From owner-freebsd-arch@freebsd.org Sun Oct 29 15:18:00 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CE3AE40E8F; Sun, 29 Oct 2017 15:18:00 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 00BC6810D6; Sun, 29 Oct 2017 15:17:59 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 4A18018C4; Sun, 29 Oct 2017 15:17:59 +0000 (UTC) Subject: Re: Crypto overhaul To: bf1783@gmail.com, Poul-Henning Kamp Cc: Benjamin Kaduk , "freebsd-arch@freebsd.org" , Ben Laurie , "freebsd-hackers@freebsd.org" , "freebsd-security@freebsd.org security" References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <28039.1509260726@critter.freebsd.dk> From: Eric McCorkle Message-ID: <61210249-105c-974c-1dae-1837e5969054@metricspace.net> Date: Sun, 29 Oct 2017 11:17:58 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 15:18:00 -0000 On 10/29/2017 09:46, bf wrote: > On 10/29/17, Poul-Henning Kamp wrote: >> -------- >> In message , Eric >> McCorkl >> e writes: >>> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>>> -------- >>>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk >>>> writes: >>>> >>>>> I would say that the 1.1.x series is less bad, especially on the last >>>>> count, >>>>> but don't know how much you've looked at the differences in the new >>>>> branch. >>>> >>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>>> FreeBSD has higher ambitions. >>>> >>> >>> I'm curious about your thoughts on LibreSSL as a possible option. >> >> It retains the horrible APIs, so the potential improvement is finite. >> > > OpenBSD started the task of making OpenSSL easier to use by adding > things like libtls > > (see https://man.openbsd.org/tls_init ) > > on top of their backwards-compatible libssl. There are similar > efforts in other libraries like NaCl and its forks, such as libsodium > ( cf. https://nacl.cr.yp.to/features.html and > https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these > the kind of changes you are suggesting? I know the LibreSSL roadmap includes more plans to improve the API design to make it more usable. Overall, I think LibreSSL is the best option, though there needs to be some investigation into how easily it can be used for kernel and boot-loader purposes. Things like libsodium are too narrow in their focus, and BearSSL is too new. Plus the fact that LibreSSL originates from one of the BSDs and has its backing is a significant advantage, I think.