Samba and a crypto library
Andreas Schneider
asn at samba.org
Wed Nov 18 07:03:31 UTC 2015
On Tuesday 17 November 2015 18:02:33 Andreas Schneider wrote:
> Hello,
>
> I'm currently working on migrating our MS-BRKP implementation to GnuTLS to
> get rid of the Heimdal dependency for MIT Kerberos support. I've already
> migrated everthing which is certificate related to GnuTLS. However there
> are SHA and HMAC functions which are still used from Heimdal.
>
> To do this I would like to add a depenency to a crypto library. As we are
> already using GnuTLS for some parts of the could, I would like to use GNU
> Nettle for the low level crypto stuff. GnuTLS depends on libnettle for the
> low level crypto.
>
> https://www.lysator.liu.se/~nisse/nettle/nettle.html
>
> https://git.lysator.liu.se/nettle/nettle
>
> The license is LGPLv3, GPLv2 and GPLv3.
>
> The crypto operations are mostly written in assembler and also use cpu
> optimized versions like aesni.
>
> It is really up to date and implement state of the art crypto like chacha-
> poly1305, Curve25519 etc. The development seems active and healthy.
>
> If we agree I would also suggset not only to use it for MS-BRKP but also
> replace lib/crypto in future.
>
Ok, then I will go ahead. I guess people will start to discuss and complain as
soon as I remove lib/crypto ;)
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list