couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Anderson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COUCHDB-625) Pure Erlang alternative to crypto library
Date Wed, 20 Jan 2010 18:20:56 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12802919#action_12802919
] 

Chris Anderson commented on COUCHDB-625:
----------------------------------------

It looks like the consensus is that it's OK to use this code.

http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201001.mbox/%3c3d4032301001200405i3c5dde7fve4a13247e6b061ad@mail.gmail.com%3e

With that out of the way, we should see if there are any technical concerns before we start
importing this into the codebase.

I think the module is small enough to avoid needing an explicit code grant: http://www.apache.org/licenses/software-grant.txt

Question for other committers: should we import this as couch_crypto.erl or should it treated
as it's own library and get a directory inside src?

> Pure Erlang alternative to crypto library
> -----------------------------------------
>
>                 Key: COUCHDB-625
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-625
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Infrastructure
>            Reporter: Jonathan D. Knezek
>            Assignee: Chris Anderson
>            Priority: Minor
>         Attachments: ccrypto.erl, ccrypto.erl
>
>
> On some platforms (in my case a SheevaPlug running on armv5te) it may be difficult or
impossible to obtain a version of Erlang built with support for the crypto standard library.
 I grepped the CouchDB source and have attempted to reproduce the used crypto calls in pure
Erlang.
> I have reproduced the start/0, rand_uniform/2, rand_bytes/1, sha/1, and sha_mac/2 functions,
along with test_sha/1 and test_sha_mac/1 functions to validate the pure Erlang results against
the crypto library's results.  The public non-test functions attempt to first call into crypto
if available, as it is the preferred implementation.
> As I'm not familiar with the build system, app system, etc. of Erlang I am only attaching
the library implementation.  I'm sure more work would be required to fully integrate it into
CouchDB if accepted.
> As far as licensing goes, SHA1 is defined in NIST FIPS 180-2 (http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf),
and according to the IETF, the patent covering the algorithm has been made royalty-free (https://datatracker.ietf.org/ipr/858).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message