LibreSSL

Last updated

LibreSSL
Original author(s) The OpenSSL Project
Developer(s) The OpenBSD Project
Initial release2.0.0 / 11 July 2014;10 years ago (2014-07-11)
Stable release
3.9.2 [1]   OOjs UI icon edit-ltr-progressive.svg / 12 May 2024
Preview release 3.9.0 (9 March 2024;5 months ago (2024-03-09) [2] [3] ) [±]
Repository
Written in C, assembly, Perl
Operating system OpenBSD, FreeBSD, NetBSD, Linux, HP-UX, Solaris, macOS, Windows and others [4]
Type Cryptography library
License Apache-1.0, BSD-4-Clause, ISC, public domain
Website www.libressl.org

LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, [5] [6] [7] [8] with the goals of modernizing the codebase, improving security, and applying development best practices. [9] [10] [11]

Contents

History

After the Heartbleed security vulnerability was discovered in OpenSSL, the OpenBSD team audited the codebase and decided it was necessary to fork OpenSSL to remove dangerous code. [5] The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed. [10] [12] Unused code was removed, and support for obsolete operating systems (Classic Mac OS, NetWare, OS/2, 16-bit Windows) and some older operating systems (OpenVMS) was removed. [13]

LibreSSL was initially developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was ported to other platforms once a stripped-down version of the library was stable. [14] As of April 2014, the project was seeking a "stable commitment" of external funding. [12] On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month. [15] On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance, [16] LibreSSL was not; Theo de Raadt accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL. [17]

On 20 June 2014, Google created another fork of OpenSSL called BoringSSL, and promised to exchange fixes with LibreSSL. [18] [19] Google has already relicensed some of its contributions under the ISC license, as it was requested by the LibreSSL developers. [18] [20] On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable. [21] Starting on 8 July, code porting for macOS and Solaris began, [22] while the initial porting to Linux began on 20 June. [23]

As of 2021, OpenBSD uses LibreSSL as the primary SSL library. Alpine Linux supported LibreSSL as its primary TLS library for three years, until release 3.9.0 in January 2019. Gentoo supported LibreSSL until February 2021. [24] Python 3.10 dropped LibreSSL [25] after being supported since Python 3.4.3 (2015). [26]

Adoption

LibreSSL is the default provider of TLS for:

LibreSSL is the default provider of TLS for these now-discontinued systems:

LibreSSL is a selectable provider of TLS for:

Changes

Changes include replacement of custom memory calls to ones in a standard library (for example, strlcpy , calloc , asprintf , reallocarray , etc.). [39] [ self-published source? ] [40] This process may help later on to catch buffer overflow errors with more advanced memory analysis tools or by observing program crashes (via ASLR, use of the NX bit, stack canaries, etc.).

Fixes for potential double free scenarios have also been cited in the VCS commit logs (including explicit assignments of null pointer values). [41] There have been extra sanity checks also cited in the commit logs related to ensuring length arguments, unsigned-to-signed variable assignments, pointer values, and method returns.

Proactive measures

In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also been code readability updates which help future contributors in verifying program correctness (KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error and I/O abstraction library references).

Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining portability for other similar platforms. In addition, explicit_bzero and bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.

Cryptographic

There were changes to help ensure proper seeding of random number generator-based methods via replacements of insecure seeding practices (taking advantage of features offered by the kernel itself natively). [42] [43] In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms (ChaCha stream cipher and Poly1305 message authentication code) along with a safer set of elliptic curves (brainpool curves from RFC 5639, up to 512 bits in strength).

Added features

The initial release of LibreSSL added a number of features: the ChaCha and Poly1305 algorithm, the Brainpool and ANSSI elliptic curves, and the AES-GCM and ChaCha20-Poly1305 AEAD modes.

Later versions added the following: [44]

Old insecure features

The initial release of LibreSSL disabled a number of features by default. [13] Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat, SSL v2 and SSL v3.

Later versions disabled more features:

Code removal

The initial release of LibreSSL has removed a number of features that were deemed insecure, unnecessary or deprecated as part of OpenBSD 5.6.

The Dual EC DRBG algorithm, which is suspected of having a back door, [57] was cut along with support for the FIPS 140-2 standard that required[ citation needed ] it. Unused protocols and insecure algorithms have also been removed, including the support for FIPS 140-2, [58] MD4/MD5 [44] J-PAKE, [13] and SRP. [59]

Bug backlog

One of the complaints of OpenSSL was the number of open bugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL. [60]

See also

Related Research Articles

<span class="mw-page-title-main">Apache HTTP Server</span> Open-source web server software

The Apache HTTP Server is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. It is developed and maintained by a community of developers under the auspices of the Apache Software Foundation.

<span class="mw-page-title-main">Lynx (web browser)</span> Text-based, cross-platform web browser

Lynx is a customizable text-based web browser for use on cursor-addressable character cell terminals. As of 2024, it is the oldest web browser still being maintained, having started in 1992.

PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw, and ipfilter.

CAcert.org is a community-driven certificate authority that issues free X.509 public key certificates. CAcert.org relies heavily on automation and therefore issues only Domain-validated certificates.

<span class="mw-page-title-main">Theo de Raadt</span> Leader of the OpenBSD project (born 1968)

Theo de Raadt is a South African-born software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt won the Free Software Award for his work on OpenBSD and OpenSSH.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by Niels Provos and runs on various Unix-like operating systems.

IPFilter is an open-source software package that provides firewall services and network address translation (NAT) for many Unix-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.

netcat Computer networking utility

netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

Ports collections are the sets of makefiles and patches provided by the BSD-based operating systems, FreeBSD, NetBSD, and OpenBSD, as a simple method of installing software or creating binary packages. They are usually the base of a package management system, with ports handling package creation and additional tools managing package removal, upgrade, and other tasks. In addition to the BSDs, a few Linux distributions have implemented similar infrastructure, including Gentoo's Portage, Arch's Arch Build System (ABS), CRUX's Ports and Void Linux's Templates.

The Portable C Compiler is an early compiler for the C programming language written by Stephen C. Johnson of Bell Labs in the mid-1970s, based in part on ideas proposed by Alan Snyder in 1973, and "distributed as the C compiler by Bell Labs... with the blessing of Dennis Ritchie."

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

<span class="mw-page-title-main">OpenBSD</span> Operating system

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

<span class="mw-page-title-main">NetBSD</span> Free and open-source Unix-like operating system

NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is available for many platforms, including servers, desktops, handheld devices, and embedded systems.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

<span class="mw-page-title-main">OpenSMTPD</span> SMTP server

OpenSMTPD is a Unix daemon implementing the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers. It was publicly released on 17 March 2013 with version number 5.3, after being in development since late 2008.

The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2.8. Like other OpenBSD projects such as OpenSSH, it has been ported to other systems based on Berkeley Unix such as FreeBSD and NetBSD, and to Solaris and Linux. One of the Linux ports is supported by Intel for use with its proprietary cryptographic software and hardware to provide hardware-accelerated SSL encryption for the open source Apache HTTP Server.

<span class="mw-page-title-main">Heartbleed</span> Security bug in OpenSSL

Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation in the implementation of the TLS heartbeat extension. Thus, the bug's name derived from heartbeat. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed.

POODLE is a security vulnerability which takes advantage of the fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014. On December 8, 2014, a variation of the POODLE vulnerability that affected TLS was announced.

References

  1. Brent Cook (12 May 2024). "LibreSSL 3.9.2 Released" . Retrieved 12 May 2024.
  2. "LibreSSL" . Retrieved 14 March 2024.
  3. "LibreSSL Releases" . Retrieved 14 March 2024.
  4. "LibreSSL Releases".
  5. 1 2 Unangst, Ted (22 April 2014). "Origins of libressl". flak. Retrieved 24 April 2014.
  6. Kerner, Sean Michael (22 April 2014). "After Heartbleed, OpenSSL Is Forked Into LibreSSL". eWeek . Retrieved 24 April 2014.
  7. "Not Just a Cleanup Any More: LibreSSL Project Announced". Slashdot. 22 April 2014. Retrieved 24 April 2014.
  8. M, Constantine (17 May 2014). Soulskill (ed.). "30-Day Status Update On LibreSSL". Slashdot.
  9. "LibreSSL".
  10. 1 2 Seltzer, Larry (21 April 2014). "OpenBSD forks, prunes, fixes OpenSSL". Zero Day. ZDNet . Retrieved 21 April 2014.
  11. Hessler, Peter (15 April 2014). "OpenBSD has started a massive strip-down and cleanup of OpenSSL". OpenBSD Journal . Retrieved 24 April 2014.
  12. 1 2 Brodkin, Jon (22 April 2014). "OpenSSL code beyond repair, claims creator of "LibreSSL" fork". Ars Technica . Retrieved 24 April 2014.
  13. 1 2 3 4 Jacoutot, Antoine (1 November 2014). "OpenBSD 5.6 Released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  14. McCallion, Jane (22 April 2014). "Heartbleed: LibreSSL scrubs "irresponsible" OpenSSL code". PC Pro . Archived from the original on 26 June 2014. Retrieved 23 April 2014.
  15. Beck, Bob (17 May 2014). "LibreSSL: The first 30 days, and what the Future Holds Slides" . Retrieved 17 May 2014.
  16. "Re: OpenSSL seven security fixes". oss-sec (Mailing list). 5 June 2014. Retrieved 9 June 2014.
  17. de Raadt, Theo (5 June 2014). "Re: new OpenSSL flaws". openbsd-misc (Mailing list). Retrieved 9 June 2014.
  18. 1 2 Langley, Adam (20 June 2014). "BoringSSL (20 Jun 2014)". Imperialviolet.org. Retrieved 21 June 2014.
  19. Goodin, Dan (20 June 2014). "Google unveils independent "fork" of OpenSSL called "BoringSSL"". Ars Technica . Retrieved 21 June 2014.
  20. Sing, Joel (21 June 2014). "OpenBSD — lib/libssl/src/crypto/evp evp_aead.c e_chacha20poly1305.c". Archived from the original on 22 June 2014. Retrieved 21 June 2014.
  21. de Raadt, Theo (21 June 2014). "Boringssl and such". openbsd-tech (Mailing list). Retrieved 28 October 2015.
  22. Beck, Bob (8 July 2014). "OpenBSD - lib/libcrypto/crypto getentropy_osx.c getentropy_solaris.c". Archived from the original on 22 July 2014. Retrieved 8 July 2014.
  23. Beck, Bob (20 June 2014). "OpenBSD — lib/libcrypto/crypto getentropy_linux.c". Archived from the original on 9 July 2014.
  24. "LibreSSL languishes on Linux [LWN.net]". lwn.net. Retrieved 6 January 2021.
  25. "PEP 644 -- Require OpenSSL 1.1.1 or newer".
  26. "Changelog — Python 3.4.10 documentation".
  27. Marino, John. "[Beta] Switch base to use private LibreSSL libraries" . Retrieved 9 November 2018.
  28. "Milky Way v0.3 release". Hyperbola Project. 23 September 2019. Retrieved 23 September 2019.
  29. Raue, Stephan. "OpenELEC Mediacenter - [Beta] OpenELEC 6.0 Beta 2 released". Openelec.tv. Archived from the original on 26 November 2015. Retrieved 20 August 2015.
  30. "PC-BSD Evolves into TrueOS". Archived from the original on 16 September 2016. Retrieved 16 September 2016.
  31. VonFange, Mark. "PC-BSD 10.1.2: an Interview with Kris Moore". Official PC-BSD Blog. Retrieved 15 October 2015.
  32. "Add DEFAULT_VERSIONS=ssl=XXX". Svnweb.freebsd.org.
  33. "Project:LibreSSL - Gentoo". Wiki.gentoo.org.
  34. Górny, Michał (5 January 2021). "LibreSSL support discontinued". www.gentoo.org. Retrieved 30 March 2021.
  35. Górny, Michał (31 December 2020). "Bug 762847 - dev-libs/libressl: Removal". bugs.gentoo.org. Retrieved 30 March 2021.
  36. Górny, Michał (28 December 2020). "[gentoo-dev][RFC] Discontinuing LibreSSL support?". archives.gentoo.org. Retrieved 30 March 2021.
  37. "OPNsense version 15.7 Released". OPNsense. Retrieved 15 October 2015.
  38. "OPNsense version 22.7 Released". OPNsense. Retrieved 5 August 2022.
  39. Orr, William (23 April 2014). "A quick recap over the last week". OpenSSL Valhalla Rampage. Retrieved 30 April 2014.
  40. "OpenBSD LibreSSL CVS Calloc Commits". Secure.freshbsd.org.
  41. "OpenBSD LibreSSL CVS Double Free Commits". Secure.freshbsd.org.
  42. "OpenBSD LibreSSL CVS insecure seeding". Secure.freshbsd.org.
  43. "OpenBSD LibreSSL CVS Kernel Seeding". Secure.freshbsd.org. Archived from the original on 16 September 2014.
  44. 1 2 3 "LibreSSL-portable ChangeLog". LibreSSL. 15 October 2021.
  45. Beck, Bob (12 October 2014). "LibreSSL 2.1.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  46. Beck, Bob (9 December 2014). "LibreSSL 2.1.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  47. 1 2 Cook, Brent (22 January 2015). "LibreSSL 2.1.3 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  48. Cook, Brent (4 March 2015). "LibreSSL 2.1.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  49. Cook, Brent (17 March 2015). "LibreSSL 2.1.5 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  50. Cook, Brent (19 March 2015). "LibreSSL 2.1.6 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  51. Cook, Brent (11 June 2015). "LibreSSL 2.1.7 and 2.2.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  52. 1 2 Cook, Brent (9 July 2015). "LibreSSL 2.2.1 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  53. 1 2 Cook, Brent (6 August 2015). "LibreSSL 2.2.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  54. Beck, Bob (16 October 2014). "LibreSSL 2.1.1 released". openbsd-tech (Mailing list).
  55. "OpenBSD LibreSSL CVS OPENSSL_NO_HEARTBEATS".
  56. Miod Vallat. "Remove support for big-endian i386 and amd64". openbsd-cvs (Mailing list).
  57. Perlroth, Nicole (10 September 2013). "Government Announces Steps to Restore Confidence on Encryption Standards". The New York Times. Retrieved 9 May 2014.
  58. "The future (or lack thereof) of LibreSSL's FIPS Object Module".
  59. Beck, Bob (3 August 2014). "LibreSSL 2.0.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
  60. Vallat, Miod (10 November 2014). "Re: CVS: cvs.openbsd.org: src". openbsd-cvs (Mailing list). Retrieved 28 October 2015.