[PATCH] Use Intel AES instruction set if it exists.
Andrew Bartlett
abartlet at samba.org
Fri Sep 1 10:06:46 UTC 2017
On Fri, 2017-09-01 at 11:48 +0200, Andreas Schneider via samba-
technical wrote:
> On Friday, 1 September 2017 11:30:04 CEST Andrew Bartlett wrote:
> > On Fri, 2017-09-01 at 08:49 +0200, Andreas Schneider via samba-
> >
> > technical wrote:
> > >
> > > So please before pushing this, look at libnettle! We have a file:
> > >
> > > lib/crypto/REQUIREMENTS
> > >
> > > which has a summary what we need and crypto libraries provide!
> > >
> > >
> > >
> > > Please see that as a NAK till you looked into libnettle and can convince
> > > me
> > > that doing our own crypto is better. We aren't cryptographers and we
> > > should
> > > not maintain a crypto library.
> >
> > Andreas,
> >
> > I said much the same to Jeremy when he mentioned this to me long ago in
> > our occasional phone calls.
> >
> > As such, I strong agree, and would like to move us further towards
> > using GnuTLS for as much of our crypto as possible. I understand the
> > argument about 'working patches trump', but still don't want to be
> > maintaining more crypto code.
>
> I think for SMB it is is better to use nettle directly. GnuTLS does memory
> allocations where nettle doesn't need them. gnutls_hash_init() for example.
Sure. I don't know how others feel about a mandatory dependency, but I
think we should work to get out of the crypto business, even if it
makes us a little harder to install on some systems.
We could go third_party if we have to, but if Linux is well covered we
should be able to avoid that.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list