From owner-freebsd-hackers@freebsd.org  Thu Aug  2 23:45:41 2018
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2551F1054D29;
 Thu,  2 Aug 2018 23:45:41 +0000 (UTC) (envelope-from kaduk@mit.edu)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu
 [18.7.68.34])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 53D9F8421B;
 Thu,  2 Aug 2018 23:45:40 +0000 (UTC) (envelope-from kaduk@mit.edu)
X-AuditID: 12074422-887ff7000000681f-63-5b63979bc4e7
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36])
 (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id
 4A.FF.26655.C97936B5; Thu,  2 Aug 2018 19:45:32 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11])
 by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w72NjQE6006707;
 Thu, 2 Aug 2018 19:45:27 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com
 [24.107.191.124]) (authenticated bits=56)
 (User authenticated as kaduk@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w72NjJkH013976
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Thu, 2 Aug 2018 19:45:22 -0400
Date: Thu, 2 Aug 2018 18:45:19 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Eric McCorkle <eric@metricspace.net>
Cc: Warner Losh <imp@bsdimp.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>,
 freebsd-current <freebsd-current@freebsd.org>,
 freebsd-security <freebsd-security@freebsd.org>
Subject: Re: Status of OpenSSL 1.1.1
Message-ID: <20180802234519.GD68224@kduck.kaduk.org>
References: <b7b8a27c-b520-dcba-e7eb-fa3fa2d78083@metricspace.net>
 <CANCZdfpRSxKAvW=X2Fh5OM3ZxzkhPxC3ooOgLpogkMUdwpumRg@mail.gmail.com>
 <dc890dce-59b0-4647-268b-6035e8fbfd31@metricspace.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <dc890dce-59b0-4647-268b-6035e8fbfd31@metricspace.net>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOKsWRmVeSWpSXmKPExsUixG6nojtnenK0wd3zxhbfpv9lsZg9fRqT
 xZw3H5gstm/+x2jRs+kJm8XTrcsZHdg8Puz+yuox49N8Fo97OyYwBTBHcdmkpOZklqUW6dsl
 cGW8vLyOueASd8WBD6/YGhifcnQxcnJICJhI7F+4gamLkYtDSGAxk8SypiPMEM4GRomdjXOh
 MleYJD5sPsAO0sIioCLx49NBVhCbDchu6L4M1MHBISKgITF/tyBIPbNAF5PEr0lnWUBqhIFq
 ui/dB6vhBVp3cHY5xMxDjBL7N/eA1fAKCEqcnPkEzGYW0JHYufUOG0g9s4C0xPJ/HBBheYnm
 rbPBxnAKOEtM+uMDEhYVUJbY23eIfQKj4Cwkg2YhGTQLYdAsJIMWMLKsYpRNya3SzU3MzClO
 TdYtTk7My0st0jXVy80s0UtNKd3ECI4DF6UdjBP/eR1iFOBgVOLh1dBIjhZiTSwrrsw9xCjJ
 waQkystfDhTiS8pPqcxILM6ILyrNSS0Geo+DWUmE920nUI43JbGyKrUoHyYlzcGiJM57vyY8
 WkggPbEkNTs1tSC1CCYrw8GhJMG7cRpQo2BRanpqRVpmTglCmomDE2Q4D9BwFZAa3uKCxNzi
 zHSI/ClGXY4/76dOYhZiycvPS5US5xUCKRIAKcoozYObA0pfEtn7a14xigO9Jcw7DaSKB5j6
 4Ca9AlrCBLQk2zERZElJIkJKqoExo2f2n3aLPr2M1OT57Lez/KVzyjUd35uV/b75wlLp3TGt
 uKQA82sNTP/uv1r+7Mss5ap1dTcjthhHBzo/rth1emmdBnNrzr0+x+nx7+WL1XYUbipimPQr
 rTU838O3dlE//6QJr4WWvThrk1nl0lN0xHGt3YMpn5hdclg7Lu1aLRd+/NYqzT4lluKMREMt
 5qLiRABbGPrYOgMAAA==
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2018 23:45:41 -0000

On Wed, Aug 01, 2018 at 10:05:28AM -0400, Eric McCorkle wrote:
> On 08/01/2018 09:02, Warner Losh wrote:
> > 
> > 
> > On Wed, Aug 1, 2018, 12:31 PM Eric McCorkle <eric@metricspace.net
> > <mailto:eric@metricspace.net>> wrote:
> > 
> >     Hi folks,
> > 
> >     I'm wondering what's the status of OpenSSL 1.1.1 integration into base?
> >     More specifically, is there a repo or a branch that's started the
> >     integration?  I'm aware of the wiki page and the list of port build
> >     issues, but that seems to be based on replacing the base OpenSSL with a
> >     port build (similar to the way one replaces it with LibreSSL).
> > 
> >     I have some work I'd like to do that's gating on sorting out the
> >     kernel/loader crypto situation, and I'd very much like to see OpenSSL
> >     1.1.1 get merged, so I can start to look into doing that.
> > 
> > 
> > There are patches to use bear SSL for the loader. OpenSSL is simply too
> > large to use due to limits the loader operates under.
> 
> I was going to look into the feasibility of doing something like what
> LibreSSL does with portable, where they extract a subset of the full
> library designed to be embedded in the kernel, loader, etc.
> 
> I think it ought to be possible to do something like that, but it really
> ought to be done in a tree with 1.1.1 integrated.
> 

It wouldn't be terribly easy or effective, IMO.  OpenSSL wasn't designed
with such modularity in mind.

-Ben