OpenBSD takes on OpenSSL project, implements changes

The OpenBSD team has started its own fork of OpenSSL, due to the backlash from the Heartbleed bug. The new project will be called LibreSSL, and is based on OpenSSL 1.0.1g. The team has already begun working on a major clean up of the code. The following list outlines the changes they have made so far:

  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed

Check out the full notes / comments here: https://lobste.rs/s/3utipo/openbsd_has_started_a_massive_strip-down_and_cleanup_of_openssl/comments/fkwgqw

Update – you can find real time updates on this page here: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/

One thought on “OpenBSD takes on OpenSSL project, implements changes

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>