LibreSSL

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

LibreSSL
Puffy, the mascot of OpenBSD, made to resemble King Ferdinand[1]
Puffy, the mascot of OpenBSD, made to resemble King Ferdinand[1]
Original author(s) The OpenSSL Project
Developer(s) The OpenBSD Project
Initial release 2.0.0 / 11 July 2014; 4 years ago (2014-07-11)
Stable release 2.7.4 (June 13, 2018; 3 months ago (2018-06-13)[2][3]) [±]
Preview release 2.8.1 (25 September 2018; 17 days ago (2018-09-25)[2][3]) [±]
Repository https://github.com/libressl-portable
Written in C, assembly, Perl
Operating system OpenBSD, FreeBSD, NetBSD, Linux, HP-UX, Solaris, macOS, Windows and others[4]
Type Cryptography library
License Apache License 1.0, 4-clause BSD license, ISC license, public domain
Website www.libressl.org

LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability,[5][6][7][8] with the goals of modernizing the codebase, improving security, and applying development best practices.[9][10][11]

History[edit]

After the Heartbleed security vulnerability was discovered in OpenSSL, the OpenBSD team audited the codebase and decided it was necessary to fork OpenSSL to remove dangerous code.[5] The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed.[10][12] Unused code was removed, and support for obsolete operating systems was removed.

LibreSSL was initially developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was ported to other platforms once a stripped-down version of the library was stable.[13][14] As of April 2014, the project was seeking a "stable commitment" of external funding.[12] On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month.[15] On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance,[16] LibreSSL was not; Theo de Raadt accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL.[17]

On 20 June 2014, Google created another fork of OpenSSL called BoringSSL, and promised to exchange fixes with LibreSSL.[18][19] Google has already relicensed some of its contributions under the ISC license, as it was requested by the LibreSSL developers.[18][20] On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable.[21] Starting on 8 July, code porting for macOS and Solaris began,[22] while the initial porting to Linux began on 20 June.[23]

Adoption[edit]

LibreSSL is the default provider of TLS for:

LibreSSL is a selectable provider of TLS for:

Changes[edit]

Memory-related[edit]

In more detail, some of the more notable and important changes thus far include replacement of custom memory calls to ones in a standard library (for example, strlcpy, calloc, asprintf, reallocarray, etc.).[36][37] This process may help later on to catch buffer overflow errors with more advanced memory analysis tools or by simply observing program crashes (via ASLR, use of the NX bit, stack canaries, etc.).

Fixes for potential double free scenarios have also been cited in the VCS commit logs (including explicit assignments of null pointer values).[38] There have been extra sanity checks also cited in the commit logs related to ensuring length arguments, unsigned-to-signed variable assignments, pointer values, and method returns.

Proactive measures[edit]

In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also been code readability updates which help future contributors in verifying program correctness (KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error and I/O abstraction library references).

Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining portability for other similar platforms. In addition, explicit_bzero and bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.

Cryptographic[edit]

There were changes to help ensure proper seeding of random number generator-based methods via replacements of insecure seeding practices (taking advantage of features offered by the kernel itself natively).[39][40] In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms (ChaCha stream cipher and Poly1305 message authentication code) along with a safer set of elliptic curves (brainpool curves from RFC 5639, up to 512 bits in strength).

Added features[edit]

The initial release of LibreSSL added a number of features: the ChaCha and Poly1305 algorithm, the Brainpool and ANSSI elliptic curves, and the AES-GCM and ChaCha20-Poly1305 AEAD modes.

Later versions added the following:[41]

  • 2.1.0: Automatic ephemeral EC keys[42]
  • 2.1.2: Built-in arc4random implementation on macOS and FreeBSD[43]
  • 2.1.2: Reworked GOST cipher suite support
  • 2.1.3: ALPN support[44]
  • 2.1.3: SHA-256 Camellia cipher suites
  • 2.1.4: TLS_FALLBACK_SCSV server-side support[45]
  • 2.1.4: certhash as a replacement of the c_rehash script
  • 2.1.4: X509_STORE_load_mem API for loading certificates from memory (enhance chroot support)
  • 2.1.4: Experimental Windows binaries
  • 2.1.5: Minor update mainly for improving Windows support, first working 32- and 64-bit binaries[46]
  • 2.1.6: libtls declared stable and enabled by default[47]
  • 2.2.0: AIX and Cygwin support[48]
  • 2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid[49] from OpenSSL, initial Windows XP/2003 support
  • 2.2.2: Defines LIBRESSL_VERSION_NUMBER,[50] added TLS_*methods as a replacement for the SSLv23_*method calls, cmake build support

Old insecure features[edit]

The initial release of LibreSSL disabled a number of features by default.[28] Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat, SSL v2 and SSL v3.

Later versions disabled more features:

  • 2.1.1: Following the discovery of the POODLE vulnerability in the legacy SSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default.[51]
  • 2.1.3: GOST R 34.10-94 signature authentication[41][44]
  • 2.2.1: Removal of Dynamic Engine and MDC-2DES support[49]
  • 2.2.2: Removal of SSLv3 from the openssl binary, removal of Internet Explorer 6 workarounds, RSAX engine.[50]
  • 2.3.0: Complete removal of SSLv3, SHA-0 and DTLS1_BAD_VER

Code removal[edit]

The initial release of LibreSSL has removed a number of features that were deemed insecure, unnecessary or deprecated as part of OpenBSD 5.6.[28]

  • In response to Heartbleed, the heartbeat functionality[52] was one of the first features to be removed
  • Unneeded platforms (Classic Mac OS, NetWare, OS/2, VMS, 16-bit Windows, etc.)
  • Support for platforms that do not exist, such as big-endian i386 and amd64[53]
  • Support for old compilers
  • The IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency on non-free libraries
  • The OpenSSL PRNG was removed (and replaced with ChaCha20-based implementation of arc4random)
  • Preprocessor macros that have been deemed unnecessary or insecure or had already been deprecated in OpenSSL for a long time (e.g. des_old.h)
  • Older unneeded files for assembly language, C, and Perl (e.g. EGD)
  • MD2, SEED functionality
  • SSLv3, SHA-0, DTLS1_BAD_VER

The Dual EC DRBG algorithm, which is suspected of having a back door,[54] was cut along with support for the FIPS 140-2 standard that required it. Unused protocols and insecure algorithms have also been removed, including the support for FIPS 140-2,[55] MD4/MD5[41] J-PAKE,[28] and SRP.[56]

Bug backlog[edit]

One of the complaints of OpenSSL was the number of open bugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.[57]

See also[edit]

References[edit]

  1. ^ InfoSec Southwest (2 May 2017). "LibreSSL, almost Two Years Later - Brent Cook". YouTube. Retrieved 15 September 2018.
  2. ^ a b "LibreSSL". Retrieved 26 September 2018.
  3. ^ a b "LibreSSL Releases". Retrieved 26 September 2018.
  4. ^ "LibreSSL Releases".
  5. ^ a b Unangst, Ted (22 April 2014). "Origins of libressl". flak. Retrieved 24 April 2014.
  6. ^ Kemer, Sean Michael (22 April 2014). "After Heartbleed, OpenSSL Is Forked Into LibreSSL". eWeek. Retrieved 24 April 2014.
  7. ^ "Not Just a Cleanup Any More: LibreSSL Project Announced". Slashdot. 22 April 2014. Retrieved 24 April 2014.
  8. ^ M, Constantine (17 May 2014). Soulskill, ed. "30-Day Status Update On LibreSSL". Slashdot.
  9. ^ "LibreSSL".
  10. ^ a b Seltzer, Larry (21 April 2014). "OpenBSD forks, prunes, fixes OpenSSL". Zero Day. ZDNet. Retrieved 21 April 2014.
  11. ^ Hessler, Peter (15 April 2014). "OpenBSD has started a massive strip-down and cleanup of OpenSSL". OpenBSD Journal. Retrieved 24 April 2014.
  12. ^ a b Brodkin, Jon (22 April 2014). "OpenSSL code beyond repair, claims creator of "LibreSSL" fork". Ars Technica. Retrieved 24 April 2014.
  13. ^ McCallion, Jane (22 April 2014). "Heartbleed: LibreSSL scrubs "irresponsible" OpenSSL code". PC Pro. Retrieved 23 April 2014.
  14. ^ Larabel, Michael (9 May 2014). "OpenBSD Affirms That LibreSSL Will Be Portable". Phoronix. Retrieved 30 May 2014.
  15. ^ Beck, Bob (17 May 2014). "LibreSSL: The first 30 days, and what the Future Holds Slides". Retrieved 17 May 2014.
  16. ^ "Re: OpenSSL seven security fixes". oss-sec (Mailing list). 5 June 2014. Retrieved 9 June 2014.
  17. ^ de Raadt, Theo (5 June 2014). "Re: new OpenSSL flaws". openbsd-misc (Mailing list). Retrieved 9 June 2014.
  18. ^ a b Langley, Adam (20 June 2014). "BoringSSL (20 Jun 2014)". Imperialviolet.org. Retrieved 21 June 2014.
  19. ^ Goodin, Dan (20 June 2014). "Google unveils independent "fork" of OpenSSL called "BoringSSL"". Ars Technica. Retrieved 21 June 2014.
  20. ^ Sing, Joel (21 June 2014). "OpenBSD — lib/libssl/src/crypto/evp evp_aead.c e_chacha20poly1305.c". Archived from the original on 22 June 2014. Retrieved 21 June 2014.
  21. ^ de Raadt, Theo (21 June 2014). "Boringssl and such". openbsd-tech (Mailing list). Retrieved 28 October 2015.
  22. ^ Beck, Bob (8 July 2014). "OpenBSD - lib/libcrypto/crypto getentropy_osx.c getentropy_solaris.c".
  23. ^ Beck, Bob (20 June 2014). "OpenBSD — lib/libcrypto/crypto getentropy_linux.c".
  24. ^ "Alpine edge has switched to libressl". Natanael Copa. Retrieved 10 October 2016.
  25. ^ "[Beta] git: Switch base to use private LibreSSL libaries [sic]". John Marino. Retrieved 7 September 2016.
  26. ^ "LibreSSL Enabled By Default". Shawn Webb. Retrieved 16 September 2016.
  27. ^ admin. "Project - Morpheus Linux". Morpheus.2f30.org.
  28. ^ a b c d Jacoutot, Antoine (1 November 2014). "OpenBSD 5.6 Released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  29. ^ Raue, Stephan. "OpenELEC Mediacenter - [Beta] OpenELEC 6.0 Beta 2 released". Openelec.tv.
  30. ^ "PC-BSD Evolves into TrueOS". Retrieved 16 September 2016.
  31. ^ Mark VonFange. "PC-BSD 10.1.2: an Interview with Kris Moore". Official PC-BSD Blog. Retrieved 15 October 2015.
  32. ^ "LibreSSL enabled by default". Void Linux. Retrieved 15 October 2015.
  33. ^ "Add DEFAULT_VERSIONS=ssl=XXX". Svnweb.freebsd.org.
  34. ^ "Project:LibreSSL - Gentoo". Wiki.gentoo.org.
  35. ^ "OPNsense version 15.7 Released". OPNsense. Retrieved 15 October 2015.
  36. ^ Orr, William (23 April 2014). "A quick recap over the last week". OpenSSL Valhalla Rampage. Retrieved 30 April 2014.[self-published source?]
  37. ^ "OpenBSD LibreSSL CVS Calloc Commits". Secure.freshbsd.org.
  38. ^ "OpenBSD LibreSSL CVS Double Free Commits". Secure.freshbsd.org.
  39. ^ "OpenBSD LibreSSL CVS insecure seeding". Secure.freshbsd.org.
  40. ^ "OpenBSD LibreSSL CVS Kernel Seeding". Secure.freshbsd.org.
  41. ^ a b c "LibreSSL-portable ChangeLog". LibreSSL.
  42. ^ Beck, Bob (12 October 2014). "LibreSSL 2.1.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  43. ^ Beck, Bob (9 December 2014). "LibreSSL 2.1.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  44. ^ a b Cook, Brent (22 January 2015). "LibreSSL 2.1.3 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  45. ^ Cook, Brent (4 March 2015). "LibreSSL 2.1.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  46. ^ Cook, Brent (17 March 2015). "LibreSSL 2.1.5 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  47. ^ Cook, Brent (19 March 2015). "LibreSSL 2.1.6 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  48. ^ Cook, Brent (11 June 2015). "LibreSSL 2.1.7 and 2.2.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  49. ^ a b Cook, Brent (9 July 2015). "LibreSSL 2.2.1 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  50. ^ a b Cook, Brent (6 August 2015). "LibreSSL 2.2.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  51. ^ Beck, Bob (16 October 2014). "LibreSSL 2.1.1 released".
  52. ^ "OpenBSD LibreSSL CVS OPENSSL_NO_HEARTBEATS".
  53. ^ Miod Vallat. "Remove support for big-endian i386 and amd64".
  54. ^ Perlroth, Nicole (10 September 2013). "Government Announces Steps to Restore Confidence on Encryption Standards". The New York Times. Retrieved 9 May 2014.
  55. ^ "The future (or lack thereof) of LibreSSL's FIPS Object Module".
  56. ^ Beck, Bob (3 August 2014). "LibreSSL 2.0.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  57. ^ Vallat, Miod (10 November 2014). "Re: CVS: cvs.openbsd.org: src". openbsd-cvs (Mailing list). Retrieved 28 October 2015.

External links[edit]