Missing files and patches present in OpenSSL #7
Comments
If they are missing from CRYPTOGAMS, are they used by GnuTLS?
What is the proper procedure to fix issues like these? |
This is the list of files used by GnuTLS from OpenSSL which are not present in this repository.
For me there are two ways:
|
So GnuTLS WANTS to use CRYPTOGAMS, not actually IS USING CRYPTOGAMS
So CRYPTOGAMS isn't kept to update with OpenSSL.
I have CET backports to OpenSSL's stable branch is at https://github.com/hjl-tools/openssl/tree/hjl/cet/OpenSSL_1_1_1-stable But I can't help you with license. |
OpenSSL uses inadequate approach, see openssl/openssl#9007 (comment), and corresponding 6d0e025. As for missing files. I've added missing armv8 and will keep reviewing and adding others. For example sha512-x86_64.pl needs an overhaul, one of code paths confuses profiler... |
|
Good job Andy. Cryptogams is one of those hidden gems on the web. |
Thank you for pointing me to the right direction!
Thank you very much! |
|
sha512-x86_64 is overhauled, but it takes even updated x86_64-xlate... |
|
I'm not sure if that's of help or not, but I've create the pull reuqest to submit @hjl-tools CET OpenSSL 1.1.1 patches into the 1.1.1-Stable branch. The cla-check approved them, meaning at least 1.1.1 branch with hjl-tools patches is still licensed in a way compatible with lgpl v2.1+ suitable for usage by gnutls. Separately, gnutls is license as lgpl v2.1+ which is compatible with apache2, if the resulting combination is then upgraded to lgpl v3. |
|
@dot-asm there are also some missing files for ppc, particularly the stuff under |
|
Looks like aes-gcm-armv8_64.pl also hasn't yet made the jump to cryptogams. :/ Would be nice to have, since for OpenBSD we'd need to pull it from cryptogams (instead of OpenSSL) due to licensing issues. |
|
Please could I add aesni-sha1-x86_64.pl and x86_64cpuid.pl to the list. As well as an update to sha1-x86_64.pl which is very much older than the one in OpenSSL. |
The CRYPTOGAMS code is suitably licensed for use in OpenConnect under LGPLv2.1, and gives us a 40% speedup to ESP AES-SHA1 encryption. However, not everything is in the standalone CRYPTOGAMS repository, so we have to import from OpenSSL itself for now, which means the licence is incompatible. Once dot-asm/cryptogams#7 is resolved, we can do this for real. But for now it's worth having it to experiment with. Really needs SHA256 too... Signed-off-by: David Woodhouse <[email protected]>
The CRYPTOGAMS code is suitably licensed for use in OpenConnect under LGPLv2.1, and gives us a 40% speedup to ESP AES-SHA1 encryption. However, not everything is in the standalone CRYPTOGAMS repository, so we have to import from OpenSSL itself for now, which means the licence is incompatible. Once dot-asm/cryptogams#7 is resolved, we can do this for real. But for now it's worth having it to experiment with. Really needs SHA256 too... Signed-off-by: David Woodhouse <[email protected]>
The CRYPTOGAMS code is suitably licensed for use in OpenConnect under LGPLv2.1, and gives us a 40% speedup to ESP AES-SHA1 encryption. However, not everything is in the standalone CRYPTOGAMS repository, so we have to import from OpenSSL itself for now, which means the licence is incompatible. Once dot-asm/cryptogams#7 is resolved, we can do this for real. But for now it's worth having it to experiment with. Really needs SHA256 too... Signed-off-by: David Woodhouse <[email protected]>
|
I'd also appreciate having |
I want to enable Intel CET in GnuTLS, which uses the CRYPTOGAMS implementation. Comparing the code in this repository with the code available in OpenSSL, there are missing patches (specially those from @hjl-tools enabling Intel CET) and missing files.
The CRYPTOGAMS code present in OpenSSL states that it is double licensed under CRYPTOGAMS and OpenSSL, but the license that applies depends on where the code is obtained from.
GnuTLS uses the CRYPTOGAMS implementation and claims to use the code under BSD 3-clause license, but obtains it from the OpenSSL repository.
Trying to fix this by obtaining the code directly from this repository, I found the following missing files which are present in OpenSSL repository, but not in this repository:
GnuTLS also uses the following file which is not double licensed:
Would it be possible to add the missing code and patches to this repository?
The text was updated successfully, but these errors were encountered: