Date: Tue, 31 Oct 2017 19:34:26 -0400 From: Eric McCorkle <eric@metricspace.net> To: freebsd-arch@freebsd.org, "freebsd-hackers@freebsd.org" <freebsd-hackers@FreeBSD.org>, "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org> Subject: Re: Crypto overhaul Message-ID: <1adbe576-2610-573b-f555-3b1a537f25e0@metricspace.net> In-Reply-To: <f331e70771ed4eb28878a4ae00905cc2@exch-02.redcom.com> References: <dc08792a-3215-611c-eb9f-4936a0d621f9@metricspace.net> <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q@mail.gmail.com> <13959.1509132270@critter.freebsd.dk> <CAG5KPzxGtAwV-svCv24FbZtLvxKCwX7OSyb2pPaTc63EUmFFGA@mail.gmail.com> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <df46aaa5-13a9-2fc6-bcd2-d57d792800eb@metricspace.net> <e83f9add-d6d4-494d-669a-215765c0b5eb@elischer.org> <cfa28da2-0a4b-c6b9-2e22-3fbb1bbc9394@metricspace.net> <f331e70771ed4eb28878a4ae00905cc2@exch-02.redcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/31/2017 08:23, Wall, Stephen wrote: >> At least as about its first year and a half, LibreSSL had a markedly >> better track record than OpenSSL (zero high-severity CVEs vs 5 from >> OpenSSL, about half as many mid- and low-security CVEs). > > Are any of these relevant to the crypto module? Or are they all only applicable to the SSL protocol? > > As I understand the discussion so far, the goal is to unify all the disparate crypto pieces in the base system. That could certainly be done using OpenSSLs libcrypto, and let users select their SSL provider from the ports tree. That's already how things work, but it doesn't provide a viable solution for kernel and boot loader APIs. There's apparently been at least one attempt to embed OpenSSL into the kernel, to no avail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1adbe576-2610-573b-f555-3b1a537f25e0>