[openssl-dev] Seeking feedback on some #ifdef changes

John Foley foleyj at cisco.com
Thu Mar 5 16:29:17 UTC 2015 

Sorry for responding late to this thread, but has anyone considered
consolidating the following three definitions:

OPENSSL_NO_EC
OPENSSL_NO_ECDH
OPENSSL_NO_EDDSA

Is there a valid case where all three of these wouldn't be used
together?  Would the code even compile if only one (or two) of these
were defined?


On 01/23/2015 02:11 PM, Salz, Rich wrote:
>
> Looking at just OPENSSL_NO_xxx, we have over 100 openssl #ifdef
> options and we are considering removing nearly a third of them. 
> Please reply soon if the following plan would cause problems. This
> will happen only in master, for post-1.0.2.
>
> We will remove the following options.  You could argue that the
> OPENSSL_NO_SHAxxx options be treated as crypto, but OpenSSL does not
> compile without SHA and SHA1 defined, and we have no interest in
> spending the time to fix it. So for consistency, we will remove all of
> them.
>
>         GENUINE_DSA (and the broken DSS0 since SHA0 will be removed)
>
>         OPENSSL_NO_BIO
>
>         OPENSSL_NO_BUFFER
>
>         OPENSSL_NO_BUF_FREELISTS
>
>         OPENSSL_NO_CHAIN_VERIFY
>
>         OPENSSL_NO_DESCBCM (also removing the code; no EVP support)
>
>         OPENSSL_NO_EVP
>
>         OPENSSL_NO_FIPS_ERR
>
>         OPENSSL_NO_HASH_COMP
>
>         OPENSSL_NO_LHASH
>
>         OPENSSL_NO_LOCKING
>
>         OPENSSL_NO_MULTIBYTE (also removing the code)
>
>         OPENSSL_NO_OBJECT
>
>         OPENSSL_NO_RFC3779
>
>         OPENSSL_NO_SHA
>
>         OPENSSL_NO_SHA0 (also removing the code for SHA0)
>
>         OPENSSL_NO_SHA1
>
>         OPENSSL_NO_SHA224
>
>         OPENSSL_NO_SHA256
>
>         OPENSSL_NO_SHA384
>
>         OPENSSL_NO_SHA512
>
>         OPENSSL_NO_SPEED
>
>         OPENSSL_NO_SSL_INTERN (first attempt at making things opaque)
>
>         OPENSSL_NO_STACK
>
>         OPENSSL_NO_STORE
>
>         OPENSSL_NO_TLS
>
>         OPENSSL_NO_TLS1
>
>         OPENSSL_NO_TLS1_2_CLIENT
>
>         OPENSSL_NO_TLSEXT
>
>         OPENSSL_NO_X509
>
>         OPENSSL_NO_X509_VERIFY
>
>  
>
>  
>
> -- 
>
> Principal Security Engineer, Akamai Technologies
>
> IM: rsalz at jabber.me <mailto:rsalz at jabber.me> Twitter: RichSalz
>
>  
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150305/e7125896/attachment.html>

More information about the openssl-dev mailing list