Getting Samba out of crypto

Jeremy Allison jra at
Fri Feb 23 00:41:19 UTC 2018

On Thu, Feb 22, 2018 at 04:36:40PM +0100, Stefan Metzmacher via samba-technical wrote:
> Please find a patch that replaces our nettle usage with using the samba
> implementation.
> I first just replaced the decrypt function and checked that
> make -j test TESTS="samba4.dsdb.samdb.ldb_modules.encryed_secrets"
> still worked.
>  ...
> If there's no good alternative, it might be fine, e.g. I think we should
> not try to implement SSL/TLS on our own.
> But if we already have the alternative internally, we can easily avoid
> such frustration for our users.
> Please review and push:-)

Went through this one really carefully, including looking
inside the nettle source code to make sure it's doing the
same thing :-).

Great work Metze - thanks for reducing our direct dependencies.

One more step towards getting us out of the crypto business
altogether, which I'm heartily looking forward to :-).

Reviewed-by: Jeremy Allison <jra at>



More information about the samba-technical mailing list