Movatterモバイル変換


[0]ホーム

URL:


Jump to content
WikipediaThe Free Encyclopedia
Search

LibreSSL

From Wikipedia, the free encyclopedia
Open-source implementation of TLS protocols; forked from OpenSSL in 2014

LibreSSL
Puffy, the mascot ofOpenBSD, made to resembleKing Ferdinand[1]
Original author(s)TheOpenSSL Project
Developer(s)TheOpenBSD Project
Initial release2.0.0 / 11 July 2014; 10 years ago (2014-07-11)
Stable release
4.0.0[2] Edit this on Wikidata / 14 October 2024
Preview release3.9.0 (9 March 2024; 12 months ago (2024-03-09)[3][4]) [±]
Repository
Written inC,assembly,Perl
Operating systemOpenBSD,FreeBSD,NetBSD,Linux,HP-UX,Solaris,macOS,Windows and others[5]
TypeCryptographylibrary
LicenseApache-1.0,BSD-4-Clause,ISC,public domain
Websitewww.libressl.org

LibreSSL is anopen-source implementation of theTransport Layer Security (TLS) protocol. The implementation is named afterSecure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. TheOpenBSD projectforked LibreSSL fromOpenSSL 1.0.1g in April 2014 as a response to theHeartbleed securityvulnerability,[6][7][8][9] with the goals of modernizing thecodebase, improvingsecurity, and applying developmentbest practices.[10][11][12]

History

[edit]

After theHeartbleed securityvulnerability was discovered inOpenSSL, theOpenBSD teamaudited the codebase and decided it was necessary tofork OpenSSL to remove dangerous code.[6] The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed.[11][13] Unused code was removed, and support for obsoleteoperating systems (Classic Mac OS,NetWare,OS/2,16-bit Windows) and some olderoperating systems (OpenVMS) was removed.[14]

LibreSSL was initially developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was ported to other platforms once a stripped-down version of the library was stable.[15] As of April 2014[update], the project was seeking a "stable commitment" of external funding.[13] On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month.[16] On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance,[17] LibreSSL was not;Theo de Raadt accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL.[18]

On 20 June 2014,Google created another fork of OpenSSL calledBoringSSL, and promised to exchange fixes with LibreSSL.[19][20] Google has alreadyrelicensed some of its contributions under theISC license, as it was requested by the LibreSSL developers.[19][21] On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable.[22] Starting on 8 July, code porting formacOS andSolaris began,[23] while the initial porting toLinux began on 20 June.[24]

As of 2021, OpenBSD uses LibreSSL as the primary TLS library.Alpine Linux supported LibreSSL as its primary TLS library for three years, until release 3.9.0 in January 2019.Gentoo supported LibreSSL until February 2021.[25]Python 3.10 dropped LibreSSL[26] after being supported since Python 3.4.3 (2015).[27]

Adoption

[edit]

LibreSSL is the default provider of TLS for:

LibreSSL is the default provider of TLS for these now-discontinued systems:

LibreSSL is a selectable provider of TLS for:

Changes

[edit]

Memory-related

[edit]

Changes include replacement of custom memory calls to ones in astandard library (for example,strlcpy,calloc,asprintf,reallocarray, etc.).[40][self-published source?][41] This process may help later on to catchbuffer overflow errors with more advancedmemory analysis tools or by observing program crashes (viaASLR, use of theNX bit,stack canaries, etc.).

Fixes for potentialdouble free scenarios have also been cited in theVCS commit logs (including explicit assignments ofnull pointer values).[42] There have been extrasanity checks also cited in thecommit logs related to ensuring length arguments, unsigned-to-signedvariable assignments,pointer values, and method returns.

Proactive measures

[edit]

In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also beencode readability updates which help future contributors in verifying program correctness (KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error andI/O abstraction library references).

Changes were made to ensure that LibreSSL will beyear 2038 compatible along with maintainingportability for other similar platforms. In addition,explicit_bzero andbn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.

Cryptographic

[edit]

There were changes to help ensure properseeding ofrandom number generator-based methods via replacements of insecure seeding practices (taking advantage of features offered by thekernel itself natively).[43][44] In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms (ChaCha stream cipher andPoly1305 message authentication code) along with a safer set ofelliptic curves (brainpool curves from RFC 5639, up to 512 bits in strength).

Added features

[edit]

The initial release of LibreSSL added a number of features: theChaCha andPoly1305 algorithm, theBrainpool andANSSI elliptic curves, and theAES-GCM andChaCha20-Poly1305AEAD modes.

Later versions added the following:[45]

  • 2.1.0: Automaticephemeral EC keys.[46]
  • 2.1.2: Built-inarc4random implementation on macOS and FreeBSD.[47]
  • 2.1.2: ReworkedGOST cipher suite support.
  • 2.1.3:ALPN support.[48]
  • 2.1.3: Support forSHA-256 andCamellia cipher suites.
  • 2.1.4:TLS_FALLBACK_SCSV server-side support.[49]
  • 2.1.4: certhash as a replacement of the c_rehash script.
  • 2.1.4: X509_STORE_load_mem API for loading certificates from memory (enhance chroot support).
  • 2.1.4: ExperimentalWindowsbinaries.
  • 2.1.5: Minor update mainly for improving Windows support, first working 32- and64-bit binaries.[50]
  • 2.1.6: libtls declared stable and enabled by default.[51]
  • 2.2.0:AIX andCygwin support.[52]
  • 2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid[53] from OpenSSL, initialWindows XP/2003 support.
  • 2.2.2: Defines LIBRESSL_VERSION_NUMBER,[54] added TLS_*methods as a replacement for the SSLv23_*method calls,cmake build support.

Old insecure features

[edit]

The initial release of LibreSSL disabled a number of features by default.[14] Some of the code for these features was laterremoved, includingKerberos,US-Export ciphers, TLS compression,DTLS heartbeat,SSL v2 andSSL v3.

Later versions disabled more features:

  • 2.1.1: Following the discovery of thePOODLE vulnerability in the legacySSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default.[55]
  • 2.1.3:GOST R 34.10-94 signature authentication.[45][48]
  • 2.2.1: Removal of Dynamic Engine and MDC-2DES support[53]
  • 2.2.2: Removal of SSL 3.0 from the openssl binary, removal ofInternet Explorer 6 workarounds, RSAX engine.[54]
  • 2.3.0: Complete removal of SSL 3.0,SHA-0 andDTLS1_BAD_VER.

Code removal

[edit]

The initial release of LibreSSL has removed a number of features that were deemed insecure, unnecessary or deprecated as part ofOpenBSD 5.6.

  • In response toHeartbleed, the heartbeat functionality[56] was one of the first features to be removed.
  • Support for obsolete platforms (Classic Mac OS,NetWare,OS/2,16-bit Windows) were removed.
  • Support for some older platforms (OpenVMS) was removed.
  • Support for platforms that do not exist, such asbig-endiani386 andamd64.[57]
  • Support for old compilers.
  • TheIBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency onnon-free libraries.
  • The OpenSSLPRNG was removed (and replaced withChaCha20-based implementation of arc4random).
  • Preprocessor macros that have been deemed unnecessary or insecure or had already been deprecated in OpenSSL for a long time (e.g. des_old.h).
  • Older unneeded files forassembly language,C, andPerl (e.g.EGD).
  • MD2,SEED functionality.
  • SSL 3.0, SHA-0, DTLS1_BAD_VER

TheDual EC DRBG algorithm, which is suspected of having aback door,[58] was cut along with support for theFIPS 140-2 standard that required[citation needed] it. Unused protocols and insecure algorithms have also been removed, including the support forFIPS 140-2,[59]MD4/MD5[45]J-PAKE,[14] andSRP.[60]

Bug backlog

[edit]

One of the complaints of OpenSSL was the number of openbugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.[61]

See also

[edit]

References

[edit]
  1. ^Cook, Brent (2 May 2017)."LibreSSL, almost Two Years Later".InfoSec Southwest.YouTube. Retrieved15 September 2018.
  2. ^"LibreSSL 4.0.0 Released". 14 October 2024. Retrieved15 October 2024.
  3. ^"LibreSSL". Retrieved14 March 2024.
  4. ^"LibreSSL Releases". Retrieved14 March 2024.
  5. ^"LibreSSL Releases".
  6. ^abUnangst, Ted (22 April 2014)."Origins of libressl".flak. Retrieved24 April 2014.
  7. ^Kerner, Sean Michael (22 April 2014)."After Heartbleed, OpenSSL Is Forked Into LibreSSL".eWeek. Retrieved24 April 2014.
  8. ^"Not Just a Cleanup Any More: LibreSSL Project Announced".Slashdot. 22 April 2014. Retrieved24 April 2014.
  9. ^M, Constantine (17 May 2014). Soulskill (ed.)."30-Day Status Update On LibreSSL".Slashdot.
  10. ^"LibreSSL".
  11. ^abSeltzer, Larry (21 April 2014)."OpenBSD forks, prunes, fixes OpenSSL".Zero Day.ZDNet. Retrieved21 April 2014.
  12. ^Hessler, Peter (15 April 2014)."OpenBSD has started a massive strip-down and cleanup of OpenSSL".OpenBSD Journal. Retrieved24 April 2014.
  13. ^abBrodkin, Jon (22 April 2014)."OpenSSL code beyond repair, claims creator of "LibreSSL" fork".Ars Technica. Retrieved24 April 2014.
  14. ^abcdJacoutot, Antoine (1 November 2014)."OpenBSD 5.6 Released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  15. ^McCallion, Jane (22 April 2014)."Heartbleed: LibreSSL scrubs "irresponsible" OpenSSL code".PC Pro. Archived fromthe original on 26 June 2014. Retrieved23 April 2014.
  16. ^Beck, Bob (17 May 2014)."LibreSSL: The first 30 days, and what the Future Holds Slides". Retrieved17 May 2014.
  17. ^"Re: OpenSSL seven security fixes".oss-sec (Mailing list). 5 June 2014. Retrieved9 June 2014.
  18. ^de Raadt, Theo (5 June 2014)."Re: new OpenSSL flaws".openbsd-misc (Mailing list). Retrieved9 June 2014.
  19. ^abLangley, Adam (20 June 2014)."BoringSSL (20 Jun 2014)".Imperialviolet.org. Retrieved21 June 2014.
  20. ^Goodin, Dan (20 June 2014)."Google unveils independent "fork" of OpenSSL called "BoringSSL"".Ars Technica. Retrieved21 June 2014.
  21. ^Sing, Joel (21 June 2014)."OpenBSD — lib/libssl/src/crypto/evp evp_aead.c e_chacha20poly1305.c". Archived fromthe original on 22 June 2014. Retrieved21 June 2014.
  22. ^de Raadt, Theo (21 June 2014)."Boringssl and such".openbsd-tech (Mailing list). Retrieved28 October 2015.
  23. ^Beck, Bob (8 July 2014)."OpenBSD - lib/libcrypto/crypto getentropy_osx.c getentropy_solaris.c". Archived fromthe original on 22 July 2014. Retrieved8 July 2014.
  24. ^Beck, Bob (20 June 2014)."OpenBSD — lib/libcrypto/crypto getentropy_linux.c". Archived fromthe original on 9 July 2014.
  25. ^"LibreSSL languishes on Linux [LWN.net]".lwn.net. Retrieved6 January 2021.
  26. ^"PEP 644 -- Require OpenSSL 1.1.1 or newer".
  27. ^"Changelog — Python 3.4.10 documentation".
  28. ^Marino, John."[Beta] Switch base to use private LibreSSL libraries". Retrieved9 November 2018.
  29. ^"Milky Way v0.3 release". Hyperbola Project. 23 September 2019. Retrieved23 September 2019.
  30. ^Raue, Stephan."OpenELEC Mediacenter - [Beta] OpenELEC 6.0 Beta 2 released".Openelec.tv. Archived fromthe original on 26 November 2015. Retrieved20 August 2015.
  31. ^"PC-BSD Evolves into TrueOS". Archived fromthe original on 16 September 2016. Retrieved16 September 2016.
  32. ^VonFange, Mark."PC-BSD 10.1.2: an Interview with Kris Moore". Official PC-BSD Blog. Retrieved15 October 2015.
  33. ^"Add DEFAULT_VERSIONS=ssl=XXX".Svnweb.freebsd.org.
  34. ^"Project:LibreSSL - Gentoo".Wiki.gentoo.org.
  35. ^Górny, Michał (5 January 2021)."LibreSSL support discontinued".www.gentoo.org. Retrieved30 March 2021.
  36. ^Górny, Michał (31 December 2020)."Bug 762847 - dev-libs/libressl: Removal".bugs.gentoo.org. Retrieved30 March 2021.
  37. ^Górny, Michał (28 December 2020)."[gentoo-dev] [RFC] Discontinuing LibreSSL support?".archives.gentoo.org. Retrieved30 March 2021.
  38. ^"OPNsense version 15.7 Released". OPNsense. Retrieved15 October 2015.
  39. ^"OPNsense version 22.7 Released". OPNsense. Retrieved5 August 2022.
  40. ^Orr, William (23 April 2014)."A quick recap over the last week".OpenSSL Valhalla Rampage. Retrieved30 April 2014.
  41. ^"OpenBSD LibreSSL CVS Calloc Commits".Secure.freshbsd.org.
  42. ^"OpenBSD LibreSSL CVS Double Free Commits".Secure.freshbsd.org.
  43. ^"OpenBSD LibreSSL CVS insecure seeding".Secure.freshbsd.org.
  44. ^"OpenBSD LibreSSL CVS Kernel Seeding".Secure.freshbsd.org. Archived fromthe original on 16 September 2014.
  45. ^abc"LibreSSL-portable ChangeLog". LibreSSL. 15 October 2021.
  46. ^Beck, Bob (12 October 2014)."LibreSSL 2.1.0 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  47. ^Beck, Bob (9 December 2014)."LibreSSL 2.1.2 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  48. ^abCook, Brent (22 January 2015)."LibreSSL 2.1.3 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  49. ^Cook, Brent (4 March 2015)."LibreSSL 2.1.4 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  50. ^Cook, Brent (17 March 2015)."LibreSSL 2.1.5 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  51. ^Cook, Brent (19 March 2015)."LibreSSL 2.1.6 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  52. ^Cook, Brent (11 June 2015)."LibreSSL 2.1.7 and 2.2.0 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  53. ^abCook, Brent (9 July 2015)."LibreSSL 2.2.1 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  54. ^abCook, Brent (6 August 2015)."LibreSSL 2.2.2 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  55. ^Beck, Bob (16 October 2014)."LibreSSL 2.1.1 released".openbsd-tech (Mailing list).
  56. ^"OpenBSD LibreSSL CVS OPENSSL_NO_HEARTBEATS".
  57. ^Miod Vallat."Remove support for big-endian i386 and amd64".openbsd-cvs (Mailing list).
  58. ^Perlroth, Nicole (10 September 2013)."Government Announces Steps to Restore Confidence on Encryption Standards".The New York Times. Retrieved9 May 2014.
  59. ^"The future (or lack thereof) of LibreSSL's FIPS Object Module".
  60. ^Beck, Bob (3 August 2014)."LibreSSL 2.0.4 released".openbsd-announce (Mailing list). Retrieved28 October 2015.
  61. ^Vallat, Miod (10 November 2014)."Re: CVS: cvs.openbsd.org: src".openbsd-cvs (Mailing list). Retrieved28 October 2015.

External links

[edit]
TheOpenBSD Project
Operating system
Related projects
People
Organizations
Publications
Email clients
Secure
communication
OTR
SSH
TLS & SSL
VPN
ZRTP
P2P
DRA
Disk encryption
(Comparison)
Anonymity
File systems(List)
Security-focused
operating system
Service providers
Educational
Anti–computer forensics
Related topics
Protocols and technologies
Public-key infrastructure
See also
History
Implementations
Notaries
Vulnerabilities
Theory
Cipher
Protocol
Implementation
Retrieved from "https://en.wikipedia.org/w/index.php?title=LibreSSL&oldid=1259198181"
Categories:
Hidden categories:

[8]ページ先頭

©2009-2025 Movatter.jp