On Tue, May 22, 2007 at 09:01:24PM +0900, Stephen J. Turnbull wrote:
> u+codalist-p4pg_at_chalmers.se writes:
> 
>  > Neither is OpenSSL the only source of decent cryptographic
>  > routines [...].  I would instead remove the dependency on OpenSSL.
> 
> Changing the license to allow use of better (open source) crypto tools
> is a real bargain, IMO.
> 
> The question is, are those other tools as good as OpenSSL?  That I'm
> not competent to judge.

As I said earlier in this thread, we only use md5 and sha1 and we
already include the reference implementation for both in lib-src/base.
Dropping the dependency is really not a problem.

So linking against another library (such as openssl, gnutls, matrixssl,
nettle) is only useful if they happen to provide an assembly optimized
implementation. I really haven't checked if any of them do and probably
at that time openssl pretty much was the only candidate.

RPC2 uses AES and includes the public domain reference implementation,
so it doesn't depend on any external libraries. What is more interesting
there is that I included (a subset of) the official testvectors from the
RFC. If anyone replaces AES with a better implementation, those
testvectors should catch problems whenever RPC2 is initialized.

Jan