[LEDE-DEV] Uniform cryptography library
Matthias-Christian Ott
ott at mirix.org
Mon Dec 11 10:10:13 PST 2017
Packages use several cryptography libraries because different packages
require different libraries. hostapd uses OpenSSL, dnsmasq Nettle and
ustream-ssl can use multiple libraries for example. In itself this is
also not a major problem.
We could unify all packages to use a single cryptography library, for
example LibreSSL or mbed TLS. We could save some space, effort for
hardware accelerators, would be able to audit the system more easily and
would need to make fewer security updates. On the other hand upstream
maintainers might have strong opinions about certain libraries like
OpenSSL or chose their library for other reasons. So it might be that we
have maintain patches for certain packages.
I had a look at this for dropbear because I would like to add Ed25519
support to it. It didn't seem to require a lot of effort.
Do you think it would be worth the effort to unify the cryptography
libraries in LEDE?
- Matthias-Christian
More information about the Lede-dev
mailing list