Page MenuHomeFreeBSD

Build libbearssl for loader and sbin/veriexec

Authored by sjg on Jul 19 2018, 12:30 AM.



BearSSL is a tiny library suitable for embedded apps like loader.
It provides all the functionality needed to verify
RSA and ECDSA signatures using X.509 certificate chains.

Initially at least BearSSL needs to be checked out externally to the
FreeBSD tree, with the variable BEARSSL set to point to it. is included by stand/libsa and lists only the
sources needed by the loader.

Diff Detail

rS FreeBSD src repository - subversion
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

I have no objection to BearSSL.

I'd suggest getting someone like @bdrewery to review the Make integration changes.

I like the distinction between the full (lib) version and the libsa minified version, although perhaps it could be done in a single Makefile without the repetition. I don't feel strongly about that.

25 ↗(On Diff #45504)

Do we actually use curve 25519? And if so, for what? NIST has expressed intent to bless it for limited applications (ephemeral key exchange, I think) but has not actually published the document, as far as I can tell:

So I am surprised at its inclusion in the loader code for veriexec, given your previously expressed hostility to anything not blessed by NIST.

40 ↗(On Diff #45504)

As before, I don't think there is any reason to include SHA1.

25 ↗(On Diff #45504)

Damn, I keep forgetting that email cannot be replied to...

Not actually using it no, but
the above list is derrived from running objdump on the
loader to see what actually got used.
Looking at nm ec_c25519_m31.o I don't really see why.
Need to dig further, the only ec_ bits libve pulls in are

    &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);

We are not using anything but p256 curve right now,
that may need to shift to p384 sooner than I'd like
based on recent guidance from NIST.

40 ↗(On Diff #45504)

It is being used for emulating a TPM's PCR - keeping a running hash of
everything we attempt to verify, so that later boot step can feed it to
TPM if doing measured boot.
This avoids a truck load of stuff in loader to talk directly to TPM.

I guess we could do SHA256 for that.

SHA1 required by OpenPGP for computing key id

Adding xrefs to related reviews

D16337 for build options etc
D16336 for changes to stand/
D16335 for libve
bdrewery added inline comments.
233–235 ↗(On Diff #47709)

Same comment as D16335, I'm not fond of the pattern here as it's non-standard and unneeded.

This revision now requires changes to proceed.Sep 6 2018, 12:07 AM
211–216 ↗(On Diff #47709)

Seems like we're including a lot more of bearssl than we actually need or use? Given we already ship openssl in base, and that bearssl cannot replace OpenSSL directly, does it make sense to provide an alternative SSL library also in base? I don't think it does, but bringing in the limited pieces needed for loader veriexec is reasonable.

remove check for MK_BEARSSL from Makefile

sjg marked an inline comment as done.Sep 6 2018, 11:03 PM


Are there any plans to integrate this patch with tree?


Are there any plans to integrate this patch with tree?

Yes, but need +ve review ...

emaste added inline comments.
48–49 ↗(On Diff #47782)


2 ↗(On Diff #47782)

A comment explaining is intended to provide?

Update to latest BearSSL

Move some i62 methods to

Still need to close this review

This revision was not accepted when it landed; it landed in state Needs Review.Mar 23 2019, 6:34 PM
Closed by commit rS344564: Add libbearssl (authored by sjg). · Explain Why
This revision was automatically updated to reflect the committed changes.
sjg mentioned this in rS344564: Add libbearssl.