LibreSSL is an

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

implementation of the

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...

(TLS) protocol. The implementation is named after

Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, ...

(SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The

OpenBSD OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...

project forked LibreSSL from

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...

1.0.1g in April 2014 as a response to the

Heartbleed Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclos ...

security

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...

, with the goals of modernizing the

codebase In software development, a codebase (or code base) is a collection of source code used to build a particular software system, application, or software component. Typically, a codebase includes only human-written source code system files; thu ...

, improving

security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...

, and applying development

best practice A best practice is a method or technique that has been generally accepted as superior to alternatives because it tends to produce superior results. Best practices are used to achieve quality as an alternative to mandatory standards. Best practice ...

History

After the

security

was discovered in

, the

team audited the codebase and decided it was necessary to

fork In cutlery or kitchenware, a fork (from 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods either to h ...

OpenSSL to remove dangerous code. The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed. Unused code was removed, and support for obsolete

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

s (

Classic Mac OS Mac OS (originally System Software; retronym: Classic Mac OS) is the series of operating systems developed for the Mac (computer), Macintosh family of personal computers by Apple Computer, Inc. from 1984 to 2001, starting with System 1 and end ...

NetWare NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol. The final update release was ver ...

OS/2 OS/2 is a Proprietary software, proprietary computer operating system for x86 and PowerPC based personal computers. It was created and initially developed jointly by IBM and Microsoft, under the leadership of IBM software designer Ed Iacobucci, ...

, 16-bit Windows) and some older

s (

OpenVMS OpenVMS, often referred to as just VMS, is a multi-user, multiprocessing and virtual memory-based operating system. It is designed to support time-sharing, batch processing, transaction processing and workstation applications. Customers using Op ...

) was removed. LibreSSL was initially developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was ported to other platforms once a stripped-down version of the library was stable. , the project was seeking a "stable commitment" of external funding. On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month. On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance, LibreSSL was not; Theo de Raadt accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL. On 20 June 2014,

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

created another fork of OpenSSL called BoringSSL, and promised to exchange fixes with LibreSSL. Google has already relicensed some of its contributions under the ISC license, as it was requested by the LibreSSL developers. On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable. Starting on 8 July, code porting for

macOS macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

and

Solaris Solaris is the Latin word for sun. It may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Sol ...

began, while the initial porting to

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

began on 20 June. As of 2021, OpenBSD uses LibreSSL as the primary TLS library.

Alpine Linux Alpine Linux is a Linux distribution designed to be small, simple, and secure. It uses musl, BusyBox, and OpenRC instead of the more commonly used glibc, GNU Core Utilities, and systemd.

supported LibreSSL as its primary TLS library for three years, until release 3.9.0 in January 2019. Gentoo supported LibreSSL until February 2021.

Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (prog ...

3.10 dropped LibreSSL after being supported since Python 3.4.3 (2015).

Adoption

LibreSSL is the default provider of TLS for: *

Dragonfly BSD DragonFly BSD is a free and open-source Unix-like operating system forked from FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and FreeBSD developer between 1994 and 2003, began working on DragonFly BSD in ...

* Hyperbola GNU/Linux-libre
OpenSSH on Windows
LibreSSL is the default provider of TLS for these now-discontinued systems: * OpenELEC *

TrueOS TrueOS (formerly PC-BSD or PCBSD) is a discontinued Unix-like, server-oriented operating system built upon the most recent releases of FreeBSD-CURRENT. Up to 2018 it aimed to be easy to install by using a graphical installation program, and ea ...

packages LibreSSL is a selectable provider of TLS for: *

FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...

packages * Gentoo packages (support dropped as of February 2021) *

OPNsense __NOTOC__ OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense. Launched in 2015, it is a Fork_(software_development) ...

packages (will be dropped after 22.7) *

Changes

Memory-related

Changes include replacement of custom memory calls to ones in a

standard library In computer programming, a standard library is the library (computing), library made available across Programming language implementation, implementations of a programming language. Often, a standard library is specified by its associated program ...

(for example,

strlcpy 




The C programming language has a set of functions implementing operations on  strings (character strings and byte strings) in its standard library. Various operations, such as copying, concatenation,  tokenization and searching are supported. F ...

, calloc, asprintf, reallocarray, etc.). This process may help later on to catch buffer overflow errors with more advanced memory analysis tools or by observing program crashes (via

ASLR Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably redirecting code execution to, for example, a pa ...

, use of the

NX bit The NX bit (no-execute bit) is a processor feature that separates areas of a virtual address space (the memory layout a program uses) into sections for storing data or program instructions. An operating system supporting the NX bit can mark certai ...

, stack canaries, etc.). Fixes for potential double free scenarios have also been cited in the VCS commit logs (including explicit assignments of

null pointer In computing, a null pointer (sometimes shortened to nullptr or null) or null reference is a value saved for indicating that the Pointer (computer programming), pointer or reference (computer science), reference does not refer to a valid Object (c ...

values). There have been extra

sanity check A sanity check or sanity test is a basic test to quickly evaluate whether a claim or the result of a calculation can possibly be true. It is a simple check to see if the produced material is rational (that the material's creator was thinking ration ...

s also cited in the commit logs related to ensuring length arguments, unsigned-to-signed variable assignments, pointer values, and method returns.

Proactive measures

In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also been

code readability Computer programming or coding is the composition of sequences of instructions, called programs, that computers can follow to perform tasks. It involves designing and implementing algorithms, step-by-step specifications of procedures, by writin ...

updates which help future contributors in verifying program correctness (KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error and I/O abstraction library references). Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining portability for other similar platforms. In addition, explicit_bzero and bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.

Cryptographic

There were changes to help ensure proper

seeding The term seeding and related terms such as seeded are used in several different contexts: *Sowing, planting seeds in a place or on an object *Cloud seeding, manipulating cloud formations *Seeding (computing), a concept in computing and peer-to-pee ...

random number generator Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols is generated that cannot be reasonably predicted better than by random chance. This means that the particular ou ...

-based methods via replacements of insecure seeding practices (taking advantage of features offered by the

kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...

itself natively). In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms (

ChaCha Cha-Cha, Cha Cha, ChaCha or Chacha may refer to: Music *Cha-cha-cha (dance), a dance of Cuban origin *Cha-cha-cha (music), a genre of Cuban music *Cha Cha (album), ''Cha Cha'' (album), a 1978 album by Herman Brood & His Wild Romance *Cha Cha (sou ...

stream cipher and

Poly1305 Poly1305 is a universal hash family designed by Daniel J. Bernstein in 2002 for use in cryptography. As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a sec ...

message authentication code) along with a safer set of

elliptic curves In mathematics, an elliptic curve is a Smoothness, smooth, Projective variety, projective, algebraic curve of Genus of an algebraic curve, genus one, on which there is a specified point . An elliptic curve is defined over a field (mathematics), ...

(brainpool curves from RFC 5639, up to 512 bits in strength).

Added features

The initial release of LibreSSL added a number of features: the

and

algorithm, th
Brainpool
an
ANSSI
elliptic curves, and the AES-GCM and

ChaCha20-Poly1305 ChaCha20-Poly1305 is an authenticated encryption with associated data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. It has fast software performance, and without hardware acceleration, ...

AEAD Authenticated Encryption (AE) is an encryption scheme which simultaneously assures the data confidentiality (also known as privacy: the encrypted message is impossible to understand without the knowledge of a secret key) and authenticity (in othe ...

modes. Later versions added the following: * 2.1.0: Automatic

ephemeral Ephemerality (from the Greek word , meaning 'lasting only one day') is the concept of things being transitory, existing only briefly. Academically, the term ephemeral constitutionally describes a diverse assortment of things and experiences, fr ...

EC keys. * 2.1.2: Built-in arc4random implementation on macOS and FreeBSD. * 2.1.2: Reworked

GOST GOST () refers to a set of international technical standards maintained by the Euro-Asian Council for Standardization, Metrology and Certification (EASC), a regional standards organization operating under the auspices of the Commonwealth of I ...

cipher suite support. * 2.1.3: ALPN support. * 2.1.3: Support for

SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...

and

Camellia ''Camellia'' (pronounced or ) is a genus of flowering plants in the family Theaceae. They are found in tropical and subtropical areas in East Asia, eastern and South Asia, southern Asia, from the Himalayas east to Japan and Indonesia. There are ...

cipher suites. * 2.1.4: TLS_FALLBACK_SCSV server-side support. * 2.1.4: certhash as a replacement of the c_rehash script. * 2.1.4: X509_STORE_load_mem API for loading certificates from memory (enhance chroot support). * 2.1.4: Experimental

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

binaries A binary file is a computer file that is not a text file. The term "binary file" is often used as a term meaning "non-text file". Many binary file formats contain parts that can be interpreted as text; for example, some computer document files ...

. * 2.1.5: Minor update mainly for improving Windows support, first working 32- and

64-bit In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit central processing units (CPU) and arithmetic logic units (ALU) are those that are based on processor registers, a ...

binaries. * 2.1.6: declared stable and enabled by default. * 2.2.0:

AIX Aix or AIX may refer to: Computing * AIX, a line of IBM computer operating systems *Alternate index, for an IBM Virtual Storage Access Method key-sequenced data set * Athens Internet Exchange, a European Internet exchange point Places Belg ...

and

Cygwin Cygwin ( ) is a free and open-source Unix-like environment and command-line interface (CLI) for Microsoft Windows. The project also provides a software repository containing open-source packages. Cygwin allows source code for Unix-like operati ...

support. * 2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL, initial

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...

/2003 support. * 2.2.2: Defines LIBRESSL_VERSION_NUMBER, added TLS_*methods as a replacement for the SSLv23_*method calls,

cmake CMake is a free, cross-platform, software development tool for building applications via compiler-independent instructions. It also can automate testing, packaging and installation. It runs on a variety of platforms and supports many program ...

build support.

Old insecure features

The initial release of LibreSSL disabled a number of features by default. Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat, SSL v2 and SSL v3. Later versions disabled more features: * 2.1.1: Following the discovery of the

POODLE The Poodle, called the in German () and the in French, is a breed of water dog. The breed is divided into four varieties based on size, the Standard Poodle, Medium Poodle, Miniature Poodle and Toy Poodle, although the Medium Poodle is no ...

vulnerability in the legacy SSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default. * 2.1.3: GOST R 34.10-94 signature authentication. * 2.2.1: Removal of Dynamic Engine and MDC-2DES support * 2.2.2: Removal of SSL 3.0 from the openssl binary, removal of

Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...

6 workarounds, RSAX engine. * 2.3.0: Complete removal of SSL 3.0,

SHA-0 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States ...

and DTLS1_BAD_VER.

Code removal

The initial release of LibreSSL has removed a number of features that were deemed insecure, unnecessary or deprecated as part of

5.6. * In response to

, the heartbeat functionality was one of the first features to be removed. * Support for obsolete platforms (

, 16-bit Windows) were removed. * Support for some older platforms (

) was removed. * Support for platforms that do not exist, such as

big-endian '' Jonathan_Swift.html" ;"title="Gulliver's Travels'' by Jonathan Swift">Gulliver's Travels'' by Jonathan Swift, the novel from which the term was coined In computing, endianness is the order in which bytes within a word (data type), word of d ...

i386 The Intel 386, originally released as the 80386 and later renamed i386, is the third-generation x86 architecture microprocessor from Intel. It was the first 32-bit processor in the line, making it a significant evolution in the x86 archite ...

and

amd64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new operating modes: 64-bit mode an ...

. * Support for old compilers. * The

IBM 4758 The IBM 4758 PCI Cryptographic Coprocessor is a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCI expansion card. Specialized cryptographic electronics, microprocessor, memory, and random number generator h ...

, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency on non-free libraries. * The OpenSSL PRNG was removed (and replaced with

ChaCha20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...

-based implementation of arc4random). * Preprocessor macros that have been deemed unnecessary or insecure or had already been deprecated in OpenSSL for a long time (e.g. des_old.h). * Older unneeded files for

assembly language In computing, assembly language (alternatively assembler language or symbolic machine code), often referred to simply as assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence bet ...

, C, and

Perl Perl is a high-level, general-purpose, interpreted, dynamic programming language. Though Perl is not officially an acronym, there are various backronyms in use, including "Practical Extraction and Reporting Language". Perl was developed ...

(e.g. Entropy Gathering Daemon). * MD2,

SEED In botany, a seed is a plant structure containing an embryo and stored nutrients in a protective coat called a ''testa''. More generally, the term "seed" means anything that can be Sowing, sown, which may include seed and husk or tuber. Seeds ...

functionality. * SSL 3.0, SHA-0, DTLS1_BAD_VER The

Dual EC DRBG Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criti ...

algorithm, which is suspected of having a back door, was cut along with support for the

FIPS 140-2 The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a United States, U.S. government of the United States, government computer security standardization, standard used to approve Cryptographic module, cryptographic ...

standard that required it. Unused protocols and insecure algorithms have also been removed, including the support for

MD4 The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" st ...

MD5 The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as Request for Comments, RFC 1321. MD5 ...

J-PAKE, and SRP.

Bug backlog

One of the complaints of OpenSSL was the number of open bugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.

References

External links

*
LibreSSL
an
source code (OpenGrok)
* {{SSL/TLS 2014 software C (programming language) libraries Cryptographic software Free security software Free software programmed in C OpenBSD Software forks Transport Layer Security implementation