Re: [chrony-dev] Support for another crypto hash? |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On Tue, Oct 18, 2011 at 06:48:28PM +0100, Ed W wrote:
> On 17/10/2011 12:25, Miroslav Lichvar wrote:
> > Another way would be to use a crypto library like nss (we can't use
> > openssl as it's not compatible with GPL) and allow user to select any
> > hash supported by the library.
> >
>
> How about libtomcrypt? Used for dropbear amongst other things. Public
> domain so you can repackage it under any licence you feel fit including GPL
>
> http://libtom.org/?page=features&whatfile=crypt
It seems it's no longer developed/maintained. The last changelog entry
is from 2007.
I've looked at the NSS libraries and I'm quite happy with the
NSSLOWHASH API and the libfreebl3 library. It's fairly small, it's
already used by other applications running on my system (e.g.
dhclient) and it has been FIPS validated.
I think most of the work will take changes in the source code to allow
using different hashes and extending the cmdmon protocol. Adding
support for a particular crypto library should be easy and we can
support more than one if needed.
--
Miroslav Lichvar
---
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.