[gnutls-help] hashing in older versions

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jan 8 05:25:06 CET 2016

On Thu 2016-01-07 08:40:03 -0800, Jeremy Harris wrote:
> I want a sha256/sha1 hash, which can be built
> incrementally (we don't want to slurp an entire
> mail body, which might be tens of MB) so can't use gnutls_fingerprint().
>  gnutls_hash() &c were only
> introduced as supported routines in 2.10.0 and
> RHEL6.5 - age systems are back with 2.8.5,
> but the Exim project still wishes to support them.

You're looking for a crypto primitive -- gnutls is a TLS implementation.

Modern versions of GnuTLS rely on the nettle library for crypto

nettle contains an entirely reasonable Initialize/Update/Finish (IUF)
framework for hash functions.

Earlier versions of GnuTLS relied on the gcrypt library for crypto
primitives, so libgcrypt is another option.  If you don't want to add
new dependencies to a project that already relies on GnuTLS, you should
probably choose the lower-level crypto library that your version of
GnuTLS uses.



More information about the Gnutls-help mailing list