Add apisupport and use for low-level aes & rsa #632
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- One item per line - If there's more than one item in the list, start on the line after the assignment "=". This has no effect on the build system, but it makes future changes to lists much easier to see. Removing the empty lines before the LIBTARSNAP_A+= lines clarifies the file, in that there's a single "paragraph" for each library, rather than one multi-line "paragraph" followed by a one-line "paragraph".
OpenSSL 3.0 marked many functions as "deprecated" [1]. In tarsnap,
those functions are used in:
lib/crypto/crypto_compat.c
lib/crypto/crypto_keys.c
lib/crypto/crypto_keys_subr.c
lib/crypto/crypto_rsa.c
libcperciva/crypto/crypto_aes.c
Those files are now being compiled into a new libtarsnap_crypto.a, which
uses the appropriate compiler flags.
[1] List of relevant deprecated OpenSSL 3.0 functions:
AES_encrypt
AES_set_encrypt_key
RSAPublicKey_dup
RSA_bits
RSA_free
RSA_generate_key_ex
RSA_get0_crt_params
RSA_get0_factors
RSA_get0_key
RSA_new
RSA_private_decrypt
RSA_private_encrypt
RSA_public_decrypt
RSA_public_encrypt
RSA_set0_crt_params
RSA_set0_factors
RSA_set0_key
RSA_size
|
This includes #631, which I recommend merging before looking at this too seriously. ... huh, clang-10 has some linking problem? Hmm. |
gperciva
commented
Jan 29, 2025
| LIBTARSNAP_A+= lib/libtarsnap_arm_sha256.a | ||
|
|
||
| lib_libtarsnap_crypto_a_SOURCES= \ |
There was a problem hiding this comment.
I'm really not certain what to call this library.
I originally went with libtarsnap_crypto_aes (as we did in scrypt Tarsnap/scrypt#386), but then I discovered that 4 files in lib/crypto/ also needed the same compiler flag.
I can see a few possibilities:
- put only the required files into a generic
libtarsnap_crypto.a(current). - put everything in
lib/crypto/into alibtarsnap_crypto.a. That would mean that some files might be compiled with fewer warnings than is strictly necessary, but that's a rather theoretical concern. - add a
libtarsnap_crypto_aes.awhich only containscrypto_aes(as with scrypt); and add alibtarsnap_openssl_compat.a(or some name like that) which has the other ones.
|
This needs more revision; I'll bring it back later. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.