Re: status of Heimdal in src

In reply to: Lexi Winter : "status of Heimdal in src"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Fri, 29 Dec 2023 04:03:27 UTC

In message <ZY4Pu2Z-_iQfJKAK@ilythia.eden.le-fay.org>, Lexi Winter writes:
> hello,
>
> i'm interested in the status of Heimdal in src (src/crypto/heimdal).
> although the vendor branch was recently updated, it hasn't been merged
> into src for a long time: the current version is 1.5.2, which is over 10
> years old.  in particular, this version is missing newer cyphers, like
> the SHA2-based algorithms.
>
> is there something preventing a newer version from being merged, or is
> it just a lack of someone having time to work on it?  if the latter, i'd
> be interested in picking this up (or helping, if someone is already
> working on it).

I'm currently working on replacing Heimdal with MIT. The reasons for this 
are threefold.

First, after importing Heimdal 7.7.0 locally, 7.8.0 failed to import. 
They'd restructured the code enough to require significant restructuring of 
makefiles.

Secondly, a large user of FreeBSD has requested replacing Heimdal with MIT.

Third. Popular demand. A substantial number of persons have suggested the 
MIT upgrade.

IMO MIT is the gold standard. (Make this our fourth point.)

The MIT upgrade is an exercise in reverse engineering the GNU 
configure/make build and implementing this within FreeBSD's bespoke build 
system. IMO MIT is easier to work with than Heimdal.

Initially MIT will become an option, later becoming the default. And 
finally removal of Heimdal. My target is sometime during the 15-CURRENT 
life cycle. Hopefully this summer.

-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0