<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [GTK][EFL] CryptoDigest implementation depends on GnuTLS with LGPLv3+/GPLv2+ deps"
href="https://bugs.webkit.org/show_bug.cgi?id=162913#c4">Comment # 4</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [GTK][EFL] CryptoDigest implementation depends on GnuTLS with LGPLv3+/GPLv2+ deps"
href="https://bugs.webkit.org/show_bug.cgi?id=162913">bug 162913</a>
from <span class="vcard"><a class="email" href="mailto:clopez@igalia.com" title="Carlos Alberto Lopez Perez <clopez@igalia.com>"> <span class="fn">Carlos Alberto Lopez Perez</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=162913#c3">comment #3</a>)
<span class="quote">> Note that we seem to agree that libgcrypt is the best option if we add a new
> dependency.
>
> However, Zan notes that WTF has its own implementation of SHA-1, and we
> could probably roll our own SHA-2 as well, which together would be
> sufficient to replace all GnuTLS functionality used by CryptoDigest. This
> would probably be ideal.
> </span >
Here are c++ public-domain implementations of sha-2 <a href="https://github.com/kalven/sha-2">https://github.com/kalven/sha-2</a>
Avoid adding an extra dependency will be my preferred option. Specially if is only for something as simple as computing sha1/sha2 hashes.
Perhaps the SubtleCrypto code can be replace with a libgcrypt implementation.
And then the code for CSP code can use the hash functions from SubtleCrypto if this was selected at build time. Otherwise it can fall back to our simple/non-optimized internal implementations of sha-1/sha-2.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>