Feeds

LibreSSL crypto library leaps from OpenBSD to Linux, OS X, more

First cross-platform version of cleaned-up OpenSSL fork

Internet Security Threat Report 2014

The OpenBSD project has released the first portable version of LibreSSL, the team's OpenSSL fork – meaning it can be built for operating systems other than OpenBSD.

The LibreSSL project, which aims to clean up the buggy and inscrutable OpenSSL code, was founded about two months ago by a group of OpenBSD developers, so it only makes sense that getting it running on that OS would be their priority.

With the release of LibreSSL 2.0.0 on Friday, however, many of the dependencies on OpenBSD have been removed and the library can now be built for various flavors of Linux, Solaris, OS X, and FreeBSD.

Note that this is still considerably fewer platforms that the original OpenSSL library supported. But OpenSSL's portability approach had become one of extreme overkill, with the code incorporating numerous hacks and workarounds to make it run on such outdated platforms as VMS, OS/2, NetWare, 16-bit Windows, and even DOS.

By comparison, LibreSSL is focusing on Unix-like operating systems for now, although a Windows port may appear in the future.

In a presentation given in May, LibreSSL developer Bob Beck explained that much of the initial work on LibreSSL involved deleting code that only existed to provide support for oddball systems. Between that effort and removing redundant and unused code, the LibreSSL group was able to shrink the size of the OpenSSL codebase by about 23 per cent.

The LibreSSL developers have also worked to get OpenSSL's unorthodox and inconsistent source code into "kernel normal form" (KNF), a standard C coding style used by the OpenBSD project.

In addition, although the goal of the LibreSSL project is to create a secure, drop-in replacement for OpenSSL, the developers have also tried to undo some of the OpenSSL developers' more ill-advised design decisions.

For example, the OpenSSL library relies on a quirky custom memory-management layer that behaves in strange ways, which makes it impossible to audit the code with tools designed to flag memory management problems. The LibreSSL team has been replacing this code with new routines that use memory allocation routines from the standard C library, making it far easier to spot bugs.

The portable version of LibrSSL 2.0.0 is available now from the LibreSSL directory of the various OpenBSD mirror sites around the globe.

Meanwhile, work continues on a parallel effort to clean up the original OpenSSL code base, a project that has been sponsored by the Linux Foundation, among others. The LibreSSL project, on the other hand, says it has yet to receive a stable commitment of funding. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.