Crypto lib

Zhanna Tsitkova tsitkova at MIT.EDU
Wed Jun 10 11:09:31 EDT 2009

This msg is a proposal for the crypto directory modification. It is  
the fact that many of MIT KRB consumers are replacing our crypto  
library with their own implementations. To simplify this transition we  
propose the following:
1. Divide crypto library into two directories:
      - "krb" -  Kerberos specific functionality. Provides front-end  
into crypto routines.
                     Files: checksum, dk, aead, enc_provider,  
hash_provider, keyhash_provider, nfold, key ops, etype ops, prf, raw,  
crc32, old
      -  "commom-mit" - MIT implementations. Provides back-end of the   
crypto routines. Files:  md*, des*, aes, hmac,prng, yarrow,sha1, pbkdf2
2. Add a new directory "common-openssl" to hold OpenSSL crypto  
implementation. It is our understanding that many vendors either are  
using  OSSL directly, or having their native libs "ported" to OSSL,  
i.e. fed OSSL API's with own cryptography. Simplifies FIPS approval as  
OSSL is FIPS certified.
3. Potentially we can accept  additional adaptations of krb crypto lib  
("common-bsafe" ?).
4. Build process will be controlled on the configure level


More information about the krbdev mailing list