On 03/10/2014 03:50 PM, Amos Jeffries wrote:
> I've been searching for some time for a crypto library that provides
> algorithms like base64, MD4, MD5, SHA* etc that are used by Squid. So we
> can remove the bundled re-implementations and avoid some big issues like
> FIPS compliance of Squid.
>
> Nettle appears to have become widely available in the last year or so
> due to its use in GnuTLS and various DNSSEC tools. It is a freely
> available GPLv3 library from GNU project easily availabel for download
> for anyone who does not have it yet.
> http://www.linuxfromscratch.org/blfs/view/svn/postlfs/nettle.html
You said "GPLv3" but the following page claims that Nettle is
distributed under LGPL. What does the source code say?
http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
> Nettle does all the existing Squid algorithms and many of the newer
> SHA-512+, HMAC and AES algorithms as well. It provides a (relatively)
> clean API of direct function calls to run each algorithm on a provided
> buffer without any encumbered TLS/SSL layer or formatting requirements
> which many of the SSL-based crypto libraries pull in.
>
>
> Before I forge on ahead, does anyone have objections to adding it as a
> build dependency of squid-3.5 and dropping our locally bundled crypto
> code which overlaps?
Would it be prudent to ask on squid-users whether everybody has access
to libnettle on their platforms?
I do not know much about that library but have no objections if you like
it, folks can install it on their platforms, and its license is LGPL. If
its license is GPLv3, please discuss whether its use would make Squid
GPLv3 as well.
Thank you,
Alex.
Received on Tue Mar 11 2014 - 00:23:19 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 11 2014 - 12:00:12 MDT