Samba and a crypto library

Andreas Schneider asn at
Tue Nov 17 17:02:33 UTC 2015


I'm currently working on migrating our MS-BRKP implementation to GnuTLS to get 
rid of the Heimdal dependency for MIT Kerberos support. I've already migrated 
everthing which is certificate related to GnuTLS. However there are SHA and 
HMAC functions which are still used from Heimdal.

To do this I would like to add a depenency to a crypto library. As we are 
already using GnuTLS for some parts of the could, I would like to use GNU 
Nettle for the low level crypto stuff. GnuTLS depends on libnettle for the low 
level crypto.

The license is LGPLv3, GPLv2 and GPLv3.

The crypto operations are mostly written in assembler and also use cpu 
optimized versions like aesni.

It is really up to date and implement state of the art crypto like chacha-
poly1305, Curve25519 etc. The development seems active and healthy.

If we agree I would also suggset not only to use it for MS-BRKP but also 
replace lib/crypto in future.


	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list