From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3196 Path: news.gmane.org!not-for-mail From: Gregor Pintar Newsgroups: gmane.linux.lib.musl.general Subject: Re: High-priority library replacements? Date: Thu, 25 Apr 2013 08:43:25 +0200 Message-ID: References: <20130425041553.GA13951@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: ger.gmane.org 1366872214 2106 80.91.229.3 (25 Apr 2013 06:43:34 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 25 Apr 2013 06:43:34 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-3200-gllmg-musl=m.gmane.org@lists.openwall.com Thu Apr 25 08:43:39 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1UVFu5-0004x3-UU for gllmg-musl@plane.gmane.org; Thu, 25 Apr 2013 08:43:38 +0200 Original-Received: (qmail 5126 invoked by uid 550); 25 Apr 2013 06:43:37 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 4093 invoked from network); 25 Apr 2013 06:43:37 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=JuBnu8JcIWqe0jOEp3YCHimmivWgij4RhYOS6haFc+c=; b=yzdwVFjS7I2wqn20JozVAgpCbUQZciUdnaBJod8EccooUrPqCtSKzZkoFBjDMp08RX WrvxpIUEb0ucKfpnDjDvtBkIrsA8K97NcaqCrz//sy13xRNO0LfwKmt7WtnRxdoecBFC F3hsg5AeFgWZj5b0k3JbFLnXSH15aB64yEow41Zyf52P6Q37DnxocLFW+eDRH0CKBgj3 ykvaaoEcP4u58ImwLV0Ie45a3xD8UB3FOE8mSy3rOxqjWZq1qjhlFo05u6EESXzTG7aH YSzlrkq97k0Z7J3HVhnsgZYDQIesRHc0ZuOOUDfJw0dEanMs6GOhB8cyt03X47MUeW0k /MQg== X-Received: by 10.194.83.33 with SMTP id n1mr73315516wjy.7.1366872205422; Wed, 24 Apr 2013 23:43:25 -0700 (PDT) In-Reply-To: <20130425041553.GA13951@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:3196 Archived-At: Hello. 2013/4/25, Rich Felker : > 2. SSL. The modern internet basically requires using SSL everywhere. > We should be aiming/expecting to transition to a world where even > non-login-based sites are 100% https; the threats of malicious http > injection attacks from rogue or advertising-based access points has > gotten too great. Unfortunately, all of the existing SSL > implementations are bloated, buggy, and fail even the most basic > robustness requirements. A good solution would be based on tomcrypt > and would expose a minimal, simple API suited for event-loop-based or > threaded use. It may also be useful to have an optional wrapper layer > to expose an API that mimics openssl or gnutls. It should also be able > to keep up with the changing demands of how to determine which > certificate authorities are to be trusted. I am working on cryptographic library. It's far from being finished. I would be very glad, if someone could look at it. Currently I have problems with API design so help would be welcome. It isn't in git yet. You can get it here: https://dl.dropboxusercontent.com/u/83450675/kripto/kripto.tar.gz I have plans for SSL library on top of it, but it could take years. I think best way is not to trust any certificate authority. Maybe some certificate p2p protocol could be done? > All of these libraries should: > > - Avoid namespace pollution. Only external symbols should be the > public API and internal-use stuff prefixed with an ugly prefix > that's extremely unlikely to clash with anything. All external symbols have "kripto_" prefix. > - Avoid unnecessary allocation. Use caller-provided objects where > possible or provide both options. I am trying to do least malloc()s possible. > - Have absolutely zero global state. There is no global state and there won't be any. Gregor