Getting Samba out of crypto
Jeremy Allison
jra at samba.org
Fri Feb 23 00:41:19 UTC 2018
On Thu, Feb 22, 2018 at 04:36:40PM +0100, Stefan Metzmacher via samba-technical wrote:
>
> Please find a patch that replaces our nettle usage with using the samba
> implementation.
>
> I first just replaced the decrypt function and checked that
> make -j test TESTS="samba4.dsdb.samdb.ldb_modules.encryed_secrets"
> still worked.
> ...
> If there's no good alternative, it might be fine, e.g. I think we should
> not try to implement SSL/TLS on our own.
>
> But if we already have the alternative internally, we can easily avoid
> such frustration for our users.
>
> Please review and push:-)
Went through this one really carefully, including looking
inside the nettle source code to make sure it's doing the
same thing :-).
Great work Metze - thanks for reducing our direct dependencies.
One more step towards getting us out of the crypto business
altogether, which I'm heartily looking forward to :-).
Reviewed-by: Jeremy Allison <jra at samba.org>
Cheers,
Jeremy.
More information about the samba-technical
mailing list