From owner-freebsd-current@freebsd.org Mon Jul 11 16:48:48 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2E6CB92EF6 for ; Mon, 11 Jul 2016 16:48:48 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: from mail-lf0-f46.google.com (mail-lf0-f46.google.com [209.85.215.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 80FAD1CC8 for ; Mon, 11 Jul 2016 16:48:48 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: by mail-lf0-f46.google.com with SMTP id f93so26855771lfi.2 for ; Mon, 11 Jul 2016 09:48:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=CYVA2YsFSkLRJUbACdmTc91LJTjbebRR6nfrbMRiKoI=; b=hIe7qeahlMYtAhYFxi/f7+a1DVKUcwDYdzsT1/ep2Ypb+LZWQ5uLOhEEjaNtJEEc7d L+XHoeTL2yFoeQUzOgod2SZ8eVGysUztaAgPR5gI7aOoWh9embMb+b3CmgA6IohB/EiA pDSZ6vG0sH6Qnxcc9Og8hfx3CxjgvMmd0O+0F/J8aD4TSoXzLmKpXvYpCXGkP+A5WthC HoJ1w49hsLuALDiMpwauhCli9Wh7lA75wxXl2w2D4Fvv648cs8/UFf/rp+PWhvZHNeHA a9uwOX6Wh01knazMIbvzjAIFIWZs12vluA6oDuteFe+wdEjBmBORifPq0MXeyWiJ/HDI OH9A== X-Gm-Message-State: ALyK8tLI86F26vrLYr3ex8OiURCi54Mo6awWRtus8vC+In9Des48z0aeHqLKMaLZF3ZnDQ== X-Received: by 10.25.144.16 with SMTP id s16mr5237774lfd.8.1468255725932; Mon, 11 Jul 2016 09:48:45 -0700 (PDT) Received: from [192.168.1.2] ([89.169.173.68]) by smtp.gmail.com with ESMTPSA id 29sm766621lfu.43.2016.07.11.09.48.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Jul 2016 09:48:45 -0700 (PDT) Subject: Re: GOST in OPENSSL_BASE To: Slawa Olhovchenkov , Mark Felder References: <20160710133019.GD20831@zxy.spb.ru> <20160710150143.GK46309@zxy.spb.ru> <9ead7cd7-7d1b-2dd8-eea8-43f7766d92a9@freebsd.org> <20160711102906.GN46309@zxy.spb.ru> <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com> <20160711162902.GO46309@zxy.spb.ru> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org From: Andrey Chernov Message-ID: Date: Mon, 11 Jul 2016 19:48:44 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160711162902.GO46309@zxy.spb.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2016 16:48:49 -0000 On 11.07.2016 19:29, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: > >> >> >> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: >>> >>> I.e. GOST will be available in openssl. >>> Under BSD-like license. >>> Can be this engine import in base system and enabled at time 1.1.0? >>> And can be GOST enabled now? >>> >> >> I think the wrong question is being asked here. Instead we need to focus >> on decoupling openssl from base so this can all be handled by ports. > > This is wrong direction with current policy. > ports: unsupported by FreeBSD core and securite team, no guaranted to comaptible > between options and applications. > > base: supported by FreeBSD core and securite team, covered by CI, > checked for forward and backward API and ABI compatibility. > Ports are supported by secteam, and recently I notice "headsup" mail with intention to make base openssl private and switch all ports to security/openssl port. Adding of GOST as 3rd party plugin is technically possible in both (base, ports) cases, the rest of decision is up to FreeBSD openssl maintainers and possible contributors efforts. I need to specially point to "patches" section of the 3rd party GOST plugin, from just viewing I don't understand, are those additional openssl patches should be applied to openssl for GOST, or they are just reflect existent changes in the openssl.