Announcement

Collapse
No announcement yet.

OpenBSD Affirms That LibreSSL Will Be Portable

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Nuc!eoN View Post
    Lol I though that blink tag support in firefox has been removed :s
    You're quite possibly right. The blinking thing on LibreSSL page is done in CSS tho.

    Comment


    • #12
      Originally posted by Nuc!eoN View Post
      This LibreSLL idea is uterly dumb. They should better concentrate on making the best of the current OpenSSL rather than making another fork of a fork of a fork. What a wasteful mentality. This is like ffmpeg and LibAv... kindergarden.
      Having alternatives is great. In the end, competitiveness is what drives innovation, be it open-source or proprietary. Imagine a world were there's only Gnome3?!

      Comment


      • #13
        Originally posted by jmcknight View Post
        I don't want to be that guy, but I find it interesting that the OpenBSD guys decided to fork OpenSSL because they seem to believe that there were poor decisions made throughout the project. Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans. They can't seriously criticize anyone's decision making when the page that represents their efforts looks like a 13 year old kid made this page back in 1997.
        from the website:
        This page scientifically designed to annoy web hipsters. Donate now to stop the Comic Sans and Blink Tags
        I would say its achieving its objective :P

        Comment


        • #14
          Originally posted by jmcknight View Post
          I don't want to be that guy, but I find it interesting that the OpenBSD guys decided to fork OpenSSL because they seem to believe that there were poor decisions made throughout the project. Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans. They can't seriously criticize anyone's decision making when the page that represents their efforts looks like a 13 year old kid made this page back in 1997.
          The web design on that page is humour. They went out of their way to use CSS to do the blinking in browsers where the blink tag doesn't work anymore.

          Comment


          • #15
            Originally posted by Nuc!eoN View Post
            Lol I though that blink tag support in firefox has been removed :s
            Someone contributed a CSS3 transition to make it work

            Comment


            • #16
              Here's a Phoronix Forum exclusive: a quick and dirty port of LibreSSL almost breathing on GNU/kFreeBSD. To answer your first question, here's a benchmark run:
              Code:
              steven@sid:/usr/src/lib/libssl/src/apps$ uname -a
              GNU/kFreeBSD sid.kfreebsd-amd64 9.0-2-amd64-xenhvm #0 Tue Sep 10 13:23:50 BST 2013 x86_64 amd64 Quad-Core AMD Opteron(tm) Processor 8380 GNU/kFreeBSD
              steven@sid:/usr/src/lib/libssl/src/apps$ ./openssl version
              WARNING: can't open config file: /usr/local/ssl/openssl.cnf
              OpenSSL 1.0.1g 7 Apr 2014
              steven@sid:/usr/src/lib/libssl/src/apps$ ./openssl speed sha256 aes-128-cbc aes-256-cbc bf-cbc
              WARNING: can't open config file: /usr/local/ssl/openssl.cnf
              Doing sha256 for 3s on 16 size blocks: 6219022 sha256's in 2.95s
              Doing sha256 for 3s on 64 size blocks: 3269222 sha256's in 2.90s
              Doing sha256 for 3s on 256 size blocks: 1402256 sha256's in 2.92s
              Doing sha256 for 3s on 1024 size blocks: 437964 sha256's in 3.00s
              Doing sha256 for 3s on 8192 size blocks: 54274 sha256's in 2.85s
              Doing aes-128 cbc for 3s on 16 size blocks: 13505171 aes-128 cbc's in 3.00s
              Doing aes-128 cbc for 3s on 64 size blocks: 3576249 aes-128 cbc's in 2.98s
              Doing aes-128 cbc for 3s on 256 size blocks: 859247 aes-128 cbc's in 2.85s
              Doing aes-128 cbc for 3s on 1024 size blocks: 589087 aes-128 cbc's in 3.00s
              Doing aes-128 cbc for 3s on 8192 size blocks: 73784 aes-128 cbc's in 2.98s
              Doing aes-256 cbc for 3s on 16 size blocks: 9440342 aes-256 cbc's in 2.95s
              Doing aes-256 cbc for 3s on 64 size blocks: 2393695 aes-256 cbc's in 2.88s
              Doing aes-256 cbc for 3s on 256 size blocks: 625699 aes-256 cbc's in 2.95s
              Doing aes-256 cbc for 3s on 1024 size blocks: 414380 aes-256 cbc's in 3.00s
              Doing aes-256 cbc for 3s on 8192 size blocks: 47401 aes-256 cbc's in 2.80s
              Doing blowfish cbc for 3s on 16 size blocks: 17311866 blowfish cbc's in 2.97s
              Doing blowfish cbc for 3s on 64 size blocks: 4730648 blowfish cbc's in 2.98s
              Doing blowfish cbc for 3s on 256 size blocks: 1103712 blowfish cbc's in 2.80s
              Doing blowfish cbc for 3s on 1024 size blocks: 305217 blowfish cbc's in 3.00s
              Doing blowfish cbc for 3s on 8192 size blocks: 37456 blowfish cbc's in 2.95s
              Segmentation fault
              It's using a standalone implementation of arc4random based on ChaCha20, but there's a problem with it so any RSA/DSA/ECDSA/ECDH operation crashes, as do many other things, so it's basically useless yet.

              For comparison with the above, here are figures for the regular Debian-packaged OpenSSL, on the same machine:
              Code:
              steven@sid:~$ openssl version
              OpenSSL 1.0.1g 7 Apr 2014
              steven@sid:~$ openssl speed sha256 aes-128-cbc aes-256-cbc bf-cbc
              Doing sha256 for 3s on 16 size blocks: 5709447 sha256's in 2.82s
              Doing sha256 for 3s on 64 size blocks: 3394699 sha256's in 3.00s
              Doing sha256 for 3s on 256 size blocks: 1406280 sha256's in 2.93s
              Doing sha256 for 3s on 1024 size blocks: 412351 sha256's in 2.88s
              Doing sha256 for 3s on 8192 size blocks: 57252 sha256's in 2.95s
              Doing aes-128 cbc for 3s on 16 size blocks: 13477136 aes-128 cbc's in 3.00s
              Doing aes-128 cbc for 3s on 64 size blocks: 3604450 aes-128 cbc's in 3.00s
              Doing aes-128 cbc for 3s on 256 size blocks: 859935 aes-128 cbc's in 2.87s
              Doing aes-128 cbc for 3s on 1024 size blocks: 586107 aes-128 cbc's in 3.00s
              Doing aes-128 cbc for 3s on 8192 size blocks: 74086 aes-128 cbc's in 2.98s
              Doing aes-256 cbc for 3s on 16 size blocks: 9056971 aes-256 cbc's in 2.87s
              Doing aes-256 cbc for 3s on 64 size blocks: 2528676 aes-256 cbc's in 3.00s
              Doing aes-256 cbc for 3s on 256 size blocks: 625219 aes-256 cbc's in 2.95s
              Doing aes-256 cbc for 3s on 1024 size blocks: 387006 aes-256 cbc's in 2.87s
              Doing aes-256 cbc for 3s on 8192 size blocks: 51384 aes-256 cbc's in 2.97s
              Doing blowfish cbc for 3s on 16 size blocks: 17537261 blowfish cbc's in 3.00s
              Doing blowfish cbc for 3s on 64 size blocks: 4760650 blowfish cbc's in 3.00s
              Doing blowfish cbc for 3s on 256 size blocks: 1119655 blowfish cbc's in 2.83s
              Doing blowfish cbc for 3s on 1024 size blocks: 304690 blowfish cbc's in 3.00s
              Doing blowfish cbc for 3s on 8192 size blocks: 37956 blowfish cbc's in 2.98s
              Results don't vary more than 10% across implementations and, averaged overall, there's less than 0.1% difference. This isn't surprising - the bulk of the work is happening in SSL/TLS code - where there could be some measurable difference in performance. I just don't have it working yet.
              Last edited by stevenc; 09 May 2014, 06:07 PM.

              Comment


              • #17
                Originally posted by stevenc View Post
                Here's a Phoronix Forum exclusive: a quick and dirty port of LibreSSL almost breathing on GNU/kFreeBSD.
                How come this wasn't performed on OpenBSD? Wouldn't it have been a better platform choice if it was the most supported by both libraries?

                Comment


                • #18
                  Originally posted by Amaranth View Post
                  Money sort of is the problem in this case. For whatever reason (there are many) only two people really do any work on OpenSSL, neither are able to do it full time, and most of the time they do get to spend on it is doing contract work to add new features, not clean things up or do bug fixing. Having a funding source that lets them bring on more people and focus on maintenance instead of features should help a ton.

                  That said, perhaps they should look in to merging some of the LibreSSL changes to get a head start on the cleanup effort.
                  No, money is the problem. That's why LibreSSL will be even more fucked up then OpenSSL. The WideOpenBSD team already can't pay thier power pills due to theo the rat's insistence of using inefficient outdated hardware.

                  I can't wait to see LibreSSL fail. Just like OpenCVS. that website (OpenCVS.org) is now gone.

                  Go GNUTLS
                  Last edited by jake_lesser; 09 May 2014, 08:33 PM.

                  Comment


                  • #19
                    Originally posted by stevenc View Post
                    Here's a Phoronix Forum exclusive: a quick and dirty port of LibreSSL almost breathing on GNU/kFreeBSD. To answer your first question, here's a benchmark run:
                    Code:
                    steven@sid:/usr/src/lib/libssl/src/apps$ uname -a
                    GNU/kFreeBSD sid.kfreebsd-amd64 9.0-2-amd64-xenhvm #0 Tue Sep 10 13:23:50 BST 2013 x86_64 amd64 Quad-Core AMD Opteron(tm) Processor 8380 GNU/kFreeBSD
                    steven@sid:/usr/src/lib/libssl/src/apps$ ./openssl version
                    WARNING: can't open config file: /usr/local/ssl/openssl.cnf
                    OpenSSL 1.0.1g 7 Apr 2014
                    steven@sid:/usr/src/lib/libssl/src/apps$ ./openssl speed sha256 aes-128-cbc aes-256-cbc bf-cbc
                    WARNING: can't open config file: /usr/local/ssl/openssl.cnf
                    Doing sha256 for 3s on 16 size blocks: 6219022 sha256's in 2.95s
                    Doing sha256 for 3s on 64 size blocks: 3269222 sha256's in 2.90s
                    Doing sha256 for 3s on 256 size blocks: 1402256 sha256's in 2.92s
                    Doing sha256 for 3s on 1024 size blocks: 437964 sha256's in 3.00s
                    Doing sha256 for 3s on 8192 size blocks: 54274 sha256's in 2.85s
                    Doing aes-128 cbc for 3s on 16 size blocks: 13505171 aes-128 cbc's in 3.00s
                    Doing aes-128 cbc for 3s on 64 size blocks: 3576249 aes-128 cbc's in 2.98s
                    Doing aes-128 cbc for 3s on 256 size blocks: 859247 aes-128 cbc's in 2.85s
                    Doing aes-128 cbc for 3s on 1024 size blocks: 589087 aes-128 cbc's in 3.00s
                    Doing aes-128 cbc for 3s on 8192 size blocks: 73784 aes-128 cbc's in 2.98s
                    Doing aes-256 cbc for 3s on 16 size blocks: 9440342 aes-256 cbc's in 2.95s
                    Doing aes-256 cbc for 3s on 64 size blocks: 2393695 aes-256 cbc's in 2.88s
                    Doing aes-256 cbc for 3s on 256 size blocks: 625699 aes-256 cbc's in 2.95s
                    Doing aes-256 cbc for 3s on 1024 size blocks: 414380 aes-256 cbc's in 3.00s
                    Doing aes-256 cbc for 3s on 8192 size blocks: 47401 aes-256 cbc's in 2.80s
                    Doing blowfish cbc for 3s on 16 size blocks: 17311866 blowfish cbc's in 2.97s
                    Doing blowfish cbc for 3s on 64 size blocks: 4730648 blowfish cbc's in 2.98s
                    Doing blowfish cbc for 3s on 256 size blocks: 1103712 blowfish cbc's in 2.80s
                    Doing blowfish cbc for 3s on 1024 size blocks: 305217 blowfish cbc's in 3.00s
                    Doing blowfish cbc for 3s on 8192 size blocks: 37456 blowfish cbc's in 2.95s
                    Segmentation fault
                    It's using a standalone implementation of arc4random based on ChaCha20, but there's a problem with it so any RSA/DSA/ECDSA/ECDH operation crashes, as do many other things, so it's basically useless yet.

                    For comparison with the above, here are figures for the regular Debian-packaged OpenSSL, on the same machine:
                    Code:
                    steven@sid:~$ openssl version
                    OpenSSL 1.0.1g 7 Apr 2014
                    steven@sid:~$ openssl speed sha256 aes-128-cbc aes-256-cbc bf-cbc
                    Doing sha256 for 3s on 16 size blocks: 5709447 sha256's in 2.82s
                    Doing sha256 for 3s on 64 size blocks: 3394699 sha256's in 3.00s
                    Doing sha256 for 3s on 256 size blocks: 1406280 sha256's in 2.93s
                    Doing sha256 for 3s on 1024 size blocks: 412351 sha256's in 2.88s
                    Doing sha256 for 3s on 8192 size blocks: 57252 sha256's in 2.95s
                    Doing aes-128 cbc for 3s on 16 size blocks: 13477136 aes-128 cbc's in 3.00s
                    Doing aes-128 cbc for 3s on 64 size blocks: 3604450 aes-128 cbc's in 3.00s
                    Doing aes-128 cbc for 3s on 256 size blocks: 859935 aes-128 cbc's in 2.87s
                    Doing aes-128 cbc for 3s on 1024 size blocks: 586107 aes-128 cbc's in 3.00s
                    Doing aes-128 cbc for 3s on 8192 size blocks: 74086 aes-128 cbc's in 2.98s
                    Doing aes-256 cbc for 3s on 16 size blocks: 9056971 aes-256 cbc's in 2.87s
                    Doing aes-256 cbc for 3s on 64 size blocks: 2528676 aes-256 cbc's in 3.00s
                    Doing aes-256 cbc for 3s on 256 size blocks: 625219 aes-256 cbc's in 2.95s
                    Doing aes-256 cbc for 3s on 1024 size blocks: 387006 aes-256 cbc's in 2.87s
                    Doing aes-256 cbc for 3s on 8192 size blocks: 51384 aes-256 cbc's in 2.97s
                    Doing blowfish cbc for 3s on 16 size blocks: 17537261 blowfish cbc's in 3.00s
                    Doing blowfish cbc for 3s on 64 size blocks: 4760650 blowfish cbc's in 3.00s
                    Doing blowfish cbc for 3s on 256 size blocks: 1119655 blowfish cbc's in 2.83s
                    Doing blowfish cbc for 3s on 1024 size blocks: 304690 blowfish cbc's in 3.00s
                    Doing blowfish cbc for 3s on 8192 size blocks: 37956 blowfish cbc's in 2.98s
                    Results don't vary more than 10% across implementations and, averaged overall, there's less than 0.1% difference. This isn't surprising - the bulk of the work is happening in SSL/TLS code - where there could be some measurable difference in performance. I just don't have it working yet.
                    That segfault was hilarious. LibreSSL can't even run on a FreeBSD kernel.

                    Comment


                    • #20
                      Originally posted by intellivision View Post
                      How come this wasn't performed on OpenBSD? Wouldn't it have been a better platform choice if it was the most supported by both libraries?
                      Because this is about portability as well.

                      Comment

                      Working...
                      X