[RFC] Using system libraries for crypto in samba

Simo simo at samba.org
Mon Jun 1 07:35:40 MDT 2015


On Mon, 2015-06-01 at 11:07 +0200, Björn JACKE wrote:
> On 2015-05-30 at 23:16 -0400 Simo sent off:
> > Beyond the CCM oddities, one other thing that stands out is that current
> > samba code uses in place encryption while these libraries always assume
> > separate (but still statically-allocated buffers).
> > At least for GCM I do not think this would be a huge problem, but I'd
> > like your opinions before I put any other effort into this.
> 
> we should consider that CCM support is quite new in nettle and it will take
> long time till we'll see it in stable distos. And does nettle's CCM support
> also using HW crypto support btw?
> 
> Other libs that would be worth taking a closer look at: mbed TLS (previously
> PolarSSL) and wolfCrypt. The wolf people already offered to support
> implementation work in Samba. They have a big range of HW crypto support also.

As I wrote in the commit message, other libraries may be supported, the
point is to come up with an abstract interface that can work with
underlying libraries.
Of course whether we want to include code for other libraries depends on
various factors including testing (given we want to give compile only
options it would require multiple builds but we can simply do with test
vectors for that).

Simo.

-- 
Simo Sorce



More information about the samba-technical mailing list