Crypto lib
Zhanna Tsitkova
tsitkova at MIT.EDU
Wed Jun 10 11:09:31 EDT 2009
Hello!
This msg is a proposal for the crypto directory modification. It is
the fact that many of MIT KRB consumers are replacing our crypto
library with their own implementations. To simplify this transition we
propose the following:
1. Divide crypto library into two directories:
- "krb" - Kerberos specific functionality. Provides front-end
into crypto routines.
Files: checksum, dk, aead, enc_provider,
hash_provider, keyhash_provider, nfold, key ops, etype ops, prf, raw,
crc32, old
- "commom-mit" - MIT implementations. Provides back-end of the
crypto routines. Files: md*, des*, aes, hmac,prng, yarrow,sha1, pbkdf2
2. Add a new directory "common-openssl" to hold OpenSSL crypto
implementation. It is our understanding that many vendors either are
using OSSL directly, or having their native libs "ported" to OSSL,
i.e. fed OSSL API's with own cryptography. Simplifies FIPS approval as
OSSL is FIPS certified.
3. Potentially we can accept additional adaptations of krb crypto lib
("common-bsafe" ?).
4. Build process will be controlled on the configure level
Thanks,
Zhanna
More information about the krbdev
mailing list