Samba and a crypto library

Andreas Schneider asn at
Wed Nov 18 07:03:31 UTC 2015

On Tuesday 17 November 2015 18:02:33 Andreas Schneider wrote:
> Hello,
> I'm currently working on migrating our MS-BRKP implementation to GnuTLS to
> get rid of the Heimdal dependency for MIT Kerberos support. I've already
> migrated everthing which is certificate related to GnuTLS. However there
> are SHA and HMAC functions which are still used from Heimdal.
> To do this I would like to add a depenency to a crypto library. As we are
> already using GnuTLS for some parts of the could, I would like to use GNU
> Nettle for the low level crypto stuff. GnuTLS depends on libnettle for the
> low level crypto.
> The license is LGPLv3, GPLv2 and GPLv3.
> The crypto operations are mostly written in assembler and also use cpu
> optimized versions like aesni.
> It is really up to date and implement state of the art crypto like chacha-
> poly1305, Curve25519 etc. The development seems active and healthy.
> If we agree I would also suggset not only to use it for MS-BRKP but also
> replace lib/crypto in future.

Ok, then I will go ahead. I guess people will start to discuss and complain as 
soon as I remove lib/crypto ;)

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list