There are a number of pending projects which require OpenAFS to have
better crypto support, particularly within its kernel module. Whilst
on some platforms we may be able to take advantage of native kernel
implementations, on others suitable alogrithms are not available, and
on some, even if code is available, we are prevented from using it by
a license wall.
So, we pretty much need our own implementation of the common crypto
algorithms. It would also be nice if someone else would look after
them for us, so we aren't responsible for even more code. Sadly, as we
need this in kernel, we can't just use a library. However, Heimdal
does have a nice crypto subsystem - hcrypto, which can be compiled for
in kernel use.
Assuming we go with hcrypto, the issue becomes one of source code
management. Sadly, we can't use git submodules for this, because doing
so would require pulling in the whole Heimdal tree to compile OpenAFS.
What I'd like to propose is that we pull in release version of hcrypto
into src/thirdparty/hcrypto. The only commits that would be permitted
into this portion of the tree are ones which take hcrypto from a later
Heimdal release, and update our local copy. That is, any native
modifications we require to hcrypto would have to be made upstream.
Comments?
Simon.
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
