LibreSSL is an

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

implementation of the

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in secu ...

(TLS) protocol. The implementation is named after

Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in sec ...

(SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The

OpenBSD OpenBSD is a security-focused operating system, security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking N ...

project forked LibreSSL from

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HT ...

1.0.1g in April 2014 as a response to the Heartbleed security

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

, with the goals of modernizing the

codebase In software development, a codebase (or code base) is a collection of source code used to build a particular software system, application, or software component. Typically, a codebase includes only human-written source code files; thus, a codeba ...

, improving

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

, and applying development

best practice A best practice is a method or technique that has been generally accepted as superior to other known alternatives because it often produces results that are superior to those achieved by other means or because it has become a standard way of doing ...

History

After the Heartbleed security

was discovered in

, the

team

audited An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...

the codebase and decided it was necessary to

fork In cutlery or kitchenware, a fork (from la, furca ' pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods ...

OpenSSL to remove dangerous code. The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed. Unused code was removed, and support for obsolete

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

s (

Classic Mac OS Mac OS (originally System Software; retronym: Classic Mac OS) is the series of operating systems developed for the Macintosh family of personal computers by Apple Computer from 1984 to 2001, starting with System 1 and ending with Mac OS 9. Th ...

NetWare NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol. The original NetWare product i ...

OS/2 OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 ...

16-bit Windows The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. The name Windows API collectively refers to several different platform implementations th ...

) and some older

s (

OpenVMS OpenVMS, often referred to as just VMS, is a multi-user, multiprocessing and virtual memory-based operating system. It is designed to support time-sharing, batch processing, transaction processing and workstation applications. Customers using Ope ...

) was removed. LibreSSL was initially developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was ported to other platforms once a stripped-down version of the library was stable. , the project was seeking a "stable commitment" of external funding. On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month. On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance, LibreSSL was not;

Theo de Raadt Theo de Raadt (; ; born May 19, 1968) is a South African-born software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt wo ...

accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL. On 20 June 2014,

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

created another fork of OpenSSL called BoringSSL, and promised to exchange fixes with LibreSSL. Google has already relicensed some of its contributions under the

ISC license The ISC license is a permissive free software license published by the Internet Software Consortium, now called Internet Systems Consortium (ISC). It is functionally equivalent to the simplified BSD and MIT licenses, but without language d ...

, as it was requested by the LibreSSL developers. On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable. Starting on 8 July, code porting for

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...

and Solaris began, while the initial porting to

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...

began on 20 June. As of 2021, OpenBSD uses LibreSSL as the primary SSL library.

Alpine Linux Alpine Linux is a Linux distribution designed to be small, simple and secure. Alpine Linux uses musl, BusyBox and OpenRC instead of the more commonly used glibc, GNU Core Utilities and systemd respectively.

supported LibreSSL as its primary TLS library for three years, until release 3.9.0 in January 2019. Gentoo supported LibreSSL until February 2021. Python 3.10 drops LibreSSL support after being supported since Python 3.4.3 (2015).

Adoption

LibreSSL is the default provider of TLS for: *

Dragonfly BSD DragonFly BSD is a free and open-source Unix-like operating system forked from FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and FreeBSD developer between 1994 and 2003, began working on DragonFly BSD in ...

* Hyperbola GNU/Linux-libre *

OpenSSH on Windows
LibreSSL is the default provider of TLS for these now-discontinued systems: * OpenELEC * TrueOS packages LibreSSL is a selectable provider of TLS for: *

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...

packages * Gentoo packages (support dropped as of February 2021) * OPNsense packages (will be dropped after 22.7)

Changes

Memory-related

Changes include replacement of custom memory calls to ones in a standard library (for example, strlcpy,

calloc 


C dynamic memory allocation refers to performing manual memory management for  dynamic memory allocation in the C programming language via a group of functions in the C standard library, namely , , ,  and .

The  C++ programming language includes ...

, asprintf, reallocarray, etc.). This process may help later on to catch

buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memor ...

errors with more advanced memory analysis tools or by observing program crashes (via ASLR, use of the

NX bit The NX bit (no-execute) is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is ...

, stack canaries, etc.). Fixes for potential double free scenarios have also been cited in the VCS commit logs (including explicit assignments of

null pointer In computing, a null pointer or null reference is a value saved for indicating that the pointer or reference does not refer to a valid object. Programs routinely use null pointers to represent conditions such as the end of a list of unknown lengt ...

values). There have been extra

sanity check A sanity check or sanity test is a basic test to quickly evaluate whether a claim or the result of a calculation can possibly be true. It is a simple check to see if the produced material is rational (that the material's creator was thinking ration ...

s also cited in the commit logs related to ensuring length arguments, unsigned-to-signed variable assignments,

pointer Pointer may refer to: Places * Pointer, Kentucky * Pointers, New Jersey * Pointers Airport, Wasco County, Oregon, United States * The Pointers, a pair of rocks off Antarctica People with the name * Pointer (surname), a surname (including a list ...

values, and method returns.

Proactive measures

In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also been code readability updates which help future contributors in verifying program correctness ( KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error and I/O abstraction library references). Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining

portability Portability may refer to: *Portability (social security), the portability of social security benefits * Porting, the ability of a computer program to be ported from one system to another in computer science ** Software portability, the portability ...

for other similar platforms. In addition, explicit_bzero and bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.

Cryptographic

There were changes to help ensure proper seeding of

random number generator Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols that cannot be reasonably predicted better than by random chance is generated. This means that the particular outc ...

-based methods via replacements of insecure seeding practices (taking advantage of features offered by the

kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine lea ...

itself natively). In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms ( ChaCha stream cipher and Poly1305 message authentication code) along with a safer set of

elliptic curves In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If ...

(brainpool curves from RFC 5639, up to 512 bits in strength).

Added features

The initial release of LibreSSL added a number of features: the ChaCha and Poly1305 algorithm, th
Brainpool
an
ANSSI
elliptic curves, and the AES-GCM and

ChaCha20-Poly1305 ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. Its usage in IETF protocols is standardized in RFC 8439. It has fast ...

AEAD modes. Later versions added the following: * 2.1.0: Automatic

ephemeral Ephemerality (from the Greek word , meaning 'lasting only one day') is the concept of things being transitory, existing only briefly. Academically, the term ephemeral constitutionally describes a diverse assortment of things and experiences, fr ...

EC keys. * 2.1.2: Built-in

arc4random In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...

implementation on macOS and FreeBSD. * 2.1.2: Reworked

GOST GOST (russian: ГОСТ) refers to a set of international technical standards maintained by the ''Euro-Asian Council for Standardization, Metrology and Certification (EASC)'', a regional standards organization operating under the auspices of th ...

cipher suite support. * 2.1.3:

ALPN Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips an ...

support. * 2.1.3: Support for

SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...

and

Camellia ''Camellia'' (pronounced or ) is a genus of flowering plants in the family Theaceae. They are found in eastern and southern Asia, from the Himalayas east to Japan and Indonesia. There are more than 220 described species, with some controvers ...

cipher suites. * 2.1.4: TLS_FALLBACK_SCSV server-side support. * 2.1.4: certhash as a replacement of the c_rehash script. * 2.1.4: X509_STORE_load_mem API for loading certificates from memory (enhance chroot support). * 2.1.4: Experimental

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...

binaries. * 2.1.5: Minor update mainly for improving Windows support, first working 32- and

64-bit In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit CPUs and ALUs are those that are based on processor registers, address buses, or data buses of that size. A comp ...

binaries. * 2.1.6: declared stable and enabled by default. * 2.2.0: AIX and

Cygwin Cygwin ( ) is a POSIX-compatible programming and runtime environment that runs natively on Microsoft Windows. Under Cygwin, source code designed for Unix-like operating systems may be compiled with minimal modification and executed. The Cygwin i ...

support. * 2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL, initial

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was release to manufacturing, released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Wind ...

/2003 support. * 2.2.2: Defines LIBRESSL_VERSION_NUMBER, added TLS_*methods as a replacement for the SSLv23_*method calls, cmake build support.

Old insecure features

The initial release of LibreSSL disabled a number of features by default. Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat,

SSL v2 Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

and

SSL v3 Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

. Later versions disabled more features: * 2.1.1: Following the discovery of the

POODLE The Poodle, called the Pudel in German and the Caniche in French, is a breed of water dog. The breed is divided into four varieties based on size, the Standard Poodle, Medium Poodle, Miniature Poodle and Toy Poodle, although the Medium Poodle va ...

vulnerability in the legacy SSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default. * 2.1.3: GOST R 34.10-94 signature authentication. * 2.2.1: Removal of Dynamic Engine and MDC-2DES support * 2.2.2: Removal of SSL 3.0 from the openssl binary, removal of

Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...

6 workarounds, RSAX engine. * 2.3.0: Complete removal of SSL 3.0,

SHA-0 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecim ...

and DTLS1_BAD_VER.

Code removal

The initial release of LibreSSL has removed a number of features that were deemed insecure, unnecessary or deprecated as part of

5.6. * In response to Heartbleed, the heartbeat functionality was one of the first features to be removed. * Support for obsolete platforms (

) were removed. * Support for some older platforms (

) was removed. * Support for platforms that do not exist, such as

big-endian In computing, endianness, also known as byte sex, is the order or sequence of bytes of a word of digital data in computer memory. Endianness is primarily expressed as big-endian (BE) or little-endian (LE). A big-endian system stores the most si ...

i386 The Intel 386, originally released as 80386 and later renamed i386, is a 32-bit microprocessor introduced in 1985. The first versions had 275,000 transistorsamd64. * Support for old compilers. * The IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency on non-free libraries. * The OpenSSL PRNG was removed (and replaced with ChaCha20-based implementation of arc4random). * Preprocessor macros that have been deemed unnecessary or insecure or had already been deprecated in OpenSSL for a long time (e.g. des_old.h). * Older unneeded files for assembly language, C, and

Perl Perl is a family of two High-level programming language, high-level, General-purpose programming language, general-purpose, Interpreter (computing), interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it ...

(e.g. EGD). * MD2,

SEED A seed is an embryonic plant enclosed in a protective outer covering, along with a food reserve. The formation of the seed is a part of the process of reproduction in seed plants, the spermatophytes, including the gymnosperm and angiosper ...

functionality. * SSL 3.0, SHA-0, DTLS1_BAD_VER The

Dual EC DRBG Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public cri ...

algorithm, which is suspected of having a back door, was cut along with support for the FIPS 140-2 standard that required it. Unused protocols and insecure algorithms have also been removed, including the support for FIPS 140-2, MD4/ MD5

J-PAKE The Password Authenticated Key Exchange by Juggling (or J-PAKE) is a password-authenticated key agreement protocol, proposed by Feng Hao and Peter Ryan. This protocol allows two parties to establish private and authenticated communication solely bas ...

, and SRP.

Bug backlog

One of the complaints of OpenSSL was the number of open

bugs Bugs may refer to: * Plural of bug Arts, entertainment and media Fictional characters * Bugs Bunny, a character * Bugs Meany, a character in the ''Encyclopedia Brown'' books Films * ''Bugs'' (2003 film), a science-fiction-horror film * ''Bugs ...

reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.

References

External links

*
LibreSSL
an
source code (OpenGrok)
* {{SSL/TLS 2014 software C (programming language) libraries Cryptographic software Free security software Free software programmed in C OpenBSD Software forks Transport Layer Security implementation