[Cryptography] LibreSSL (was Re: bounded pointers in C)
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Tue Apr 22 15:55:34 EDT 2014
> Message du 22/04/14 21:47
> De : "Stephan Neuhaus"
> On 2014-04-22, 06:56, Nemo wrote:
> > http://www.libressl.org/
>
> That web page says "At the moment we are too busy deleting and rewriting
> code to make a decent web page", which implies, or at east suggests to
> me, that this project will be reusing OpenSSL's architecture.
>
> I think that if you want to make something that's substantially better
> than OpenSSL, it would be a good idea to stop for a moment and think of
> how you want your library to be used. I doubt that if you tried to
> design an SSL/TLS API from the API user's point of view, something like
> OpenSSL would come out. So why not make a clean-slate design, steal
> those parts of OpenSSL that you can (the basic crypto algorithms,
> probably) and reinvent and rewrite the rest?
>
The problem of a clean slate is that we have thousands of programs which depend on OpenSSL's API the way it is.
The goal of LibreSSL is to create a library that is compatible with OpenSSL minus the bad code.
According to Theo after 90000 lines of code removed so far all OpenBSD programs that depend on it continue compiling.
More information about the cryptography
mailing list