[dev] FRR crypto in Fedora and RHEL
sharpd at cumulusnetworks.com
Mon Jul 1 07:54:21 EDT 2019
Linux, FreeBSD, OpenBSD and NetBSD. Solaris(Omnios) is `at your own
risk` and OSX is `assembly required with an advanced toolset and a
On Mon, Jul 1, 2019 at 2:42 AM Michal Ruprich <michalruprich at gmail.com> wrote:
> Hi Donald,
> On 6/25/19 10:03 PM, Donald Sharp wrote:
> > Removing code and depending on system libraries are fine from my
> > perspective as long as the new library dependencies are for commonly
> > available libraries available across all the systems we care about.
> > This includes the *bsd's. My assumption is that this is probably
> > true, correct?
> Of course, I am planning to use openssl or gnutls. Ideally I would like
> to make the build optional so that other distributions may choose if
> they prefer something else. Is there a specific list of systems that you
> care about? I would like to make sure that they all support these libraries.
> > If you are willing to do the work, please feel free to reach out to me
> > if you have any specific questions. We've tried to document our
> > workflow as best as possible in doc/developer/workflow.rst.
> > donald
> > On Tue, Jun 25, 2019 at 11:00 AM Michal Ruprich <michalruprich at gmail.com> wrote:
> >> Hi all,
> >> now that FRR is making its way to Fedora, perhaps it will eventually
> >> make its way to RHEL-8 as well. In both Fedora and RHEL, we are tying to
> >> make sure that every package that uses cryptographic algorithms and
> >> protocols uses these correctly. Crypto algorithms are not easy to
> >> implement and we are trying to encourage developers to use system
> >> libraries that have been certified as secure and well implemented. With
> >> every crypto algorithm that is implemented from scratch, it brings a
> >> potential security risk to the system.
> >> In FRR, md5 and sha256 are used as authentication methods for various
> >> routing daemons. These are implemented from scratch. This creates an
> >> issue for us and it could eventually result in FRR not getting in RHEL-8
> >> at all. I would like to ask you, whether you would be willing to use
> >> system libraries to implement these algorithms. I will do all the work
> >> and provide patches and pull requests, of course. I believe that getting
> >> FRR into RHEL-8 is worth it.
> >> Regards,
> >> Michal Ruprich
> >> _______________________________________________
> >> dev mailing list
> >> dev at lists.frrouting.org
> >> https://lists.frrouting.org/listinfo/dev
More information about the dev