On Thu, Sep 29, 2022 at 7:57 PM Jilayne Lovejoy <jlovejoy(a)redhat.com> wrote:
Hi Neal,
Thanks for raising this here. I saw some of the thread on devel, but when thread get
long, it's sometimes hard to know what the specific ask is.
To that end, could you provide a bit of a description as to what is currently being done
in terms of "hobbling" OpenSSL? Just a high-level description would be helpful
for context and a reminder as to the current state.
The hobble-openssl script was designed to prune from the OpenSSL
source code a number of cryptographic algorithms that were patent
encumbered. Over the years, the script has been pruned of things to
purge as patents expired. However, the remaining things the script
indicates it prunes today all expired during the pandemic. Currently,
it prunes Elliptic Curve Cryptography (ECC, or otherwise called EC
crypto) code. The script documentation indicates the patents related
to it expired in 2020, so we should be able to drop it entirely.
Also, am I correct to assume that by "use pristine OpenSSL
sources" - the desired outcome it to be able to package OpenSSL for Fedora straight
from the upstream project without needing to remove something or otherwise modify the
upstream source in order to package it for Fedora?
Yes.
--
真実はいつも一つ!/ Always, there's only one truth!