BIND 10 #782: Implement cryptographic API using Botan

BIND 10 Development do-not-reply at isc.org
Wed May 11 09:27:43 UTC 2011 

#782: Implement cryptographic API using Botan
-------------------------------------+-------------------------------------
                   Reporter:         |                 Owner:  hanfeng
  stephen                            |                Status:  reviewing
                       Type:         |             Milestone:
  enhancement                        |  Sprint-20110517
                   Priority:  major  |            Resolution:
                  Component:         |             Sensitive:  0
  Unclassified                       |           Sub-Project:  DNS
                   Keywords:         |  Estimated Difficulty:  3.0
            Defect Severity:  N/A    |           Total Hours:  0
Feature Depending on Ticket:  tsig   |
        Add Hours to Ticket:  0      |
                  Internal?:  0      |
-------------------------------------+-------------------------------------

Comment (by hanfeng):

 Replying to [comment:10 vorner]:
 > Hello
 >
 > I have some comments:
 > The use of macros is generally avoided inside the Bind 10 code. And as
 the standard guarantees that size of uint8_t is 1, you could directly use
 sizeof instead of the macro, which is IMO cleaner.
 For macro #define C_ARRAY_LEN(array) (sizeof(array)/sizeof(array[0]))
 which used to calculate the
 c array length, I don't know what't wrong with it. Macro does have some
 problem, but it can save a lot
 of code without decrease the readability, and in test code i think it's
 ok. Since by default all the
 secret is uint_8 array, I will just use sizeof.


 >  * The test function is rather long and it tests 3 different algorithms.
 If one of them failed, we wouldn't know which one of them it is. May I
 suggest splitting the test into 3?
 I have split it into three and do some macro thing to make the code as
 short as possible.

 >  * This is not comment directly to your code, but the UNKNOWN_HASH
 constant is the next number, which gets increased every time a new
 algorithm is added. But let's assume there was an older ...
 If you are talking about the so/dll lib compatibility, it always has some
 kind of problem if you link wrong library, except all the classes we
 exposed all use the "impl" idom. And Actually I don't know the reason why
 we need specify the number for the algorithm since they are different from
 the number in DNS protocol. And the lib user shouldn't assume any
 specified integer associated with one algorithm.

 Regards

-- 
Ticket URL: <http://bind10.isc.org/ticket/782#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list