Feeds

LibreSSL crypto library leaps from OpenBSD to Linux, OS X, more

First cross-platform version of cleaned-up OpenSSL fork

Website security in corporate America

The OpenBSD project has released the first portable version of LibreSSL, the team's OpenSSL fork – meaning it can be built for operating systems other than OpenBSD.

The LibreSSL project, which aims to clean up the buggy and inscrutable OpenSSL code, was founded about two months ago by a group of OpenBSD developers, so it only makes sense that getting it running on that OS would be their priority.

With the release of LibreSSL 2.0.0 on Friday, however, many of the dependencies on OpenBSD have been removed and the library can now be built for various flavors of Linux, Solaris, OS X, and FreeBSD.

Note that this is still considerably fewer platforms that the original OpenSSL library supported. But OpenSSL's portability approach had become one of extreme overkill, with the code incorporating numerous hacks and workarounds to make it run on such outdated platforms as VMS, OS/2, NetWare, 16-bit Windows, and even DOS.

By comparison, LibreSSL is focusing on Unix-like operating systems for now, although a Windows port may appear in the future.

In a presentation given in May, LibreSSL developer Bob Beck explained that much of the initial work on LibreSSL involved deleting code that only existed to provide support for oddball systems. Between that effort and removing redundant and unused code, the LibreSSL group was able to shrink the size of the OpenSSL codebase by about 23 per cent.

The LibreSSL developers have also worked to get OpenSSL's unorthodox and inconsistent source code into "kernel normal form" (KNF), a standard C coding style used by the OpenBSD project.

In addition, although the goal of the LibreSSL project is to create a secure, drop-in replacement for OpenSSL, the developers have also tried to undo some of the OpenSSL developers' more ill-advised design decisions.

For example, the OpenSSL library relies on a quirky custom memory-management layer that behaves in strange ways, which makes it impossible to audit the code with tools designed to flag memory management problems. The LibreSSL team has been replacing this code with new routines that use memory allocation routines from the standard C library, making it far easier to spot bugs.

The portable version of LibrSSL 2.0.0 is available now from the LibreSSL directory of the various OpenBSD mirror sites around the globe.

Meanwhile, work continues on a parallel effort to clean up the original OpenSSL code base, a project that has been sponsored by the Linux Foundation, among others. The LibreSSL project, on the other hand, says it has yet to receive a stable commitment of funding. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.