[Opendnssec-develop] ldns, openssl and NSEC3 hashes

Jakob Schlyter jakob at kirei.se
Fri May 22 12:21:22 UTC 2009

On 22 maj 2009, at 14.06, Jelte Jansen wrote:

> I think we have 3 options here:
> - - Just set up the context whenever anything cryptoey is needed  
> (i've just done
> one example for this in the sorter)


> - - Simply allow the dependency on OpenSSL for digests and let ldns  
> handle them

please no.

> - - Do them 'ourselves' (for instance through a c-wrapper for botan,  
> on which we
> have a dependency already), perhaps as an addition to libhsm)

why not implement sha and friends directly in LDNS and get rid of  
OpenSSL for this case?

many operating systems has native SHA1(3) and for SHA2 you can use:


or some other fast free (BSD-licensed) SHA2 implementation and just  
add that code to LDNS directly.

or we'll put this in libhsm, but it seems wrong to do this there as it  
isn't hsm-stuff. but we can add it as a non-context-based utility  
function I'll guess. but I'd prefer LDNS if possible - feels better.


More information about the Opendnssec-develop mailing list