I found that we can use libmd instead of the bundled compat/ sha implementations and opened a Debian PR here: https://salsa.debian.org/debian/dhcpcd/-/merge_requests/2
libmd is not currently cerified but it is included in main and thus gets the full security team CVE treatment. Besides, when it comes to cryptography we want to have as few different implementations as possible.
With 10.0.1-1 from Debian the configure script also seems to pick up arc4random from libc, which is another huge improvement.
I found that we can use libmd instead of the bundled compat/ sha implementations and opened a Debian PR here: https:/ /salsa. debian. org/debian/ dhcpcd/ -/merge_ requests/ 2
libmd is not currently cerified but it is included in main and thus gets the full security team CVE treatment. Besides, when it comes to cryptography we want to have as few different implementations as possible.
With 10.0.1-1 from Debian the configure script also seems to pick up arc4random from libc, which is another huge improvement.