Date: Tue, 7 Jan 2014 23:54:59 -0800 From: Peter Wemm <peter@wemm.org> To: Mikhail T <mi+apache@aldan.algebra.com> Cc: olli hauer <ohauer@gmx.de>, Current FreeBSD <freebsd-current@freebsd.org> Subject: Re: md2 on current and 10. Message-ID: <CAGE5yCq=JEG40Ljtx0bfB5nSPCet-=PEzZdA7mfCw0DvMb4ttg@mail.gmail.com> In-Reply-To: <52BB2979.5040008@aldan.algebra.com> References: <52B392D9.4030507@aldan.algebra.com> <52B483D7.7080302@gmx.de> <52B486AD.7080102@aldan.algebra.com> <52B48E8C.5070804@gmx.de> <52BB2979.5040008@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 25, 2013 at 10:52 AM, Mikhail T <mi+apache@aldan.algebra.com> wrote: > On 20.12.2013 13:38, olli hauer wrote: >> md2 was deprecated in 2009 by the openssl project >> >> http://cvs.openssl.org/chngview?cn=18381 >> CVE-2009-2409 >> >> As fas as I know some Linux based projects have removed md2 from openssl-0.9.x in 2009. [..] > Could we, please, have MD2 resurrected before 10.0 is officially out? > Preferably in both -lmd and -lcrypto, but certainly in the former. Thank > you! Yours, The time to bring this up was before the freeze for 10.0, a good 6+ months ago. It is way too late now. However.. the code in libmd had had a non-commercial use restriction.. Even if it wasn't too late, that code won't be back. Your best bet is to create a crypto/libmd2 port. Start with the code from openssl. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGE5yCq=JEG40Ljtx0bfB5nSPCet-=PEzZdA7mfCw0DvMb4ttg>