From: Gregor Pintar <grpintar@gmail.com>
To: musl@lists.openwall.com
Subject: Re: High-priority library replacements?
Date: Thu, 25 Apr 2013 08:43:25 +0200 [thread overview]
Message-ID: <CAOPXC2=iHvRetaLzvdOuRKdXe5D19_-G+2N5vf-dxxYy7M6eQg@mail.gmail.com> (raw)
In-Reply-To: <20130425041553.GA13951@brightrain.aerifal.cx>
Hello.
2013/4/25, Rich Felker <dalias@aerifal.cx>:
> 2. SSL. The modern internet basically requires using SSL everywhere.
> We should be aiming/expecting to transition to a world where even
> non-login-based sites are 100% https; the threats of malicious http
> injection attacks from rogue or advertising-based access points has
> gotten too great. Unfortunately, all of the existing SSL
> implementations are bloated, buggy, and fail even the most basic
> robustness requirements. A good solution would be based on tomcrypt
> and would expose a minimal, simple API suited for event-loop-based or
> threaded use. It may also be useful to have an optional wrapper layer
> to expose an API that mimics openssl or gnutls. It should also be able
> to keep up with the changing demands of how to determine which
> certificate authorities are to be trusted.
I am working on cryptographic library. It's far from being finished.
I would be very glad, if someone could look at it.
Currently I have problems with API design so help would be welcome.
It isn't in git yet.
You can get it here:
https://dl.dropboxusercontent.com/u/83450675/kripto/kripto.tar.gz
I have plans for SSL library on top of it, but it could take years.
I think best way is not to trust any certificate authority.
Maybe some certificate p2p protocol could be done?
> All of these libraries should:
>
> - Avoid namespace pollution. Only external symbols should be the
> public API and internal-use stuff prefixed with an ugly prefix
> that's extremely unlikely to clash with anything.
All external symbols have "kripto_" prefix.
> - Avoid unnecessary allocation. Use caller-provided objects where
> possible or provide both options.
I am trying to do least malloc()s possible.
> - Have absolutely zero global state.
There is no global state and there won't be any.
Gregor
next prev parent reply other threads:[~2013-04-25 6:43 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-25 4:15 Rich Felker
2013-04-25 5:05 ` Daniel Cegiełka
2013-04-25 5:21 ` Rich Felker
2013-04-25 5:55 ` Kurt H Maier
2013-04-25 7:34 ` Jens Staal
2013-04-25 12:18 ` Rich Felker
2013-04-25 13:54 ` Kurt H Maier
2013-04-25 6:43 ` Gregor Pintar [this message]
2013-04-26 0:55 ` idunham
2013-04-26 1:11 ` crypto libraries idunham
2013-04-26 7:51 ` Daniel Cegiełka
2013-04-26 1:51 ` High-priority library replacements? Rich Felker
2013-04-26 8:11 ` Gregor Pintar
2013-04-26 15:47 ` Rich Felker
2013-04-26 17:24 ` Gregor Pintar
2013-04-28 21:43 ` Rob Landley
2013-04-29 10:16 ` Szabolcs Nagy
2013-04-29 12:09 ` Rich Felker
2013-04-29 17:35 ` Gregor Pintar
2013-04-29 21:55 ` Szabolcs Nagy
2013-04-30 2:10 ` Rich Felker
2013-04-30 6:32 ` Gregor Pintar
2013-04-30 8:35 ` Szabolcs Nagy
2013-04-30 9:58 ` Gregor Pintar
2013-04-30 11:30 ` Szabolcs Nagy
2013-04-30 14:11 ` Gregor Pintar
2013-05-01 7:26 ` Gregor Pintar
2013-05-08 21:37 ` Daniel Cegiełka
2013-05-08 23:00 ` idunham
2013-05-09 7:36 ` Daniel Cegiełka
2013-05-09 9:03 ` Daniel Cegiełka
2013-05-09 11:10 ` LM
2013-05-09 14:08 ` Rich Felker
2013-05-09 14:40 ` Daniel Cegiełka
2013-05-09 14:45 ` Rich Felker
2013-05-12 22:42 ` Brad Conroy
2013-05-15 20:17 ` Rich Felker
2013-05-16 16:12 ` Justin Cormack
2013-05-17 1:56 ` Rich Felker
2013-05-17 7:28 ` Justin Cormack
2013-05-09 16:40 ` LM
2013-04-30 18:47 ` Nicolas Braud-Santoni
2013-04-30 19:18 ` Gregor Pintar
2013-05-26 20:09 ` Daniel Cegiełka
2013-05-27 15:53 ` Gregor Pintar
2013-05-28 9:27 ` Daniel Cegiełka
2013-05-28 17:30 ` Gregor Pintar
2013-05-28 13:11 ` LM
2013-05-28 21:38 ` Rob Landley
2013-05-31 11:13 ` LM
2013-05-31 11:36 ` LM
2013-04-25 7:21 ` Hal Clark
2013-04-25 10:58 ` Igmar Palsenberg
2013-04-25 12:28 ` Rich Felker
2013-04-25 11:44 ` LM
2013-04-25 12:51 ` Rich Felker
2013-04-25 15:30 ` Jens Staal
2013-04-25 16:51 ` Zvi Gilboa
2013-04-25 16:57 ` Justin Cormack
2013-04-25 17:53 ` Zvi Gilboa
2013-04-27 5:45 ` Rob Landley
2013-04-27 8:13 ` Luca Barbato
2013-04-27 13:05 ` Zvi Gilboa
2013-04-26 6:11 ` Igmar Palsenberg
2013-04-28 21:34 ` Licensing Rob Landley
2013-04-29 20:47 ` Licensing Rich Felker
2013-04-29 21:10 ` Licensing Jens Gustedt
2013-04-29 22:47 ` Licensing Kurt H Maier
2013-04-29 22:50 ` Licensing Rob Landley
2013-04-30 12:32 ` Licensing LM
2013-04-26 4:19 ` High-priority library replacements? Isaac Dunham
2013-04-26 11:41 ` LM
2013-04-26 12:57 ` Muhammad Sumyandityo Noor
2013-04-26 15:53 ` Rich Felker
2013-04-28 6:53 ` Muhammad Sumyandityo Noor
2013-04-28 17:46 ` Rich Felker
2013-04-26 16:52 ` LM
2013-04-26 4:32 ` nwmcsween
2013-04-29 5:51 Brad Conroy
2013-04-29 16:38 ` John Spencer
2013-04-29 20:14 ` Rob Landley
2013-04-29 20:53 ` Rich Felker
2013-04-30 1:53 ` idunham
2013-04-30 2:21 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOPXC2=iHvRetaLzvdOuRKdXe5D19_-G+2N5vf-dxxYy7M6eQg@mail.gmail.com' \
--to=grpintar@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).