From owner-freebsd-arch@FreeBSD.ORG Fri Dec 10 04:59:12 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24A3116A4CE for ; Fri, 10 Dec 2004 04:59:12 +0000 (GMT) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6933243D58 for ; Fri, 10 Dec 2004 04:59:11 +0000 (GMT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd2mr4so.prod.shaw.ca (pd2mr4so-qfe3.prod.shaw.ca [10.0.141.107]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0I8H006SOPTKU110@l-daemon> for freebsd-arch@freebsd.org; Thu, 09 Dec 2004 21:58:32 -0700 (MST) Received: from pn2ml8so.prod.shaw.ca ([10.0.121.152]) by pd2mr4so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0I8H00DUFPTHXE60@pd2mr4so.prod.shaw.ca> for freebsd-arch@freebsd.org; Thu, 09 Dec 2004 21:58:29 -0700 (MST) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.233.42]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0I8H00C4QPTG7A@l-daemon> for freebsd-arch@freebsd.org; Thu, 09 Dec 2004 21:58:29 -0700 (MST) Date: Thu, 09 Dec 2004 20:58:27 -0800 From: Colin Percival To: freebsd-arch@freebsd.org Message-id: <41B92CF3.2090302@wadham.ox.ac.uk> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.86.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime User-Agent: Mozilla Thunderbird 0.9 (X11/20041107) Subject: Adding standalone RSA code X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2004 04:59:12 -0000 I'd like to add a new library for lightweight barebones RSA computations, and associated commandline rsa-makekey, rsa-sign, and rsa-verify utilities. To a certain extent, this duplicates existing functionality (openssl), but I think my code has important advantages which justify the duplication: 1. It is lightweight (around 2% of the size of openssl), which may allow it to be used in memory-limited environments, 2. It is far more auditable, due to its smaller size, and 3. It is designed for security rather than performance; I made certain design decisions which result in my code being rather slower than openssl as a result of a desire to avoid potential attack vectors. My reason for wanting to add this code is that I'm using it in FreeBSD Update (and recently portsnap as well) and this is the first step towards migrating that into the base system. Any objections? Colin Percival