Remove more crypto (sha256, sha512, hmac-sha256) (was: Re: [PATCH] Remove lib/crypto/crc32.[ch])
Andrew Bartlett
abartlet at samba.org
Wed Oct 10 08:33:14 UTC 2018
On Wed, 2018-10-10 at 10:09 +0200, Andreas Schneider via samba-
technical wrote:
> On Tuesday, 9 October 2018 21:08:44 CEST Volker Lendecke via samba-technical
> wrote:
> > Hi!
> >
> > Metze tells me that we have libz always available, and that contains a
> > crc32 implementation. Use that. I've written a small test comparing
> > the result of both implementations, and it was the same.
> >
> > Review appreciated!
>
> Thanks for the cleanup that helps me in my crypto efforts :-)
>
Thinking about how we could remove other files from lib/crypto could we
move our use of
- HMAC-SHA256
- SMB2 < 2.24 SMB signing
- SMB2 Key derivation
# GNUTLS (>= 3.0.0)
# NETTLE
SHA256
- Security Descriptor hash for vfs_acl_xattr
- oLschema2ldif
# GNUTLS (>= 3.0.0)
# NETTLE
SHA512
- SMB2 Pre-auth integrity verification
- BackupKey ClientWrap
# GNUTLS (>= 3.0.0)
# NETTLE
over to GnuTLS and require that?
https://www.gnutls.org/manual/html_node/Hash-and-MAC-functions.html
This would seem to avoid the issues of needing accelerated AES at one
end and the 'banned by FIPS but needed' at the other.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list