Re: [chrony-dev] Support for another crypto hash?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Wed, 19 Oct 2011, Miroslav Lichvar wrote:

On Tue, Oct 18, 2011 at 06:48:28PM +0100, Ed W wrote:
On 17/10/2011 12:25, Miroslav Lichvar wrote:
Another way would be to use a crypto library like nss (we can't use
openssl as it's not compatible with GPL) and allow user to select any
hash supported by the library.


How about libtomcrypt?  Used for dropbear amongst other things.  Public
domain so you can repackage it under any licence you feel fit including GPL

http://libtom.org/?page=features&whatfile=crypt

It seems it's no longer developed/maintained. The last changelog entry
is from 2007.

Tom StDenis dropped development of the library due to personal and legal
problems (including threats to him because of the development of the library)
, but it was picked up again by
others. That reference in fact refers to the last of Tom's releases. The better reference is the base page
http://libtom.org
which directs you to a git release of the current version which is being
actively maintained (2011 changes)



I've looked at the NSS libraries and I'm quite happy with the
NSSLOWHASH API and the libfreebl3 library. It's fairly small, it's
already used by other applications running on my system (e.g.
dhclient) and it has been FIPS validated.

I think most of the work will take changes in the source code to allow
using different hashes and extending the cmdmon protocol. Adding
support for a particular crypto library should be easy and we can
support more than one if needed.


---
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/