LibreSSL is an open-source implementation of the

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

(TLS) protocol. The implementation is named after

Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

(SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the

Heartbleed Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbl ...

security

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

, with the goals of modernizing the

codebase In software development, a codebase (or code base) is a collection of source code used to build a particular software system, application, or software component. Typically, a codebase includes only human-written source code files; thus, a codeb ...

, improving

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

, and applying development

best practice A best practice is a method or technique that has been generally accepted as superior to other known alternatives because it often produces results that are superior to those achieved by other means or because it has become a standard way of doing ...

History

After the

security

was discovered in OpenSSL, the OpenBSD team

audited An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...

the codebase and decided it was necessary to

fork In cutlery or kitchenware, a fork (from la, furca 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tine (structural), tines with which one ...

OpenSSL to remove dangerous code. The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed. Unused code was removed, and support for obsolete

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

s ( Classic Mac OS, NetWare,

OS/2 OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 r ...

, 16-bit Windows) and some older

s ( OpenVMS) was removed. LibreSSL was initially developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was ported to other platforms once a stripped-down version of the library was stable. , the project was seeking a "stable commitment" of external funding. On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month. On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance, LibreSSL was not;

Theo de Raadt Theo de Raadt (; ; born May 19, 1968) is a South African-born software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt ...

accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL. On 20 June 2014,

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

created another fork of OpenSSL called

BoringSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...

, and promised to exchange fixes with LibreSSL. Google has already relicensed some of its contributions under the

ISC license The ISC license is a permissive free software license published by the Internet Software Consortium, now called Internet Systems Consortium (ISC). It is functionally equivalent to the simplified BSD and MIT licenses, but without language de ...

, as it was requested by the LibreSSL developers. On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable. Starting on 8 July, code porting for

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

and

Solaris Solaris may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Solaris'' (1972 film), directed by ...

began, while the initial porting to

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

began on 20 June. As of 2021, OpenBSD uses LibreSSL as the primary SSL library.

Alpine Linux Alpine Linux is a Linux distribution designed to be small, simple and secure. Alpine Linux uses musl, BusyBox and OpenRC instead of the more commonly used glibc, GNU Core Utilities and systemd respectively.

supported LibreSSL as its primary TLS library for three years, until release 3.9.0 in January 2019. Gentoo supported LibreSSL until February 2021.

Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (pro ...

3.10 drops LibreSSL support after being supported since Python 3.4.3 (2015).

Adoption

LibreSSL is the default provider of TLS for: *

Dragonfly BSD DragonFly BSD is a free and open-source Unix-like operating system forked from FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and FreeBSD developer between 1994 and 2003, began working on DragonFly BSD in ...

* OpenBSD * Hyperbola GNU/Linux-libre *

OpenSSH on Windows
LibreSSL is the default provider of TLS for these now-discontinued systems: * OpenELEC *

TrueOS TrueOS (formerly PC-BSD or PCBSD) is a discontinued Unix-like, server-oriented operating system built upon the most recent releases of FreeBSD-CURRENT. Up to 2018 it aimed to be easy to install by using a graphical installation program, and ea ...

packages LibreSSL is a selectable provider of TLS for: * FreeBSD packages * Gentoo packages (support dropped as of February 2021) *

OPNsense __NOTOC__ OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense. It is a fork of pfSense, which in turn was forked fr ...

packages (will be dropped after 22.7)

Changes

Memory-related

Changes include replacement of custom memory calls to ones in a standard library (for example,

strlcpy 




The  C programming language has a set of functions implementing operations on  strings (character strings and byte strings) in its  standard library. Various operations, such as copying, concatenation,  tokenization and searching are supported. ...

, calloc, asprintf, reallocarray, etc.). This process may help later on to catch

buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memo ...

errors with more advanced memory analysis tools or by observing program crashes (via

ASLR Address space layout randomization (ASLR) is a computer security technique involved in preventing Exploit (computer security), exploitation of memory corruption Vulnerability (computing), vulnerabilities. In order to prevent an attacker from reli ...

, use of the

NX bit The NX bit (no-execute) is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit i ...

, stack canaries, etc.). Fixes for potential double free scenarios have also been cited in the VCS commit logs (including explicit assignments of null pointer values). There have been extra

sanity check A sanity check or sanity test is a basic test to quickly evaluate whether a claim or the result of a calculation can possibly be true. It is a simple check to see if the produced material is rational (that the material's creator was thinking ration ...

s also cited in the commit logs related to ensuring length arguments, unsigned-to-signed

variable Variable may refer to: * Variable (computer science), a symbolic name associated with a value and whose associated value may be changed * Variable (mathematics), a symbol that represents a quantity in a mathematical expression, as used in many ...

assignments, pointer values, and method returns.

Proactive measures

In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also been

code readability Computer programming is the process of performing a particular computation (or more generally, accomplishing a specific computing result), usually by designing and building an executable computer program. Programming involves tasks such as anal ...

updates which help future contributors in verifying program correctness ( KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error and I/O abstraction library references). Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining portability for other similar platforms. In addition, explicit_bzero and bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.

Cryptographic

There were changes to help ensure proper

seeding The term seeding and related terms such as seeded are used in several different contexts: *Sowing, planting seeds in a place or on an object *Cloud seeding, manipulating cloud formations *Seeding (computing), a concept in computing and peer-to-pee ...

random number generator Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols that cannot be reasonably predicted better than by random chance is generated. This means that the particular outc ...

-based methods via replacements of insecure seeding practices (taking advantage of features offered by the

kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learn ...

itself natively). In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms (

ChaCha Cha-Cha, Cha Cha, ChaCha or Chacha may refer to: Music * Cha-cha-cha (dance), a dance of Cuban origin * Cha-cha-cha (music), a genre of Cuban music * ''Cha Cha'' (album), a 1978 album by Herman Brood & His Wild Romance * ''Cha Cha'' (soundtrack), ...

stream cipher and

Poly1305 Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography. As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a key shared ...

message authentication code) along with a safer set of

elliptic curves In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If t ...

(brainpool curves from RFC 5639, up to 512 bits in strength).

Added features

The initial release of LibreSSL added a number of features: the

and

algorithm, th
Brainpool
an
ANSSI
elliptic curves, and the

AES-GCM In cryptography, Galois/Counter Mode (GCM) is a block cipher mode of operation, mode of operation for Symmetric-key algorithm, symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of- ...

and

ChaCha20-Poly1305 ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. Its usage in IETF protocols is standardized in RFC 8439. It has fast s ...

AEAD Authenticated Encryption (AE) and Authenticated Encryption with Associated Data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Programming interface A typical programming interface for ...

modes. Later versions added the following: * 2.1.0: Automatic

ephemeral Ephemerality (from the Greek word , meaning 'lasting only one day') is the concept of things being transitory, existing only briefly. Academically, the term ephemeral constitutionally describes a diverse assortment of things and experiences, fr ...

EC keys. * 2.1.2: Built-in

arc4random In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...

implementation on macOS and FreeBSD. * 2.1.2: Reworked

GOST GOST (russian: ГОСТ) refers to a set of International standard, international Technical standard, technical Standardization, standards maintained by the ''Euro-Asian Council for Standardization, Metrology and Certification (EASC)'', a region ...

cipher suite support. * 2.1.3: ALPN support. * 2.1.3: Support for

SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...

and

Camellia ''Camellia'' (pronounced or ) is a genus of flowering plants in the family Theaceae. They are found in eastern and southern Asia, from the Himalayas east to Japan and Indonesia. There are more than 220 described species, with some controv ...

cipher suites. * 2.1.4: TLS_FALLBACK_SCSV server-side support. * 2.1.4: certhash as a replacement of the c_rehash script. * 2.1.4: X509_STORE_load_mem API for loading certificates from memory (enhance chroot support). * 2.1.4: Experimental

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...

binaries A binary file is a computer file that is not a text file. The term "binary file" is often used as a term meaning "non-text file". Many binary file formats contain parts that can be interpreted as text; for example, some computer document fil ...

. * 2.1.5: Minor update mainly for improving Windows support, first working 32- and

64-bit In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit CPUs and ALUs are those that are based on processor registers, address buses, or data buses of that size. A compu ...

binaries. * 2.1.6: declared stable and enabled by default. * 2.2.0:

AIX Aix or AIX may refer to: Computing * AIX, a line of IBM computer operating systems *An Alternate Index, for a Virtual Storage Access Method Key Sequenced Data Set * Athens Internet Exchange, a European Internet exchange point Places Belgi ...

and Cygwin support. * 2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL, initial

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...

/2003 support. * 2.2.2: Defines LIBRESSL_VERSION_NUMBER, added TLS_*methods as a replacement for the SSLv23_*method calls,

cmake In software development, CMake is cross-platform free and open-source software for build automation, testing, packaging and installation of software by using a compiler-independent method. CMake is not a build system itself; it generates an ...

build support.

Old insecure features

The initial release of LibreSSL disabled a number of features by default. Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat,

SSL v2 Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

and SSL v3. Later versions disabled more features: * 2.1.1: Following the discovery of the

POODLE The Poodle, called the Pudel in German and the Caniche in French, is a breed of water dog. The breed is divided into four varieties based on size, the Standard Poodle, Medium Poodle, Miniature Poodle and Toy Poodle, although the Medium Poodle var ...

vulnerability in the legacy SSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default. * 2.1.3: GOST R 34.10-94 signature authentication. * 2.2.1: Removal of Dynamic Engine and MDC-2DES support * 2.2.2: Removal of SSL 3.0 from the openssl binary, removal of

Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...

6 workarounds, RSAX engine. * 2.3.0: Complete removal of SSL 3.0,

SHA-0 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160- bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadec ...

and

DTLS Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol i ...

1_BAD_VER.

Code removal

The initial release of LibreSSL has removed a number of features that were deemed insecure, unnecessary or deprecated as part of OpenBSD 5.6. * In response to

, the heartbeat functionality was one of the first features to be removed. * Support for obsolete platforms ( Classic Mac OS, NetWare,

, 16-bit Windows) were removed. * Support for some older platforms ( OpenVMS) was removed. * Support for platforms that do not exist, such as

big-endian In computing, endianness, also known as byte sex, is the order or sequence of bytes of a word of digital data in computer memory. Endianness is primarily expressed as big-endian (BE) or little-endian (LE). A big-endian system stores the most sig ...

i386 The Intel 386, originally released as 80386 and later renamed i386, is a 32-bit microprocessor introduced in 1985. The first versions had 275,000 transistors amd64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging m ...

. * Support for old compilers. * The IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency on non-free libraries. * The OpenSSL PRNG was removed (and replaced with

ChaCha20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...

-based implementation of arc4random). * Preprocessor macros that have been deemed unnecessary or insecure or had already been deprecated in OpenSSL for a long time (e.g. des_old.h). * Older unneeded files for assembly language, C, and

Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offic ...

(e.g. EGD). * MD2,

SEED A seed is an embryonic plant enclosed in a protective outer covering, along with a food reserve. The formation of the seed is a part of the process of reproduction in seed plants, the spermatophytes, including the gymnosperm and angiospe ...

functionality. * SSL 3.0, SHA-0, DTLS1_BAD_VER The

Dual EC DRBG Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public crit ...

algorithm, which is suspected of having a back door, was cut along with support for the

FIPS 140-2 The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial pu ...

standard that required it. Unused protocols and insecure algorithms have also been removed, including the support for

MD4 The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" s ...

/ MD5 J-PAKE, and SRP.

Bug backlog

One of the complaints of OpenSSL was the number of open bugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.

References

External links

*
LibreSSL
an
source code (OpenGrok)
* {{SSL/TLS 2014 software C (programming language) libraries Cryptographic software Free security software Free software programmed in C OpenBSD Software forks Transport Layer Security implementation