aes internal vs external

Max.Suraev at
Wed Jul 9 16:22:51 UTC 2014

Hi all.

I've noticed that we got AES implementation copy-pasted from old hostapd code which
is slightly inconvenient from licensing perspective (GPLv2 vs GPLv2+ for the rest of
the code) but I'm more worried that we have security sensitive code which is probably
unmaintained for years. One can argue that AES is well-known and bug-free but I would
rather use code from library like libgcrypt ( ) which is used by many projects
and reviewed by many eyes. On the other hand having additional dependency might be
considered as way more important problem by others. Hence before attempting to port
it I'd like to know your opinion - is it worth pursuing?

best regards,

More information about the baseband-devel mailing list