Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Oct 2013 12:00:06 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: [Feature Request] SHA-1 HMAC

On Fri, Oct 25, 2013 at 09:36:12AM -0600, Kyle Sanderson wrote:
> Forgive my ignorance, but would it be possible to include SHA-1 HMAC into
> musl? I'm not really sure if there's a list of functionality that's
> prohibited from a libc; hopefully this is an acceptable request. I have a
> single HMAC key that I use to sign multiple hashes with. I'm using
> PolarSSL's implementation at the moment and I'd like to eliminate the
> requirement.

Hi. The conditions for something to go into libc are pretty stringent;
otherwise, it would be called libeverything. :-)

- Anything mandated by the current version of one of the relevant
  standards (ISO C or POSIX) goes in without question.

- Things with major historical precedent or presence in obsolete
  standards are pretty sure to get included unless there's a strong
  reason against inclusion.

- Modern BSD or GNU extensions that are widely used and not
  unreasonably costly to add generally get included.

It sounds like what you're asking for is the addition of a new
interface with no existing precedent, in which case, libc is really
not the appropriate place for it. However, I think you can implement
SHA-1 in just a few lines of code and include it with your project
rather than depending on large libraries. Busybox has a very light,
simple implementation you could copy; it's under GPLv2, but the code
is by Rob Landley and I imagine he would relicense it under BSD/MIT
for you if you need a less restrictive license. The original code it
was based on was public domain, so you could also just go back to
that. See libbb/hash_md5_sha.c in the Busybox source for details.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.