Monday, March 3, 2008

Strong crypto in base Solaris 11!


My Friday night integration of 6498066 PSARC/2006/610 Data Encryption Kit (SUNWcry) Removal now means that strong crypto is available in a base Nevada system, starting with build 85 and forward. What does this mean for you? Mostly it means that you no longer have to get special packages to get longer key lengths for arcfour, aes or blowfish and that things like OpenSSL will work out of the box.

Earlier posts to this blog explained how I took a different approach with strong crypto with Solaris 10 Update 4. This work I just completed in Nevada, which was originally started by darrenm, is not appropriate for an update release since it removes packages and modules from the system.

Also, earlier this project was tied in with libsoftcrypto. I worked closely with the crypto team on this, and we decided that the removal of the Data Encryption Kit was more important and needed to be integrated as soon as possible, so libsoftcrypto was pulled out of this project gate in order to speed up delivery of PSARC/2006/610.

One really cool thing about this integration? It removes tons of now pointless Sun specific modifications from the OpenSSL source. Hurray!

This should make it easier for folks to use Nevada and OpenSolaris builds, as well as make it easier to do development in the affected areas. Let me know if you have any questions!

2 comments:

  1. Doesnt this mean you have to get an export license to deliver to certain countries? Are you sure this doesnt run afoul of export restrictions for sensitive technologies?

    ReplyDelete
  2. Hi David - We did basically the same thing several months ago with Solaris 10, and at that time we checked with liaisons for those specific countries and with legal. We do not anticipate any more import issues with Solaris. Valerie

    ReplyDelete