[Opendnssec-develop] ldns, openssl and NSEC3 hashes
Jakob Schlyter
jakob at kirei.se
Fri May 22 12:21:22 UTC 2009
On 22 maj 2009, at 14.06, Jelte Jansen wrote:
> I think we have 3 options here:
> - - Just set up the context whenever anything cryptoey is needed
> (i've just done
> one example for this in the sorter)
yuck.
> - - Simply allow the dependency on OpenSSL for digests and let ldns
> handle them
please no.
> - - Do them 'ourselves' (for instance through a c-wrapper for botan,
> on which we
> have a dependency already), perhaps as an addition to libhsm)
why not implement sha and friends directly in LDNS and get rid of
OpenSSL for this case?
many operating systems has native SHA1(3) and for SHA2 you can use:
http://www.ouah.org/ogay/sha2/
http://www.aarongifford.com/computers/sha.html?sid=ef6t2k6ra202lqfn48vomkptjbhanoun
or some other fast free (BSD-licensed) SHA2 implementation and just
add that code to LDNS directly.
or we'll put this in libhsm, but it seems wrong to do this there as it
isn't hsm-stuff. but we can add it as a non-context-based utility
function I'll guess. but I'd prefer LDNS if possible - feels better.
jakob
More information about the Opendnssec-develop
mailing list