[asterisk-dev] SHA1 and MD5 code?

Tilghman Lesher tilghman at meg.abyt.es
Thu Oct 13 12:04:10 CDT 2011


On Thu, Oct 13, 2011 at 7:32 AM, Kevin P. Fleming <kpfleming at digium.com> wrote:
> On 10/12/2011 05:22 PM, Paul Belanger wrote:
>>
>> On 11-10-12 05:57 PM, Jeffrey Ollie wrote:
>>>
>>> On Wed, Oct 12, 2011 at 3:48 PM, Simon Perreault
>>> <simon.perreault at viagenie.ca> wrote:
>>>>
>>>> On 2011-10-12 16:15, Jeffrey Ollie wrote:
>>>>>
>>>>> Is there a really good reason to keep SHA1 and MD5 code in the
>>>>> Asterisk source?
>>>>
>>>> You do know about the backdoor requirement, don't you?
>>>
>>> Well, yes of course, but by using OpenSSL we can use the same backdoor
>>> that everyone else uses and we don't have to maintain our own :) :)
>>>
>> +1 for not having to maintain our own version (plus is keeps package
>> maintainers happy). However, I'm not skilled enough to determine the
>> impact to asterisk.
>
> If someone wants to put together a patch for trunk, it's worth reviewing. I
> guess the real question is: what are our current dependencies on OpenSSL,
> and are the MD5 and SHA-1 operations used for
> anything that doesn't also require OpenSSL?

In answer to the second question, yes.  MD5 is used both by HTTP as well
as AMI for non-plaintext authentication, without requiring the use of OpenSSL.



More information about the asterisk-dev mailing list