[RFC] Using system libraries for crypto in samba

Björn JACKE bj at SerNet.DE
Mon Jun 1 03:07:26 MDT 2015


On 2015-05-30 at 23:16 -0400 Simo sent off:
> Beyond the CCM oddities, one other thing that stands out is that current
> samba code uses in place encryption while these libraries always assume
> separate (but still statically-allocated buffers).
> At least for GCM I do not think this would be a huge problem, but I'd
> like your opinions before I put any other effort into this.

we should consider that CCM support is quite new in nettle and it will take
long time till we'll see it in stable distos. And does nettle's CCM support
also using HW crypto support btw?

Other libs that would be worth taking a closer look at: mbed TLS (previously
PolarSSL) and wolfCrypt. The wolf people already offered to support
implementation work in Samba. They have a big range of HW crypto support also.

Björn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150601/b5f350f5/attachment.pgp>


More information about the samba-technical mailing list