Crypto overhaul

Ben Laurie ben at links.org
Fri Oct 27 10:00:06 UTC 2017


On 27 October 2017 at 01:29, Eric McCorkle <eric at metricspace.net> wrote:
> I was going to wait a bit to discuss this, but it's very pertinent to
> the trust infrastructure I described earlier this week.
>
> There was a good bit of discussion at vBSDCon about a possible crypto
> overhaul.  This is my understanding of the current situation:
>
> * Userland crypto support is provided by OpenSSL, of course.  My sense
> is that there's a general dissatisfaction with OpenSSL, but that there's
> a nontrivial effort required to liberate userland from it.
>
> * The kernel has sort of two crypto APIs: crypto and opencrypto.  The
> design of these APIs seems to be something of older hardware crypto
> architectures and export restrictions.  This is difficult to extract
> from the kernel (and say, embed into the boot loader).
>
> * BIOS geli pulled the AES implementation out of opencrypto.  This was
> due in a large part to the size restrictions on BIOS loaders.
>
> * As a bridge measure, I've introduced boot_crypto into the EFI loader,
> in order to support GELI.
>
> At vBSDcon, there seemed to be a consensus that this situation is too
> fragmented.  Moreover, it makes life difficult for anyone (like me) who
> wants to do crypto-related projects.
>
>
> A couple of options were discussed at vBSDcon.  The two that seemed to
> come to the forefront were BearSSL and LibreSSL.  There seem to be some
> advantages and disadvantages both ways:
>
> * LibreSSL is mature software with staff and support from another BSD
> (OpenBSD), they've done some really good work, and have a definite
> long-term roadmap.  I'm not sure to what extent it could be easily
> embedded into a kernel and bootloader, though.

Have you considered BoringSSL?

> * BearSSL's design seemingly lends itself to acting as a userland,
> kernel, and bootloader library.  On the other hand, it's new (which
> means it will need to be reviewed by crypto experts and thoroughly
> tested), and has one developer at this point.

OpenSSL includes (and is used for) lots of crypto that is not used in
SSL - since BearSSL targets SSL/TLS only, it can't, presumably, be
used to replace all uses of OpenSSL.

>
>
> I think it's worth discussing and investigating these options further at
> this point.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"


More information about the freebsd-arch mailing list