> The involvement of Microsoft, makes this initiative highly suspect, and
> I wish the Linux Foundation had told them to get lost. Ever since its
> foundation, Microsoft has used every underhanded trick in the book to
> sabotage open source projects (just remember Bill Gates open letter
> on the subject decades ago).
Recall that OpenSSL is used to implement the "Secure Boot" feature in
UEFI firmware. Any modern system that has a Windows8 logo on it has
OpenSSL in their firmware, unless firmware vendor or OEM replaced
OpenSSL with another crypto lib. So MSFT does have a dependence of
OpenSSL working, else Windows can no longer Securely Boot. :-)
And Microsoft and Linux Foundation work together with getting the Linux
EFI Shim signed so Linux can boot on these WindowsPCs. :-( Granted,
commercial SUSE/RHAT/Ubuntu servers can get Secure Boot to work w/o MSFT
certs, but those are expensive enterprise boxes, no consumer devices
like this. :-(
The TianoCore.org project maintains a patch of OpenSSL (0.9x, not 1.x).
https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
BTW, it's a shame that OpenSSL doesn't integrate that patch, and have
some UEFI-targetting compiler directive to integrate it.
There's also an old bug/feature in OpenSSL, related to UEFI use of
intermediate CAs, which UEFI is waiting for OpenSSL to deal with. It is
a shame that this has been unresolved for years.
http://sourceforge.net/p/edk2/mailman/message/29329799/
http://marc.info/?l=openssl-users&m=128943213002702
OpenSSL's use in nearly all modern systems' firmware seems like a
mainstream enough usage that they should take the EFI patch, and maybe
help with the intermediate CA feature/bug.
I hope new structure/governance in post-Heartbleed era will also take
into account OpenSSL's widespread use in modern firmware, not just OS
and app usage.
Thanks,
Lee
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org