This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

openssl and cheribsd

The question I had is in regards to CheriBSD, & the software that comes built-in to it. Specifically, in both morello-hybird & morello-purecap, there is openssl already available. I was aware that it comes with the cheriBSD build using the python cheribuild script, but I'm not sure if it takes advantage of cheri capabilities or if it's part of the original FreeBSD implementation that CheriBSD & isn't a cheri-specific implementation. Any thoughts or insights about this that might be useful.

  • In a cheribsd-morello-purecap build, every library in /lib and /usr/lib is built as a pure-capability binary; this includes /usr/lib/libssl.so(.111). Hybrid libraries exist only in /usr/lib64, akin to /usr/lib32 providing 32-bit libraries on 64-bit systems, and there is a /usr/lib64/libssl.so(.111) compatibility library.

    In a cheribsd-morello-hybrid build, every library in /lib and /usr/lib is built as a hybrid binary, which includes /usr/lib/libssl.so(.111). Pure-capability libraries exist only in /usr/lib64c (previously /usr/libcheri), and there is a /usr/lib64c/libssl.so(.111).

    That is, both pure-capability and hybrid (effectively, vanilla AArch64) builds of OpenSSL exist for both cheribsd-morello-purecap and cheribsd-morello-hybrid. Which is the default corresponds to which variant of CheriBSD you built.