From owner-freebsd-security@freebsd.org Mon Jul 11 22:01:29 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6DB68B923A8 for ; Mon, 11 Jul 2016 22:01:29 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: from mail-lf0-f48.google.com (mail-lf0-f48.google.com [209.85.215.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EF2431A44 for ; Mon, 11 Jul 2016 22:01:28 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: by mail-lf0-f48.google.com with SMTP id q132so83215916lfe.3 for ; Mon, 11 Jul 2016 15:01:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Vn1rQHeH+UEOOCE1Pml6pfKW1p7+kaZgZCzsfVqPalY=; b=ZAr5ZZNdcjhyytzeh29PI4uMhFWzLDkc4LM0jtYwc+oq/p2xkwJT+q1z/yic1RNrQn s9tRCqJr1Iuy99vt1STIZjRXO/dR9KOB0iomoK8zTZlRhu0So2QwvZdg+MtdqfyGu4rv 9v4PwQEeBk9SYBve4NM/JoRxzHveJKdg2cW1loa40/e8ygB9+G1tb1OZGrzs4Ig0pcUY Z0v7C9KLk9xVK7+GRoRe9z5xyYHx0cAuV15O5PgSXRc2UITYK7VwMFnGEpA7Mw7++qkv bQwuyZWZ8Nl0Ey57HhOxbvp1MK9bOrT5p15xLVXnGCKxmhV6Cs2Lcn0+xOBdR/qsMTBF zSWg== X-Gm-Message-State: ALyK8tLB/UrHC2hJ6S6y4i+YFECZK7cZXxvBWFJbafok3lnjXmMDpnuO991mJ6Szh1Ngng== X-Received: by 10.25.43.202 with SMTP id r193mr5499263lfr.80.1468274486598; Mon, 11 Jul 2016 15:01:26 -0700 (PDT) Received: from [192.168.1.2] ([89.169.173.68]) by smtp.gmail.com with ESMTPSA id u77sm5049754lja.18.2016.07.11.15.01.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Jul 2016 15:01:26 -0700 (PDT) Subject: Re: GOST in OPENSSL_BASE To: Slawa Olhovchenkov References: <20160710133019.GD20831@zxy.spb.ru> <20160710150143.GK46309@zxy.spb.ru> <9ead7cd7-7d1b-2dd8-eea8-43f7766d92a9@freebsd.org> <20160711102906.GN46309@zxy.spb.ru> <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com> <20160711162902.GO46309@zxy.spb.ru> <20160711201350.GF20831@zxy.spb.ru> Cc: Mark Felder , freebsd-security@freebsd.org, freebsd-current@freebsd.org From: Andrey Chernov Message-ID: <6f8ff1e9-9358-17cb-aca5-ad3abef6b616@freebsd.org> Date: Tue, 12 Jul 2016 01:01:24 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160711201350.GF20831@zxy.spb.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2016 22:01:29 -0000 On 11.07.2016 23:13, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote: > >> On 11.07.2016 19:29, Slawa Olhovchenkov wrote: >>> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: >>> >>>> >>>> >>>> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: >>>>> >>>>> I.e. GOST will be available in openssl. >>>>> Under BSD-like license. >>>>> Can be this engine import in base system and enabled at time 1.1.0? >>>>> And can be GOST enabled now? >>>>> >>>> >>>> I think the wrong question is being asked here. Instead we need to focus >>>> on decoupling openssl from base so this can all be handled by ports. >>> >>> This is wrong direction with current policy. >>> ports: unsupported by FreeBSD core and securite team, no guaranted to comaptible >>> between options and applications. >>> >>> base: supported by FreeBSD core and securite team, covered by CI, >>> checked for forward and backward API and ABI compatibility. >>> >> >> Ports are supported by secteam, and recently I notice "headsup" mail >> with intention to make base openssl private and switch all ports to >> security/openssl port. > > I mean `support` is commit reviewing, auditing and etc. > Secteam do it for ports? At least CVEs are tracked. You better ask about whole list of ports secteam duties secteam themselves. > >> Adding of GOST as 3rd party plugin is technically possible in both >> (base, ports) cases, the rest of decision is up to FreeBSD openssl >> maintainers and possible contributors efforts. >> >> I need to specially point to "patches" section of the 3rd party GOST >> plugin, from just viewing I don't understand, are those additional >> openssl patches should be applied to openssl for GOST, or they are just >> reflect existent changes in the openssl. >> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >