Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
On 04/11/2014 01:49 PM, Niels Möller wrote:
I'm considering removing the following features:
- des-compat.h and all its functions. This provides some level of compatiblity with libdes (and possibly also old versions of openssl/ssleay). I've not heard of anyone actually using this.
i don't know who is actually using this from nettle, but it looks like there are lots of programs that are either embedding libdes or relying on other packages like krb5 for something that looks roughly like a linked libdes.
Might make some sense to keep it, then. But it would be nice with some confirmation that it really is a working substitute for some of those programs.
emacs is just one of these. lsh-utils also appears to want something to do with libdes. Niels, maybe you can say what that's doing?
Don't know about emacs, but lsh definitely shouldn't be using libdes. It uses triple-des via an object defined in https://git.lysator.liu.se/lsh/lsh/blobs/master/src/crypto.c, on top of Nettle. Or possibly the krb password hack (https://git.lysator.liu.se/lsh/lsh/blobs/master/src/lsh-krb-checkpw.c) uses libdes indirectly?
i just scanned everything in debian for these two and they seem unused to me:
http://codesearch.debian.net/search?q=R_SignInit http://codesearch.debian.net/search?q=R_VerifyInit http://codesearch.debian.net/search?q=nettle_next_prime
i say drop of these last two.
Nice tool. I just tried
http://codesearch.debian.net/search?q=des_ede2_cbc_encrypt http://codesearch.debian.net/search?q=des_ede3_cbc_encrypt
(the functions in des-compat.h that seems most likely to be useful). Gives a dozen or two of matches. Besides openssl itself, most are in cyrus-sasl2. It's not clear to me if the matches indicates actual use.
Regards, /Niels