Hey Folks, we just released a project that we hope is going to help researchers, developers, and ease the life of distro maintainers, and of everyone working on making the Internet more secure through OpenSSL, ultimately benefit all the users. The project is called [libsuola](https://github.com/romen/libsuola) and demonstrates how to use OpenSSL ENGINEs to provide new/alternative cryptographic software implementations to OpenSSL and, transparently, to existing applications linked against it. The ultimate goal of our project is to provide users the freedom of injecting alternative implementations or missing functionality in OpenSSL, at runtime and transparently to existing applications. The motivation for our project is illustrated in details in [this paper][0], but just to mention some examples of what kind of things libsuola could do in practice for users, I'll mention adding support for X25519 or Ed25519 primitives for applications linked against OpenSSL 1.0.2, or add Ed25519 to applications linked against OpenSSL 1.1.0. Moreover one can choose which implementation to use, selecting as a backend provider: - [libsodium][1], which historically has a better record when it comes to side-channel attack countermeasures and would also provide a nice speed bump in performance; or - [HACL*][2], a formally verified fork of libsodium, coming with strong mathematical assurance about functional correctness, memory safety, and its side-channel attack countermeasures. (For benchmarking geeks, numerophiles and everyone else interested, nice and extensive tables collecting the timings we measured for each operation, under different providers and on different architectures are included in the paper! Also, more details about a third kind of provider which statically links crypto funcitonality internally rather than relying on an external library.) The other goal of the project is to propose a methodology for researchers working on software implementations, to test and benchmark their results in real-world scenarios and deliver them to a wider audience. Of course to achieve grand goals we need participation from the community, so we are looking for beta testers to test the limits of our project, gather ideas on how to extend it, spot its shortcomings and get it under deeper scrutiny. So please, if what you read felt at least mildly interesting, go to https://github.com/romen/libsuola and check it out! Our development and testing has so far been limited to Linux-based environments and x64 / arm / arm64, but we welcome testers for other architectures, and PRs for other dev chains. TL;DR: Help us test a new way of adding functionality to your existing OpenSSL-based applications. https://github.com/romen/libsuola Thanks, Nicola Tuveri D.Sc. Student NISEC group Laboratory of Pervasive Computing Tampere University of Technology, FINLAND [0]: https://eprint.iacr.org/2018/354.pdf [1]: https://github.com/jedisct1/libsodium [2]: https://github.com/mitls/hacl-star -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
