Date: Fri, 27 Oct 2017 12:38:47 +0000 From: "Wall, Stephen" <swall@redcom.com> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: RE: Crypto overhaul Message-ID: <51e5e3f85b6445ed85faf770773118bb@exch-02.redcom.com>
next in thread | raw e-mail | index | archive | help
Be aware that moving away from a crypto library that has a FIPS-approved cr= ypto core will have a significant impact on commercial users of FreeBSD who= do business with U.S. government (and likely some other governments and co= rporate sectors as well). BoringSSL is persuing/has persued FIPS validatio= n, but they offer this warning on their web page: Although BoringSSL is an open source project, it is not intended for genera= l use, as OpenSSL is. We don't recommend that third parties depend upon it.= Doing so is likely to be frustrating because there are no guarantees of AP= I or ABI stability. BearSSL, being a new, small project, is highly unlikely to pursue FIPS cert= ification. LibreSSL has deliberately stripped anything FIPS related out of= their fork, and the project has stated multiple times that it will not com= e back. I am not opposing a change (indeed, consolidating the various crypto source= s in FreeBSD to single (FIPS-possible) library would be a good thing) , I j= ust prefer (strongly) that FIPS not be pushed out of the picture. -spw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51e5e3f85b6445ed85faf770773118bb>