Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: 30-Day Status Update On The LibreSSL OpenSSL-Fork

  1. #1
    Join Date
    Jan 2007
    Posts
    14,325

    Default 30-Day Status Update On The LibreSSL OpenSSL-Fork

    Phoronix: 30-Day Status Update On The LibreSSL OpenSSL-Fork

    Bob Beck of the OpenBSD project has provided a status update on the first 30 days of the LibreSSL project that's a fork of OpenSSL following the notorious heartbleed bug...

    http://www.phoronix.com/vr.php?view=MTY5MzA

  2. #2
    Join Date
    Jul 2011
    Posts
    105

    Default Re

    1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
    And they call this half-million diffs? Most of the diff is removed support for other platforms...

  3. #3
    Join Date
    Apr 2011
    Posts
    35

    Default

    I hope they make a better job than debian did: http://web.archive.org/web/200911051...ebian-openssl/

  4. #4
    Join Date
    Jul 2012
    Posts
    82

    Default

    Quote Originally Posted by mark_ View Post
    I hope they make a better job than debian did: http://web.archive.org/web/200911051...ebian-openssl/
    If OpenSSL's PRNG hadn't used areas of uninitialised memory as part of its seeding, Debian wouldn't have accidentally introduced that bug,

    If OpenSSL's PRNG didn't fall back to really bad entropy sources as a last resort, the bug wouldn't have been hidden for so long and fixed sooner.

    LibreSSL gets rid of OpenSSL's PRNG entirely and uses something much simpler - the OS kernel's PRNG to seed, and arc4random to stretch the amount of output - fairly well understood and has been used already by OpenSSH, libevent, Bionic libc etc.

  5. #5
    Join Date
    May 2014
    Posts
    7

    Default

    Quote Originally Posted by Alliancemd View Post
    1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
    And they call this half-million diffs? Most of the diff is removed support for other platforms...
    LibreSSL will be portable. They need a small codebase in order to fix the beast, and the OpenSSL portability approach was really wrong.

  6. #6
    Join Date
    Feb 2014
    Location
    Sydney, Australia
    Posts
    1

    Default

    Quote Originally Posted by Alliancemd View Post
    1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
    And they call this half-million diffs? Most of the diff is removed support for other platforms...
    I would rather they spent time better maintaining the core code and fix the most commonly used platforms than expend efforts on things like 16 bit Windows, DOS etc

  7. #7
    Join Date
    Jul 2008
    Posts
    28

    Question hardware AES

    so did LibreSSL make nicer and easier support of the hardware acceleration on AES?

  8. #8
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,859

    Default

    Quote Originally Posted by Alliancemd View Post
    1 thing I don't like is that they intentionally removed the support for other platforms(You can see that even from the first commits)...
    And they call this half-million diffs? Most of the diff is removed support for other platforms...
    It was removed temporarily. They already have a plan in place for how to support other platforms but their first goal is "Make it work on OpenBSD. Make it work right." THEN they are gonna worry about other platforms.

  9. #9
    Join Date
    Jan 2013
    Posts
    166

    Default

    Frankly, I think the Linux Foundation should pull the funding from OpenSSL and give it to these guys.

  10. #10

    Default

    The Linux Fundation won't give money to a project that only run on OpenBSD. Until they officialy get the penguin support back, they might consider if they compare to how the openssl is doing compared to libressl.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •