Packages use several cryptography libraries because different packages require different libraries. hostapd uses OpenSSL, dnsmasq Nettle and ustream-ssl can use multiple libraries for example. In itself this is also not a major problem.
We could unify all packages to use a single cryptography library, for example LibreSSL or mbed TLS. We could save some space, effort for hardware accelerators, would be able to audit the system more easily and would need to make fewer security updates. On the other hand upstream maintainers might have strong opinions about certain libraries like OpenSSL or chose their library for other reasons. So it might be that we have maintain patches for certain packages. I had a look at this for dropbear because I would like to add Ed25519 support to it. It didn't seem to require a lot of effort. Do you think it would be worth the effort to unify the cryptography libraries in LEDE? - Matthias-Christian _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev