BACK TO SPEAKERS
He is the lead for the C toolkit team at Oracle, providing advise and guidance to other groups and leading the FIPS validation development effort. Paul is a member of the OpenSSL management committee member and an OpenSSL committer.
OpenSSL 3.0 - Accelerating Forward
Technical Level (3 being the highest score): 3
OpenSSL has been the preeminent cryptographic toolkit for over twenty years. Originally developed in Brisbane, Australia in 1996, it has evolved into the over half a million lines of code it is today. During that time, there have been many major changes to the features, capabilities and portability of the code. However, the internal structures have remained relatively stable for the last 15 years.
With the advent of OpenSSL-1.1 and the code base transitioning to opaque data structures, the first real opportunity to evolve the internal architecture has arisen. The OpenSSL project, in combination with the OpenSSL developer community, has worked to plan the future target architecture and the next major version, OpenSSL-3.0, will be the first release along that path.
Paul and Tim will go through the driving requirements behind the new design and the challenges in realising change in such a widely used code base.
Specific attention will be given to handling of multiple implementations, the addition of extensibility and the re-plumbing performed to enable a less intrusive FIPS140 validation approach. Recognising that OpenSSL is often used in combination with extensions or other security devices (like HSMs and Key Managers), and increasing adoption of regional or national algorithms, the algorithm selection mechanism has been completely redesigned and re-implemented.
Presentation slides can be found HERE
Presentation video can be found HERE
Dr Paul Dale
OpenSSL
Dr Paul Dale has varied experience in computer security including incident response, embedded security devices and cryptographic toolkits.He is the lead for the C toolkit team at Oracle, providing advise and guidance to other groups and leading the FIPS validation development effort. Paul is a member of the OpenSSL management committee member and an OpenSSL committer.
OpenSSL 3.0 - Accelerating Forward
Technical Level (3 being the highest score): 3
OpenSSL has been the preeminent cryptographic toolkit for over twenty years. Originally developed in Brisbane, Australia in 1996, it has evolved into the over half a million lines of code it is today. During that time, there have been many major changes to the features, capabilities and portability of the code. However, the internal structures have remained relatively stable for the last 15 years.
With the advent of OpenSSL-1.1 and the code base transitioning to opaque data structures, the first real opportunity to evolve the internal architecture has arisen. The OpenSSL project, in combination with the OpenSSL developer community, has worked to plan the future target architecture and the next major version, OpenSSL-3.0, will be the first release along that path.
Paul and Tim will go through the driving requirements behind the new design and the challenges in realising change in such a widely used code base.
Specific attention will be given to handling of multiple implementations, the addition of extensibility and the re-plumbing performed to enable a less intrusive FIPS140 validation approach. Recognising that OpenSSL is often used in combination with extensions or other security devices (like HSMs and Key Managers), and increasing adoption of regional or national algorithms, the algorithm selection mechanism has been completely redesigned and re-implemented.
Presentation slides can be found HERE
Presentation video can be found HERE