crypto primitives

Matej Pfajfar badbytes at
Tue Jul 23 11:46:36 UTC 2002

There's been some mention of us needing to switch to another crypto lib in 
order to be able to release the coide under GPL. Before I start messing 
with the code, could I have some feedback on the following libs if you've 
used them.

First of all, do we actually need to switch libs? As far as I can tell, 
the openssl website says that it's perfectly OK to release the code under 
GPL if it uses openssl. The only problem they mention is taking someone 
else's GPL code and adding openssl stuff to it. The argument is that 
openssl is not included as standard in all operating systems which some 
authors say violates the GPL.
But since it's our code (we haven't nicked it from anyone else!), we can 
allow ourselves to use openssl. Or did I not read through that correctly?

Roger suggested looking at the following -

gnutls - this is a TLS implementation in beta stage, which uses libgcrypt 
(see below) for the crypto primitives. So it's pretty useless in itself 
(to us I mean).

libgcrypt - this is the GnuPG crypto library, underl the GPL. Looks like 
it contains all we need, am compiling it now.

NSS - mozilla SSL implementation, seems as if it's got all we need but I 
am not sure whether it supports DES in OFB mode (or are we switching to 
block as we discussed, Roger?)

Any other suggestions would be great. Thanks!


Matej Pfajfar

GPG Public Keys @

More information about the tor-dev mailing list