[OpenAFS-devel] A crypto layer for OpenAFS

[Simon Wilkinson]

There are a number of pending projects which require OpenAFS to have  
better crypto support, particularly within its kernel module. Whilst  
on some platforms we may be able to take advantage of native kernel  
implementations, on others suitable alogrithms are not available, and  
on some, even if code is available, we are prevented from using it by  
a license wall.

So, we pretty much need our own implementation of the common crypto  
algorithms. It would also be nice if someone else would look after  
them for us, so we aren't responsible for even more code. Sadly, as we  
need this in kernel, we can't just use a library. However, Heimdal  
does have a nice crypto subsystem - hcrypto, which can be compiled for  
in kernel use.

Assuming we go with hcrypto, the issue becomes one of source code  
management. Sadly, we can't use git submodules for this, because doing  
so would require pulling in the whole Heimdal tree to compile OpenAFS.

What I'd like to propose is that we pull in release version of hcrypto  
into src/thirdparty/hcrypto. The only commits that would be permitted  
into this portion of the tree are ones which take hcrypto from a later  
Heimdal release, and update our local copy. That is, any native  
modifications we require to hcrypto would have to be made upstream.

Comments?

Simon.