Getting Samba out of crypto (was: Re: [PATCH] Update to the Samba crypto requirements document)

Andreas Schneider asn at
Wed Feb 21 07:08:03 UTC 2018

On Wednesday, 21 February 2018 03:46:07 CET Andrew Bartlett wrote:
> On Wed, 2018-01-03 at 11:36 +0100, Andreas Schneider via samba-
> technical wrote:
> > Hi,
> > 
> > I've had a call with Nikos (GnuTLS maintainer) and we updated the
> > REQUIREMENTS document.
> > 
> > We've opened bugs to support missing crypto algorithms we require in
> > GnuTLS
> > and nettle. The plan is to move to GnuTLS one day to get out of the crypto
> > business and have more hardware accelerated crypto in Samba.
> Picking this part of the thread back up, I would really like to get
> Samba out of the crypto game.  Even when copied from a 'safe' source
> (and while we trust it, if you were an auditor would you say Heimdal
> really the most well-respected source?), each one of these libraries
> needs careful checking.
> Others feel the same way.  I've been slowly trying to get Samba the
> 'CII Best Practices' badge:
> There, one criteria is:
> doc/
> > If the software produced by the project is an application or library,
> > and its primary purpose is not to implement cryptography, then it SHOULD
> > 
> >  only call on software specifically designed to implement cryptographic
> > 
> > functions; it SHOULD NOT re-implement its own. (N/A allowed.)
> > [crypto_call]
> Similarly, I've been asked to explain our in-tree crypto for a client,
> resulting in this page:
> -raw-crypto-implemented
> I came back to this because the shamozzle in the encrypted_secrets
> module was raised in
> As background, the choice of dependency there on either nettle or
> GnuTLS came about because the project started with GnuTLS, but then it
> was discovered later that RHEL6 (an important target platform) didn't
> offer the AEAD modes we wanted to use.
> Sadly the in-tree option was missed.  (However while helpful in this
> instance the duplicate bindings isn't a pattern I would like to see
> repeated often.)
> So, I would like to know what the remaining technical/political
> barriers to getting out of the crypto game really are:
> * Are we willing in principle to require users install a crypto library
> like libnettle?

We should use GnuTLS and not libnettle as we want hardware-backed crypto. 
GnuTLS uses libnettle for a lot of crypto but not all.

See the updated REQUIREMENTS file here:;a=blob;f=lib/crypto/

And especially:

Recently GnuTLS got:

which we need to activate RC4 etc for backwards compatibility in FIPS mode.

What is missing in nettle/gnutls is AES-CMAC support, Nikos asked for 
permission to use the Samba source code and ported it to nettle which will be 
merged soon. See:

> * Alternately (if anything) are we willing to disable for users who
> "can't/won't" install it?  

We should keep the old crypto around for some time and use GnuTLS if 
> (I'm very comfortable with the AD DC requiring external crypto libs as
> long as it is installable somehow on RHEL 6).

RHEL6 will have it's last release soon and till we have GnuTLS as our crypto 
rolled out, it is probably unsupported.


Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list