other crypto apis
Guus Sliepen
guus at tinc-vpn.org
Sun Sep 2 16:06:13 CEST 2007
On Sun, Sep 02, 2007 at 03:25:44PM +0200, Lorenz Schori wrote:
> I'd like to make tincd work with other crypto apis than openssl/libcrypt.
> I've learned from the subversion repository that an effort was started to
> port it to gnu-tls. I for myself would like to get tincd linking against
> xyssl (1) because it is very lightweight and thus an adequate option on
> devices with little memory and disk/flash space, i.e. embedded systems. Now
> i'm browsing the sourcecode from 1.1 branch and i'm tempted to isolate
> everything which is looking like crypto stuff to a separate file and
> defining some wrapper functions resulting in an abstraction layer.
>
> From 2.0 README i learn that openssl should be dropped in favour of gnutls
> and gnucrypt. I think this might be a good chance to modularize this part
> of tinc, so poeple/distributors may choose from different crypto/auth
> backends.
>
> Now my two questions:
> - Is it worth investing a great effort into tinc 1.1 and create some
> abstraction layer?
Yes, but most of the abstraction is already done. Just make a new
directory src/xyssl/, and copy the files from src/gcrypt/. Then you just
need to change those files to use xyssl instead of libgcrypt. The
function declarations in the header files must be the same, but you can
change the structures (rsa_t and digest_t).
> - Any chances to get something like this into 2.0? Is this branch already
> in active development or is it a still stub?
2.0 was supposed to be a complete reimplementation. However, it was
decided that it would be better to work towards 2.0 with small changes.
The 1.1 branch will be compatible with 1.0, but with as many 2.0 ideas
without breaking that compatibility. Once 1.1 is finished we will move
on to 2.0. For now, 1.1 is in active development, and 2.0 is indeed a
stub.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20070902/2102fa28/attachment.pgp
More information about the tinc-devel
mailing list