I'm considering removing the following features:
* des-compat.h and all its functions. This provides some level of compatiblity with libdes (and possibly also old versions of openssl/ssleay). I've not heard of anyone actually using this.
* rsa-compat.h and all its functions. Compatibility with RSAREF. I've never heard of anyone actually using this either.
* The nettle_next_prime function. No longer used internally in Nettle's key generation functions, and applications should use the corresponding GMP function instead.
Any objections? If you know of any use of these features, please speak up.
(In case a feature is removed and it later turns out to be a mistake, I'm open to reintroduce features in an update, but I believe there's little need to keep these around).
And any other cruft which should be removed while we're at it?
Regards, /Niels
On 04/11/2014 01:49 PM, Niels Möller wrote:
I'm considering removing the following features:
- des-compat.h and all its functions. This provides some level of compatiblity with libdes (and possibly also old versions of openssl/ssleay). I've not heard of anyone actually using this.
i don't know who is actually using this from nettle, but it looks like there are lots of programs that are either embedding libdes or relying on other packages like krb5 for something that looks roughly like a linked libdes.
emacs is just one of these. lsh-utils also appears to want something to do with libdes. Niels, maybe you can say what that's doing?
I'm not a big fan of des, and i'm certainly no emacs developer; But if we could let emacs use nettle's version easily without needing to rely on non-GNU code for anything it needs DES for that would be nice.
that said, i haven't found anyone who *is* using this compatibility layer in nettle, so i think if you want to drop it and be willing to add it back if someone complains that'd be fine.
rsa-compat.h and all its functions. Compatibility with RSAREF. I've never heard of anyone actually using this either.
The nettle_next_prime function. No longer used internally in Nettle's key generation functions, and applications should use the corresponding GMP function instead.
i just scanned everything in debian for these two and they seem unused to me:
http://codesearch.debian.net/search?q=R_SignInit http://codesearch.debian.net/search?q=R_VerifyInit http://codesearch.debian.net/search?q=nettle_next_prime
i say drop of these last two.
thanks for doing the maintenance work here.
--dkg
Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
On 04/11/2014 01:49 PM, Niels Möller wrote:
I'm considering removing the following features:
- des-compat.h and all its functions. This provides some level of compatiblity with libdes (and possibly also old versions of openssl/ssleay). I've not heard of anyone actually using this.
i don't know who is actually using this from nettle, but it looks like there are lots of programs that are either embedding libdes or relying on other packages like krb5 for something that looks roughly like a linked libdes.
Might make some sense to keep it, then. But it would be nice with some confirmation that it really is a working substitute for some of those programs.
emacs is just one of these. lsh-utils also appears to want something to do with libdes. Niels, maybe you can say what that's doing?
Don't know about emacs, but lsh definitely shouldn't be using libdes. It uses triple-des via an object defined in https://git.lysator.liu.se/lsh/lsh/blobs/master/src/crypto.c, on top of Nettle. Or possibly the krb password hack (https://git.lysator.liu.se/lsh/lsh/blobs/master/src/lsh-krb-checkpw.c) uses libdes indirectly?
i just scanned everything in debian for these two and they seem unused to me:
http://codesearch.debian.net/search?q=R_SignInit http://codesearch.debian.net/search?q=R_VerifyInit http://codesearch.debian.net/search?q=nettle_next_prime
i say drop of these last two.
Nice tool. I just tried
http://codesearch.debian.net/search?q=des_ede2_cbc_encrypt http://codesearch.debian.net/search?q=des_ede3_cbc_encrypt
(the functions in des-compat.h that seems most likely to be useful). Gives a dozen or two of matches. Besides openssl itself, most are in cyrus-sasl2. It's not clear to me if the matches indicates actual use.
Regards, /Niels
"DKG" == Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
DKG> it looks like there are lots of programs that are either embedding DKG> libdes or relying on other packages like krb5 for something that DKG> looks roughly like a linked libdes.
DKG> emacs is just one of these.
Emacs supports kerberos auth for some stuff; it looks like it wants des support just for that.
-JimC -- James Cloos cloos@jhcloos.com OpenPGP: 1024D/ED7DAEA6
nettle-bugs@lists.lysator.liu.se
-
Daniel Kahn Gillmor -
James Cloos -
nisse@lysator.liu.se