On 2014-03-11 13:23, Alex Rousskov wrote:
> On 03/10/2014 03:50 PM, Amos Jeffries wrote:
>
>> I've been searching for some time for a crypto library that provides
>> algorithms like base64, MD4, MD5, SHA* etc that are used by Squid. So
>> we
>> can remove the bundled re-implementations and avoid some big issues
>> like
>> FIPS compliance of Squid.
>>
>> Nettle appears to have become widely available in the last year or so
>> due to its use in GnuTLS and various DNSSEC tools. It is a freely
>> available GPLv3 library from GNU project easily availabel for download
>> for anyone who does not have it yet.
>> http://www.linuxfromscratch.org/blfs/view/svn/postlfs/nettle.html
>
> You said "GPLv3" but the following page claims that Nettle is
> distributed under LGPL. What does the source code say?
>
> http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
>
Sorry. Yes the code says LGPL 2.1+
>
>> Nettle does all the existing Squid algorithms and many of the newer
>> SHA-512+, HMAC and AES algorithms as well. It provides a (relatively)
>> clean API of direct function calls to run each algorithm on a provided
>> buffer without any encumbered TLS/SSL layer or formatting requirements
>> which many of the SSL-based crypto libraries pull in.
>>
>>
>> Before I forge on ahead, does anyone have objections to adding it as a
>> build dependency of squid-3.5 and dropping our locally bundled crypto
>> code which overlaps?
>
>
> Would it be prudent to ask on squid-users whether everybody has access
> to libnettle on their platforms?
>
>
> I do not know much about that library but have no objections if you
> like
> it, folks can install it on their platforms, and its license is LGPL.
Amos
Received on Tue Mar 11 2014 - 00:36:48 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 11 2014 - 12:00:12 MDT