| RE: [chrony-dev] wolfSSL support |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
- To: "chrony-dev@xxxxxxxxxxxxxxxxxxxx" <chrony-dev@xxxxxxxxxxxxxxxxxxxx>
- Subject: RE: [chrony-dev] wolfSSL support
- From: "Elliott, Robert (Servers)" <elliott@xxxxxxx>
- Date: Tue, 26 Jul 2022 19:35:14 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2+FxZF4g3oGG1aeXmtcGYC22WLLy4T3JJc4WM5V8qcI=; b=NFRWbHWz1H7LlO+0qUoQ2ApL2DGs1ABfFspiwFP4196emysE0VdQnmRzBltggJJhUwQiQMMQkZcwCVhThBWJ8a/YKoaOE5Fq7XJ5vUiVYATdirsU3+Oh+t607gLp3tSOV4qBWlCbctlN0EsPS1kURixGMgJv5S+RGkm1xgub6QLcCjEG2Dlf2lLZBbe/KygZPT/st9aC61lJgb0FnINpwXJd17lpf20d0AfbIYU/DEuguaAzTbz0aMasxQXiH3it6KZgqUVpTw2hJB8GFZfwCBLgxfDEbXmcaX077vhkjB7mDZD8IiFyNljyG+ZHK8sDVpBs1niIr44T/Mv+hpk+2Q==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ImHwQSd/GJhHZ+2KcFv4gTQ7v7gO6P3cKggXghlxx4itl9GNvIs3UNwBujLY4V1dmrMNNEpQHM1xodR8xEbLfOoQEAAvl6qtmCUh51hflCKHE+feuuCsWTDwhzsVH/lNZh0G/qmpgHJ/o/frtvWQALVxtnDCs/nI/t2v0qGqPW8eSrYsIHVSORMl+KiSqnWYaYQCcfUIpQJFZjITf1g6aWt03ualmW/6hIvwK1ySojgpPPvnCJhOZYxnn4WmgCMpWTD3GMVnY2bht7K6D5HqP4vUDz8l7vvG3TrsaQ8wcfswPvHVKkQnZp897cYsycq/BD6hZc/doz6tbYnE6ogEjw==
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pps0720; bh=GdPm1JI5Pj/f1QXrO1jqZFidPuzp4ykthwJvNutGco4=; b=I8nINmChgZsxpMThcYFgY18MupY3tDqIE3XS+XXJ6XzWMtlxkEywddES1ThgAKRTuKwp iDGRDY7GlJlTIy6l/MZfDl2x/irMVWOddfSgXJ6xpRFvMoXvLqWT4vijmvXwWv9ARZeL yi5Gv/B47pexQdYGtTHU1KyPHcN1dqR6Egy2G9rxdaMaBgnL5U3NC5QLrO6hnqar89pq f2u0VAg0RS1vH5eBXP6iRgIGr+sRVBvW+vqdzAaOyYqeRfatPVQdj4vXkLB3O3/HIYsV aDRvboSdpmQ9VdRNaDz6V6otVM5IAmm3KTB/Ampj8oJ5hGfQfQyghIXKvSH+c9MHF6CR 3A==
- Thread-index: AQHYneNe2Bs7qRWcdESpAN/mNK//hK2Q0BCAgAA86/A=
- Thread-topic: [chrony-dev] wolfSSL support
> -----Original Message-----
> From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
> Sent: Tuesday, July 26, 2022 10:40 AM
> To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [chrony-dev] wolfSSL support
>
> On Fri, Jul 22, 2022 at 08:53:56AM -0700, Hayden Roche wrote:
> > A while back, I did a port of chrony 4.1 to wolfSSL for crypto/NTS for
> > one of our (wolfSSL's) customers. Here's where we host the patch:
> > https://github.com/wolfSSL/osp/tree/master/chrony/4.1
> >
> > Would you be interested in having this upstream? If so, I'll clean up
> > the patch and make any changes needed to get it to play with the latest
> code.
>
> There might be interest, but I'd like to get an idea on what would be
> the benefits, how much code it would be and how difficult it would be
> to maintain.
>
> wolfSSL doesn't seem to be widely used on desktop/server systems. For
> example, it's not packaged in Fedora, so I'd need to build it myself
> for testing. On OpenWrt, which I use heavily and where I maintain the
> chrony package, the system wolfSSL doesn't seem to have all the
> options needed for chrony. After a rebuild it looks like it would
> increase the size substantially, so I guess it couldn't be the
> default.
Some embedded systems (e.g., system-on-chip based devices) need to use
FIPS 140-validated modules for crypto, and companies might standardize
on certain libraries across projects to minimize the number of
validations required, so working with libraries like this would
be helpful on enabling the adoption of NTS.
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.