>>>>> "Chris" == Chris G Demetriou <cgd@netbsd.org> writes:
    Chris> * running such programs on a system with the fake library.  In
    Chris> general, it's not desirable to have a core dump because a stub wasn't
    Chris> implemented.  (if this is all the reliability you want, just let the
    Chris> linker's lazy binding go boom when the symbols are used!)

  In the case of RSA used in ISAKMP, if the user has configured to enable RSA
and they don't have it, then it goes boom. Sure, I can just let the linker go
boom, that's true, but I would think that the binary would complain if we had
no library at all, correct? Perhaps we want to have better diagnostics. Depends.

    Chris> If the intent is to both build and run the programs on a system with
    Chris> 'real' implementations of the functions that are stubbed in the
    Chris> library, what use is the library of stubs?  8-)

  I want to permit people to write code that *might* want to use RSA, but can
cope with DSA, and if the end user obtains an RSA library that is legal for
their use (compiles RSAREF in the US with appropriate licensing, which many
research places already have), then it just works. Yes, one could make the
code compile depending on HAVE_RSA or something.
  The option, I guess, is to use explicit dlopen() in libcrypto.a based upon
some environment variable, or config option, or fail with an error if an RSA
operation is requested.

    Chris> If you want to do something close to this, i think what you really
    Chris> need is a way for a program to query the state of what the library
    Chris> provides, so that it can find out what algorithms are supported and
    Chris> dynamically modify its operation to do the right thing.  However,
    Chris> you've signalled no intention of doing any such thing, or of modifying
    Chris> the applications to do the right thing in the presence of such a
    Chris> mechanism, so it doesn't sound like what you intended.

  Generally, if someone asks you to authenticate an otherwise certificate
chain, you either can do it because all signatures are DSS, or you need to
invoke RSA, which if you don't have, you fail. 

    Chris> I'd actually think that a better alternative to that (if a 'standard'
    Chris> API to do things like this doesn't already exist) would be having the
    Chris> application try to dlopen() modules which contain the crypto
    Chris> algorithms it wants to use.  That way:

  Yes. I really hate explicit dlopen() because it makes building with -static
a pain in the butt.

    Chris> Note that you're already assuming a shared library, so you're already
    Chris> presuming dynamic linking capability...

  But, not depending upon it.
  Nothing is written in stone yet.

] Train travel features AC outlets with no take-off restrictions|  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [