Announcement

Collapse
No announcement yet.

30-Day Status Update On The LibreSSL OpenSSL-Fork

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 30-Day Status Update On The LibreSSL OpenSSL-Fork

    Phoronix: 30-Day Status Update On The LibreSSL OpenSSL-Fork

    Bob Beck of the OpenBSD project has provided a status update on the first 30 days of the LibreSSL project that's a fork of OpenSSL following the notorious heartbleed bug...

    http://www.phoronix.com/vr.php?view=MTY5MzA

  • #2
    Re

    1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
    And they call this half-million diffs? Most of the diff is removed support for other platforms...

    Comment


    • #3
      I hope they make a better job than debian did: http://web.archive.org/web/200911051...ebian-openssl/

      Comment


      • #4
        Originally posted by mark_ View Post
        I hope they make a better job than debian did: http://web.archive.org/web/200911051...ebian-openssl/
        If OpenSSL's PRNG hadn't used areas of uninitialised memory as part of its seeding, Debian wouldn't have accidentally introduced that bug,

        If OpenSSL's PRNG didn't fall back to really bad entropy sources as a last resort, the bug wouldn't have been hidden for so long and fixed sooner.

        LibreSSL gets rid of OpenSSL's PRNG entirely and uses something much simpler - the OS kernel's PRNG to seed, and arc4random to stretch the amount of output - fairly well understood and has been used already by OpenSSH, libevent, Bionic libc etc.

        Comment


        • #5
          Originally posted by Alliancemd View Post
          1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
          And they call this half-million diffs? Most of the diff is removed support for other platforms...
          LibreSSL will be portable. They need a small codebase in order to fix the beast, and the OpenSSL portability approach was really wrong.

          Comment


          • #6
            Originally posted by Alliancemd View Post
            1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
            And they call this half-million diffs? Most of the diff is removed support for other platforms...
            I would rather they spent time better maintaining the core code and fix the most commonly used platforms than expend efforts on things like 16 bit Windows, DOS etc

            Comment


            • #7
              hardware AES

              so did LibreSSL make nicer and easier support of the hardware acceleration on AES?

              Comment


              • #8
                Originally posted by Alliancemd View Post
                1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
                And they call this half-million diffs? Most of the diff is removed support for other platforms...
                It was removed temporarily. They already have a plan in place for how to support other platforms but their first goal is "Make it work on OpenBSD. Make it work right." THEN they are gonna worry about other platforms.

                Comment


                • #9
                  Frankly, I think the Linux Foundation should pull the funding from OpenSSL and give it to these guys.

                  Comment


                  • #10
                    The Linux Fundation won't give money to a project that only run on OpenBSD. Until they officialy get the penguin support back, they might consider if they compare to how the openssl is doing compared to libressl.

                    Comment

                    Working...
                    X