Conversation

Jarkko Sakkinen

Edited 12 days ago
"All cryptography goes now through OpenSSL (libcrypto) so the binary depends
on a single, FIPS-certifiable crypto backend. The Authenticode/PKCS#7 and
PE container structures are assembled and parsed with the small hand-rolled
DER helpers below rather than a third-party ASN.1 stack."

Definitely worth of trouble :-) I don't want to deal with RustCrypto crates.

I don't *need* FIPS but I still don't want purposely cause such engineering bottlenecks to my software.

https://codeberg.org/puu/puu-installer/commit/02edec9517c8a87be8529b3b72320ccdac67a171
0
0
0