Crypto overhaul
Eric McCorkle
eric at metricspace.net
Sat Oct 28 23:31:07 UTC 2017
On 10/27/2017 09:46, John Hein wrote:
> What's the overhaul goal here? There's basic crypto libraries with
> symmetric & assymmetric crypto & hashing (e.g., NaCL, libsodium,
> openssl's libcrypto). There's libraries that add support for SSL/TLS
> & X.509 certificates and such. There's stuff to support using
> crypto hardware (accelerators, secure crypto token storage devices).
>
> And is the thought to [eventually] replace openssl in base with
> something lighter perhaps?
>
> I assume we're looking for bsd, isc, mit, etc., style licenses only.
>
Sorry for being slow to reply.
There's a couple of goals that seem to be in common here (and which I've
seen reflected in the comments to my original posting.
* Dissatisfaction with the OpenSSL codebase and its history of
vulnerabilities.
* Desire to consolidate the crypto implementations, specifically, for a
crypto library that can serve userland, kernel, and bootloaders.
* In my case, the trust framework stuff I wrote about requires
public-key crypto in the kernel and loader, which isn't something the
kernel crypto framework can do.
* It's also harder to add new ciphers when there's multiple crypto
codebases.
More information about the freebsd-security
mailing list