Adding standalone RSA code

[Colin Percival]

David O'Brien wrote:
> Without a stronger justification than what was given in this thread, I
> have to side with Mark Murry and David Schultz.  While your library may
> be perfect for your FreeBSD Update; I fear it may become the /usr/src fad
> to use your library over OpenSSL, even in cases where speed and HW
> support is important.

I have to object to this argument; everything in the src tree can be
misused, and the potential for someone to misuse my code should not
be considered as a reason for not including it in the base system.

>  I am also concerned about a future found security
> problem that you are ETOOBUSY to deal with and someone else totally
> unfamiliar with the code has to deal with it.

I'll conceed that this may be a reasonable consideration, although I
still think that serious problems in a ~1500 line library are probably
both less likely and easier to fix than problems in a ~200000 line
library.

> At the moment, I think your library code should just be part of your
> FreeBSD Update code if you find you simply cannot use OpenSSL.  Or make
> your library a port in which only a static library is provided.

I'm not quite sure I understand what you're saying here.  The entire point
of this discussion is that bringing my RSA code into the base systme is an
obvious first step towards bringing FreeBSD Update into the base system,
which is something I've been asked countless times (by both committers and
users) to do.

Removing my RSA code from the security/freebsd-update port and creating a
separate devel/minirsa port might have some advantages (in fact, it has one
very obvious advantage -- sysutils/portsnap wouldn't have to depend upon
security/freebsd-update any longer), but I can't see how it would help get
FreeBSD Update into the base system.

Colin Percival