I've been searching for some time for a crypto library that provides
algorithms like base64, MD4, MD5, SHA* etc that are used by Squid. So we
can remove the bundled re-implementations and avoid some big issues like
FIPS compliance of Squid.
Nettle appears to have become widely available in the last year or so
due to its use in GnuTLS and various DNSSEC tools. It is a freely
available GPLv3 library from GNU project easily availabel for download
for anyone who does not have it yet.
http://www.linuxfromscratch.org/blfs/view/svn/postlfs/nettle.html
Nettle does all the existing Squid algorithms and many of the newer
SHA-512+, HMAC and AES algorithms as well. It provides a (relatively)
clean API of direct function calls to run each algorithm on a provided
buffer without any encumbered TLS/SSL layer or formatting requirements
which many of the SSL-based crypto libraries pull in.
Before I forge on ahead, does anyone have objections to adding it as a
build dependency of squid-3.5 and dropping our locally bundled crypto
code which overlaps?
Amos
Received on Mon Mar 10 2014 - 21:50:17 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 11 2014 - 12:00:12 MDT