FYI you can take just 1 C and H file from crypt lib. You don't need it all. On Oct 20, 2015 8:42 AM, "Richard Haines" <richard_c_hai...@btinternet.com> wrote:
> > On Tuesday, 20 October 2015, 15:00, William Roberts < > bill.c.robe...@gmail.com> wrote: > > > > > > > > >On Oct 20, 2015 7:46 AM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote: > >> > >> On 10/20/2015 08:27 AM, Richard Haines wrote: > >>> > >>> > >>> > >>> > >>> > >>>> On Monday, 19 October 2015, 19:10, Stephen Smalley <s...@tycho.nsa.gov> > wrote: > >>>>> > >>>>> On 10/18/2015 11:00 AM, Richard Haines wrote: > >>>>> > >>>>> > >>>>>> On Sunday, 18 October 2015, 15:07, Dominick Grift > >>>> > >>>> <dac.overr...@gmail.com> wrote: > >>>>> > >>>>> > >>>>>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>>>> > >>>>>> Hash: SHA512 > >>>>>> > >>>>>> On Sun, Oct 18, 2015 at 12:48:12PM +0000, Richard Haines wrote: > >>>>>>> > >>>>>>> I added openssl to libselinux to support the new > >>>> > >>>> selabel_digest(3) > >>>>>>> > >>>>>>> function. > >>>>>>> > >>>>>>> I'm not aware of any issues between openssl and gnutls, > >>>> > >>>> however as > >>>>>>> > >>>>>>> > >>>>>>> selabel_digest was only added last week I guess not much > testing. > >>>>>>> Well apart from myself as I'm currently adding the > >>>> > >>>> selinux_restorecon > >>>>>>> > >>>>>>> feature that makes use of it. > >>>>>>> > >>>>>> > >>>>>> Thanks for clarifying, I am not hitting any issues with it just > >>>>>> wondering if instead of openssl, gnutls could be used for this > and if > >>>>> > >>>>> > >>>>>> so, if this should be somehow supported or not. > >>>>> > >>>>> > >>>>> I tried using gnutls after I read your initial email, however I > >>>>> could not find a way to generate the same digest as openssl > >>>>> (I changed the SHA1 function to gnutls_hmac_fast(3) with various > >>>>> algorithms and used the selabel_digest util to compare digests). > >>>>> It could be that I should use some other function but I could > >>>>> > >>>>> not find any useful info on this (including web searches). > >>>>> If anyone knows how to resolve this please let me know. > >>>>> > >>>>> I guess what is supported (openssl or gnutls) would be down to > >>>>> the maintainers. > >>>> > >>>> > >>>> Wondering if dependency on openssl might be a license issue for Debian > >>>> or others. Apparently openssl license is considered GPL-incompatible > >>>> [1] [2], and obviously libselinux is linked by a variety of > GPL-licensed > >>>> programs. Fedora seems to view this as falling under the system > library > >>>> exception [3] but not clear that other distributions would view it > that > >>>> way. On the other hand, using gnutls would be subject to the reverse > >>>> problem; it would make libselinux depend on a LGPL library, and that > >>>> could create issues for non-GPL programs that statically link > >>>> libselinux. We might need to revert this change and revisit how to > >>> > >>> > >>>> solve this in a manner that avoids such issues. > >>> > >>> > >>> > >>> Would building with the Android mincrypt SHA functions help regarding > the > >>> licensing issues ??? I've attached a quick patch that seems to work > okay > >>> using Android system/core/libmincrypt/sha.c > >> > >> > >> That looks BSD-licensed and thus broadly compatible. We would need to > amend libselinux/LICENSE to add that license information and we would need > to hide those functions from being exposed outside of the library. Other > alternative would be to look for a public domain SHA implementation and use > that. > > >> > > I've found a simple implementation at > www.ghostscript.com/doc/jbig2dec/sha1.c > > I'll try that first and if fails CryptLib will be next. > > > > > >> > >Will CryptLib work: > > >http://unlicense.org/ > > > > > > > >> > >> _______________________________________________ > >> Selinux mailing list > >> Selinux@tycho.nsa.gov > >> To unsubscribe, send email to selinux-le...@tycho.nsa.gov. > >> To get help, send an email containing "help" to > selinux-requ...@tycho.nsa.gov > >. > > > > > > >
_______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
