BACK TO SPEAKERS
Tim Hudson
Cryptsoft
Tim Hudson has been involved in system security for more than 20 years.

He is CTO at Cryptsoft where he provides advice and guidance on security technology design and architecture based on his extensive experience in the application of security architectures to real-world problems.

Tim is also editor of multiple OASIS standards documents for KMIP and PKCS#11. During is spare time, Tim is also an OpenSSL management committee member and OpenSSL committer.

OpenSSL has been the preeminent cryptographic toolkit for over twenty years. Originally developed in Brisbane, Australia in 1996, it has evolved into the over half a million lines of code it is today. During that time, there have been many major changes to the features, capabilities and portability of the code. However, the internal structures have remained relatively stable for the last 15 years.

With the advent of OpenSSL-1.1 and the code base transitioning to opaque data structures, the first real opportunity to evolve the internal architecture has arisen. The OpenSSL project, in combination with the OpenSSL developer community, has worked to plan the future target architecture and the next major version, OpenSSL-3.0, will be the first release along that path.

OpenSSL 3.0 - Accelerating Forward
Technical Level (3 being the highest score): 3

OpenSSL has been the preeminent cryptographic toolkit for over twenty years. Originally developed in Brisbane, Australia in 1996, it has evolved into the over half a million lines of code it is today. During that time, there have been many major changes to the features, capabilities and portability of the code. However, the internal structures have remained relatively stable for the last 15 years.

With the advent of OpenSSL-1.1 and the code base transitioning to opaque data structures, the first real opportunity to evolve the internal architecture has arisen. The OpenSSL project, in combination with the OpenSSL developer community, has worked to plan the future target architecture and the next major version, OpenSSL-3.0, will be the first release along that path.

Paul and Tim will go through the driving requirements behind the new design and the challenges in realising change in such a widely used code base.

Specific attention will be given to handling of multiple implementations, the addition of extensibility and the re-plumbing performed to enable a less intrusive FIPS140 validation approach. Recognising that OpenSSL is often used in combination with extensions or other security devices (like HSMs and Key Managers), and increasing adoption of regional or national algorithms, the algorithm selection mechanism has been completely redesigned and re-implemented.