we just released a project that we hope is going to help
researchers, developers, and ease the life of distro maintainers,
and of everyone working on making the Internet more secure through
OpenSSL, ultimately benefit all the users.
The project is called [libsuola](https://github.com/romen/libsuola)
and demonstrates how to use OpenSSL ENGINEs to provide
new/alternative cryptographic software implementations to OpenSSL
and, transparently, to existing applications linked against it.
The ultimate goal of our project is to provide users the freedom of
injecting alternative implementations or missing functionality in
OpenSSL, at runtime and transparently to existing applications.
The motivation for our project is illustrated in details in
[this paper], but just to mention some examples of what kind of
things libsuola could do in practice for users, I'll mention adding
support for X25519 or Ed25519 primitives for applications linked
against OpenSSL 1.0.2, or add Ed25519 to applications linked against
Moreover one can choose which implementation to use, selecting as a
- [libsodium], which historically has a better record when it
comes to side-channel attack countermeasures and would also provide a
nice speed bump in performance; or
- [HACL*], a formally verified fork of libsodium, coming with
strong mathematical assurance about functional correctness, memory
safety, and its side-channel attack countermeasures.
(For benchmarking geeks, numerophiles and everyone else interested,
nice and extensive tables collecting the timings we measured for
each operation, under different providers and on different
architectures are included in the paper!
Also, more details about a third kind of provider which statically
links crypto funcitonality internally rather than relying on an
The other goal of the project is to propose a methodology for
researchers working on software implementations, to test and benchmark
their results in real-world scenarios and deliver them to a wider
Of course to achieve grand goals we need participation from the
community, so we are looking for beta testers to test the limits of
our project, gather ideas on how to extend it, spot its shortcomings
and get it under deeper scrutiny.