Thanks for the replies! The reason why I thought it would be cool to have
SHA1-HMAC included was I had thought SHA1 was included (in the crypt/
folder). However, now that I look at it again, it's actually SHA2, which
makes the whole request bad :( I'll try my hand at porting the code from
Busybox.

Thanks for the kind responses!
Kyle.


On Sat, Oct 26, 2013 at 12:38 PM, Rich Felker <dalias@aerifal.cx> wrote:

> On Sat, Oct 26, 2013 at 02:28:48PM +0200, Szabolcs Nagy wrote:
> > * Daniel Cegie?ka <daniel.cegielka@gmail.com> [2013-10-25 21:23:03
> +0200]:
> > >  Adding HMAC to musl doesn't make sense. This is only one C file, so
> > > why you just don't want to keep this in the sources of your software?
> >
> > including a source file is not optimal
>
> I think whether this is the case depends a lot on what you're doing.
> One question I always recommend asking is which will be larger and
> more work to maintain: the copied code, or the library glue? For use
> of a single hash function from a crypto lib with a complex API, just
> the glue code to setup and call the crypto lib is probably as large as
> the hash code. Then you have to consider also the build system. At
> this point we haven't even started considering the potential space for
> bugs, issues if someone uses a different implementation of the
> original crypto lib as a drop-in replacement for it (common with
> openssl), etc.
>
> So I think in this specific case, including the source file may
> actually be the optimal solution.
>
> Rich
>