darren_moffat@blog$ cat /dev/mem | grep /dev/urandom

All | General | Security | Solaris
« nVIDIA 3D drivers +... | Main | Fixed 9 year old bug... »

20050614 Tuesday June 14, 2005

OpenSolaris missing crypto code ?

If you are looking for crypto related code in OpenSolaris today you might be a little disapointed since not all of it is present yet. Let me assure you that we (me in particular) are working very hard to get it included. It is probably easiest to understand if I explain some history related to the Solaris source and what we intend to do about it so we can get you full access to the cryptographic frameworks and the algorithm implementations.

Even prior to the startup of the OpenSolaris program it was possible to get access to some of the source code of Solaris, how much you had to pay depended on what you intended to do with it and wither or not you were an academic instuition. Due to US export regulations all of the cryptographic algorithm implmentation and many cryptographic related plugin points into security frameworks had to have their interfaces obscured. This was because the source code was not open source and thus didn't get treated the same way as things like OpenSSL. If you were a domestic US customer it was possible to see the cryptographic algorithm implementations but still not some of the other things.

To achive this we put markers into many parts of the source to delimt things that needed to be removed, some times this was whole files, sometimes it was just parts of functions. We then have a special run of the nightly build script that builds two different versions of the source product, one for domestic US (CRYPT_SRC build) and one for export (EXPORT_SRC build).

Over time people noticed that the EXPORT_SRC build was really useful for removing things from the source product that we weren't allowed to let people see, as such it started to also be used as a way to redact source code that was under NDA from a 3rd party, for example some driver code. As you maybe aware some of the 3rd party NDA code isn't available in OpenSolaris today and some of it may never be.

Okay so how does this impact the crypto code ? Due to using the same mechanism to remove NDA code and code we previously couldn't release due to it being cryptographic source in a non open source licensed product we have a time consuming task of now unwinding these things. It is this thing that I and my colleagues are working on, we just didn't have enough time to complete this before today.

So whats the plan for getting access to the crypto code ? For the short term (read the next couple of days) we hope to get an additional download file put up that contains the missing cryptographic algorithm implementations and the missing bits of security frameworks (eg some bits of libgss and libsasl). For the longer term this code will be treated just like the rest of OpenSolaris visible source code and it will be browsable, buildable and downloadable just like usr/bin/ls and friends.


Technorati Tag:
Technorati Tag:

( Jun 14 2005, 03:53:19 PM BST ) Permalink Comments [0]

Trackback URL: http://blogs.sun.com/darren/entry/opensolaris_missing_crypto_code
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

Valid HTML! Valid CSS!


follow darrenmoffat at http://twitter.com
Get OpenSolaris Use OpenOffice.org

This is a personal weblog, I do not speak for my employer.