usr.bin/chkey/Makefile:LDADD= -lrpcsvc -lmp -lgmp
> ./usr.bin/newkey/Makefile:LDADD=-lrpcsvc -lmp -lgmp
> ./usr.sbin/keyserv/Makefile:LDADD= -lmp -lrpcsvc
> kargl[220] find . -name Makefile | xargs grep lgmp
> ./usr.bin/chkey/Makefile:LDADD= -lrpcsvc -lmp -lgmp
> ./usr.bin/newkey/Makefile:LDADD=-lrpcsvc -lmp -lgmp
It should not be too hard to have build a lightweight 'libbignum' that
is extracted from the openssl sources and make that available in the base
system. It would not be hard to convert the lib*mp consumers to use the
libbignum (libbn, -lbn ?) and then we can get rid of it.
telnet* should never have used libmp in the first place, it should have
used libcrypto/bignum. chkey/newkey/keyserv are using libmp for
diffie-helmann key exchange. (just large integer multiplication). It
should be really easy to convert those three.
Cheers,
-Peter
--
Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
"All of this is for nothing if we don't go to the stars" - JMS/B5
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: convert libgmp to a port?
On Sun, Jun 17, 2001 at 05:48:48AM +0300, Giorgos Keramidas wrote:
>
> I dont seem to be able to find some part of the base system that
> actually *does* use libgmp. Being out of date as it is, do you think
> it's proper to remove it from the base system and make it a port?
>
It is a port. See ports/math/libgmp3. Note also that libmp depends
on sources from libgmp.
kargl[219] find . -name Makefile | xargs grep lmp
./kerberosIV/libexec/telnetd/Makefile: -L${KRBOBJDIR} -lkrb -lcrypt -lcom_err
-lmp ${MINUSLPAM}
./kerberosIV/usr.bin/telnet/Makefile: -L${KRBOBJDIR} -lkrb -lcrypt -lcom_err
-lmp -lipsec ${MINUSLPAM}
./secure/libexec/telnetd/Makefile: -lcrypt -lmp ${MINUSLPAM}
./secure/usr.bin/telnet/Makefile:LDADD= -ltermcap ${LIBTELNET} -lcrypto
-lcrypt -lmp \
./usr.bin/chkey/Makefile:LDADD= -lrpcsvc -lmp -lgmp
./usr.bin/newkey/Makefile:LDADD=-lrpcsvc -lmp -lgmp
./usr.sbin/keyserv/Makefile:LDADD= -lmp -lrpcsvc
kargl[220] find . -name Makefile | xargs grep lgmp
./usr.bin/chkey/Makefile:LDADD= -lrpcsvc -lmp -lgmp
./usr.bin/newkey/Makefile:LDADD=-lrpcsvc -lmp -lgmp
--
Steve
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
convert libgmp to a port?
I was looking at PR/9233 from Dec 1998 the other day, and I saw that the version of libgmp thats included in the base-system seems to be very outdated (version 2.x in our tree, while version 3.x is available at the homepage of libgmp). After discussing this with [EMAIL PROTECTED] about it through mail, I started looking through the sources to see where libgmp is used. It may be a false impression of mine, but in the -STABLE sources that I checked, I didn't seem to find anyone in the base-system `using' libgmp. I tried grepping through the entire /usr/src to find one place except for contrib/libgmp that seems to be using functions from libgmp (I was looking for functions that matched "\
