[dev] FRR crypto in Fedora and RHEL

Michal Ruprich michalruprich at gmail.com
Tue Jun 25 11:00:06 EDT 2019


Hi all,

now that FRR is making its way to Fedora, perhaps it will eventually
make its way to RHEL-8 as well. In both Fedora and RHEL, we are tying to
make sure that every package that uses cryptographic algorithms and
protocols uses these correctly. Crypto algorithms are not easy to
implement and we are trying to encourage developers to use system
libraries that have been certified as secure and well implemented. With
every crypto algorithm that is implemented from scratch, it brings a
potential security risk to the system.

In FRR, md5 and sha256 are used as authentication methods for various
routing daemons. These are implemented from scratch. This creates an
issue for us and it could eventually result in FRR not getting in RHEL-8
at all. I would like to ask you, whether you would be willing to use
system libraries to implement these algorithms. I will do all the work
and provide patches and pull requests, of course. I believe that getting
FRR into RHEL-8 is worth it.

Regards,

Michal Ruprich




More information about the dev mailing list