add flags for openssl-only crypto #52
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes Eugeny#50 This introduces an on-by-default `rs-crypto` flag, which enables the existing Rust-based crypto libraries (including aes and ED25519). However, these implementations can be removed by disabling the flag. If it's disabled, then openssl (when turned on) will stand in for them, in a less performant way. Note that while OpenSSL 3.x does have some ED25519 support, I have not done the work to make that compatible as well--partly because ED25519 is not yet an approved algorithm for my company to use, and partly to retain compatibility with OpenSSL 1.x
|
I will fix up the build/tests in the morning, it's late here already (but it works!) |
|
👍 merge c1472f6 for CI setup |
|
Hmm, not sure what's up with the build failure; that test works on my machine -- though later doctests fail since a lot of them show examples with ed25519 keys... Not sure whether I'll have time to dive into that more today or not |
connor4312
added a commit
to microsoft/vscode
that referenced
this pull request
Oct 14, 2022
For compliance with SDL and MSFT crypto standards. Right now this uses our forks of russh and secret-service. russh seems amenable to getting this merged (Eugeny/russh#52) but TBD about the secret-service crate. Fixes microsoft/vscode-internalbacklog#3158
|
No worries and no rush |
lemanschik
pushed a commit
to code-oss-dev/code
that referenced
this pull request
Nov 25, 2022
For compliance with SDL and MSFT crypto standards. Right now this uses our forks of russh and secret-service. russh seems amenable to getting this merged (Eugeny/russh#52) but TBD about the secret-service crate. Fixes microsoft/vscode-internalbacklog#3158
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #50
This introduces an on-by-default
rs-cryptoflag, which enables the existing Rust-based crypto libraries (including aes and ED25519). However, these implementations can be removed by disabling the flag. If it's disabled, then openssl (when turned on) will stand in for them, in a less performant way.Note that while OpenSSL 3.x does have some ED25519 support, I have not done the work to make that compatible as well--partly because ED25519 is not yet an approved algorithm for my company to use, and partly to retain compatibility with OpenSSL 1.x