[jitsi-dev] [jitsi/libjitsi] 526bc4: Remove OpenSSLDigest


#1

I don't understand why the OpenSSL Digest implementation got removed.
Wasn't OpenSSL's SHA1 faster than BouncyCastle's and Java's?


#2

Hi Lyubomir,

we don't want sha1 but hmac-sha1,
if openssl hmac-sha1 doesn't work, openssl sha1 will not working either
that's why i removed OpenSSL Digest but not OpenSSL HMAC

If i have some more time i will merge OpenSSL HMAC and
SRTPCipherCTROpenSSL, to gain some more perf,
and after that add AES-GCM support

···

2016-04-05 16:52 GMT+02:00 Lyubomir Marinov <lyubomir.marinov@jitsi.org>:

I don't understand why the OpenSSL Digest implementation got removed.
Wasn't OpenSSL's SHA1 faster than BouncyCastle's and Java's?

_______________________________________________
commits mailing list
commits@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/commits


#3

Don't we need SHA* in DtlsControlImpl to compute fingerprints? I don't
agree with the removal of the OpenSSL-based Digest implementation just
because SRTP didn't use it.


#4

Don't we need SHA* in DtlsControlImpl to compute fingerprints? I don't
agree with the removal of the OpenSSL-based Digest implementation just
because SRTP didn't use it.

From what i remember SRTP was the only user. Also Certificate generation

isn't in the fast path (1 call every 24h), so better keep code simple.

···

Le 5 avr. 2016 18:15, "Lyubomir Marinov" <lyubomir.marinov@jitsi.org> a écrit :

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

>
> Don't we need SHA* in DtlsControlImpl to compute fingerprints? I don't
> agree with the removal of the OpenSSL-based Digest implementation just
> because SRTP didn't use it.

From what i remember SRTP was the only user. Also Certificate generation

isn't in the fast path (1 call every 24h), so better keep code simple.

Also if I remember correctly there was a bug in it with newer OpenSSL
version

···

Le 5 avr. 2016 18:23, "Etienne Champetier" <champetier.etienne@gmail.com> a écrit :

Le 5 avr. 2016 18:15, "Lyubomir Marinov" <lyubomir.marinov@jitsi.org> a écrit :