Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Apr 2013 08:43:25 +0200
From: Gregor Pintar <>
Subject: Re: High-priority library replacements?


2013/4/25, Rich Felker <>:
> 2. SSL. The modern internet basically requires using SSL everywhere.
> We should be aiming/expecting to transition to a world where even
> non-login-based sites are 100% https; the threats of malicious http
> injection attacks from rogue or advertising-based access points has
> gotten too great. Unfortunately, all of the existing SSL
> implementations are bloated, buggy, and fail even the most basic
> robustness requirements. A good solution would be based on tomcrypt
> and would expose a minimal, simple API suited for event-loop-based or
> threaded use. It may also be useful to have an optional wrapper layer
> to expose an API that mimics openssl or gnutls. It should also be able
> to keep up with the changing demands of how to determine which
> certificate authorities are to be trusted.
I am working on cryptographic library. It's far from being finished.
I would be very glad, if someone could look at it.
Currently I have problems with API design so help would be welcome.
It isn't in git yet.
You can get it here:
I have plans for SSL library on top of it, but it could take years.

I think best way is not to trust any certificate authority.
Maybe some certificate p2p protocol could be done?

> All of these libraries should:
> - Avoid namespace pollution. Only external symbols should be the
>   public API and internal-use stuff prefixed with an ugly prefix
>   that's extremely unlikely to clash with anything.
All external symbols have "kripto_" prefix.

> - Avoid unnecessary allocation. Use caller-provided objects where
>   possible or provide both options.
I am trying to do least malloc()s possible.

> - Have absolutely zero global state.
There is no global state and there won't be any.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.