[openssl-dev] Seeking feedback on some #ifdef changes
John Foley
foleyj at cisco.com
Thu Mar 5 16:29:17 UTC 2015
Sorry for responding late to this thread, but has anyone considered
consolidating the following three definitions:
OPENSSL_NO_EC
OPENSSL_NO_ECDH
OPENSSL_NO_EDDSA
Is there a valid case where all three of these wouldn't be used
together? Would the code even compile if only one (or two) of these
were defined?
On 01/23/2015 02:11 PM, Salz, Rich wrote:
>
> Looking at just OPENSSL_NO_xxx, we have over 100 openssl #ifdef
> options and we are considering removing nearly a third of them.
> Please reply soon if the following plan would cause problems. This
> will happen only in master, for post-1.0.2.
>
> We will remove the following options. You could argue that the
> OPENSSL_NO_SHAxxx options be treated as crypto, but OpenSSL does not
> compile without SHA and SHA1 defined, and we have no interest in
> spending the time to fix it. So for consistency, we will remove all of
> them.
>
> GENUINE_DSA (and the broken DSS0 since SHA0 will be removed)
>
> OPENSSL_NO_BIO
>
> OPENSSL_NO_BUFFER
>
> OPENSSL_NO_BUF_FREELISTS
>
> OPENSSL_NO_CHAIN_VERIFY
>
> OPENSSL_NO_DESCBCM (also removing the code; no EVP support)
>
> OPENSSL_NO_EVP
>
> OPENSSL_NO_FIPS_ERR
>
> OPENSSL_NO_HASH_COMP
>
> OPENSSL_NO_LHASH
>
> OPENSSL_NO_LOCKING
>
> OPENSSL_NO_MULTIBYTE (also removing the code)
>
> OPENSSL_NO_OBJECT
>
> OPENSSL_NO_RFC3779
>
> OPENSSL_NO_SHA
>
> OPENSSL_NO_SHA0 (also removing the code for SHA0)
>
> OPENSSL_NO_SHA1
>
> OPENSSL_NO_SHA224
>
> OPENSSL_NO_SHA256
>
> OPENSSL_NO_SHA384
>
> OPENSSL_NO_SHA512
>
> OPENSSL_NO_SPEED
>
> OPENSSL_NO_SSL_INTERN (first attempt at making things opaque)
>
> OPENSSL_NO_STACK
>
> OPENSSL_NO_STORE
>
> OPENSSL_NO_TLS
>
> OPENSSL_NO_TLS1
>
> OPENSSL_NO_TLS1_2_CLIENT
>
> OPENSSL_NO_TLSEXT
>
> OPENSSL_NO_X509
>
> OPENSSL_NO_X509_VERIFY
>
>
>
>
>
> --
>
> Principal Security Engineer, Akamai Technologies
>
> IM: rsalz at jabber.me <mailto:rsalz at jabber.me> Twitter: RichSalz
>
>
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150305/e7125896/attachment.html>
More information about the openssl-dev
mailing list