The Info List - LibreSSL

LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. The OpenBSD project forked LibreSSL from OpenSSL
1.0.1g in April 2014 as a response to the Heartbleed
security vulnerability,[4][5][6][7] with the goals of modernizing the codebase, improving security, and applying best practice development processes.[8][9][10]


1 History

1.1 Adoption

2 Changes

2.1 Memory-related 2.2 Proactive measures 2.3 Cryptographic 2.4 Added features 2.5 Old insecure features 2.6 Code removal 2.7 Bug backlog

3 Security

3.1 13 July 2014 3.2 6 August 2014 3.3 15 October 2014 3.4 8 January 2015 3.5 19 March 2015 3.6 11 June 2015 3.7 9 July 2015 3.8 15 October 2015 3.9 3 December 2015 3.10 28 January 2016 3.11 1 March 2016 3.12 3 May 2016 3.13 22 September 2016 3.14 26 September 2016 3.15 10 November 2016 3.16 10 January 2017

4 See also 5 Notes 6 References 7 External links

History[edit] After the Heartbleed
security vulnerability was discovered in OpenSSL, the OpenBSD
team audited the codebase and decided it was necessary to fork OpenSSL
to remove dangerous code.[4] The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed.[9][11] Unused code was removed, and support for obsolete operating systems was removed. LibreSSL was initially developed as an intended replacement for OpenSSL
in OpenBSD
5.6, and was ported to other platforms once a stripped-down version of the library was stable.[12][13] As of April 2014[update], the project was seeking a "stable commitment" of external funding.[11] On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month.[14] On 5 June 2014, several OpenSSL
bugs became public. While several projects were notified in advance,[15] LibreSSL was not; Theo de Raadt accused the OpenSSL
developers of intentionally withholding this information from OpenBSD
and LibreSSL.[16] On 20 June 2014, Google created another fork of OpenSSL
called BoringSSL, and promised to exchange fixes with LibreSSL.[17][18] Google has already relicensed some of its contributions under the ISC license, as it was requested by the LibreSSL developers.[17][19] On 21 June 2014, Theo de Raadt
Theo de Raadt
welcomed BoringSSL
and outlined the plans for LibreSSL-portable.[20] Starting on 8 July, code porting for OS X
and Solaris began,[21] while the initial porting to Linux
began on 20 June.[22] Adoption[edit] LibreSSL is the default provider of TLS for:

Alpine Linux[23] Dragonfly BSD[24] HardenedBSD[25] Morpheus Linux[26] OpenBSD[27] OpenELEC[28] TrueOS
packages[29][30] Void Linux[31]

LibreSSL is a selectable provider of TLS for:

packages[32] Gentoo packages[33] OPNsense

Changes[edit] Memory-related[edit] In more detail, some of the more notable and important changes thus far include replacement of custom memory calls to ones in a standard library (for example, strlcpy, calloc, asprintf, reallocarray, etc.).[35][36] This process may help later on to catch buffer overflow errors with more advanced memory analysis tools or by simply observing program crashes (via ASLR, use of the NX bit, stack canaries, etc.). Fixes for potential double free scenarios have also been cited in the VCS commit logs (including explicit assignments of NULL pointer values).[37] There have been extra sanity checks also cited in the commit logs related to ensuring length arguments, unsigned-to-signed variable assignments, pointer values, and method returns. Proactive measures[edit] In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also been code readability updates which help future contributors in verifying program correctness (KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error and I/O abstraction library references). Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining portability for other similar platforms. In addition, explicit_bzero and bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory. Cryptographic[edit] There were changes to help ensure proper seeding of random number generator-based methods via replacements of insecure seeding practices (taking advantage of features offered by the kernel itself natively).[38][39] In terms of notable additions made, OpenBSD
has added support for newer and more reputable algorithms (ChaCha stream cipher and Poly1305 message authentication code) along with a safer set of elliptic curves (brainpool curves from RFC 5639, up to 512 bits in strength). Added features[edit] The initial release of LibreSSL added a number of features: the ChaCha and Poly1305 algorithm, the Brainpool and ANSSI elliptic curves, and the AES-GCM and ChaCha20- Poly1305 AEAD modes. Later versions added the following:[40]

2.1.0: Automatic ephemeral EC keys[41] 2.1.2: Built-in arc4random implementation on OS X
and FreeBSD[42] 2.1.2: Reworked GOST
cipher suite support 2.1.3: ALPN support[43] 2.1.3: SHA-256
Camellia cipher suites 2.1.4: TLS_FALLBACK_SCSV server-side support[44] 2.1.4: certhash as a replacement of the c_rehash script 2.1.4: X509_STORE_load_mem API for loading certificates from memory (enhance chroot support) 2.1.4: Experimental Windows
binaries 2.1.5: Minor update mainly for improving Windows
support, first working 32- and 64-bit binaries[45] 2.1.6: libtls declared stable and enabled by default[46] 2.2.0: AIX
and Cygwin
support[47] 2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid[48] from OpenSSL, initial Windows
XP/2003 support 2.2.2: Defines LIBRESSL_VERSION_NUMBER,[49] added TLS_*methods as a replacement for the SSLv23_*method calls, cmake build support

Old insecure features[edit] The initial release of LibreSSL disabled a number of features by default.[27] Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat, SSL v2 and SSL v3. Later versions disabled more features:

2.1.1: Following the discovery of the POODLE
vulnerability in the legacy SSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default.[50] 2.1.3: GOST
R 34.10-94 signature authentication[40][43] 2.2.1: Removal of Dynamic Engine and MDC-2DES support[48] 2.2.2: Removal of SSLv3 from the openssl binary, removal of Internet Explorer 6 workarounds, RSAX engine.[49] 2.3.0: Complete removal of SSLv3, SHA-0 and DTLS1_BAD_VER

Code removal[edit] The initial release of LibreSSL has removed a number of features that were deemed insecure, unnecessary or deprecated as part of OpenBSD 5.6.[27]

In response to Heartbleed, the heartbeat functionality[51] was one of the first features to be removed Unneeded platforms (Classic Mac OS, NetWare, OS/2, VMS, 16-bit Windows, etc.) Support for platforms that do not exist, such as big-endian i386 and amd64[52] Support for old compilers The IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency on non-free libraries The OpenSSL
PRNG was removed (and replaced with ChaCha20-based implementation of arc4random) Preprocessor macros that have been deemed unnecessary or insecure or were already deprecated in OpenSSL
for a long time (e.g. des_old.h) Older unneeded files for assembly language, C, and Perl
(e.g. EGD) MD2, SEED
functionality SSLv3, SHA-0, DTLS1_BAD_VER

The Dual EC DRBG algorithm, which is suspected of having a back door,[53] was cut along with support for the FIPS 140-2
FIPS 140-2
standard that required it. Unused protocols and insecure algorithms have also been removed, including the support for FIPS 140-2,[54] MD4/MD5[40] J-PAKE,[27] and SRP.[55] Bug backlog[edit] One of the complaints of OpenSSL
was the number of open bugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.[56] Security[edit] Total vulnerabilities between the release of LibreSSL and the release of OpenSSL

Severity LibreSSL OpenSSL

Critical 0 1

High 3 6

Moderate 9 14

Low 6 21

Total 18 42

Since the release of OpenSSL

Severity LibreSSL OpenSSL

1.0.1 1.0.2 1.1.0

Critical 0 0 1 1

High 0 2 7 3

Medium 12 15 22 2

Low 7 10 26 15

Unclassified 2 0 0

Total 21 27 56 21

13 July 2014[edit] Shortly after the first portable release, LibreSSL's PRNG was found to not always reseed the PRNG when forking new processes, and to have low entropy for the seed when /dev/urandom was not available as might happen in a chroot jail.[57] LibreSSL refers to this as the 'Linux forking and PID wrap issue'. This was fixed in LibreSSL 2.0.2.[58] This vulnerability does not apply to OpenSSL
and is a result of the refactoring of the PRNG code in LibreSSL.

CVE reference Description OpenSSL LibreSSL

- (LibreSSL) Linux
forking and PID wrap issue not affected Low,[a] fixed

6 August 2014[edit] OpenSSL
publishes 9 vulnerabilities[59] and released version 1.0.1i fixing the vulnerabilities. LibreSSL releases version 2.0.5[60] fixing the 6 vulnerabilities that were also found in LibreSSL.

CVE reference Description OpenSSL LibreSSL

CVE-2014-3510 (OpenSSL) Flaw handling DTLS anonymous EC(DH) ciphersuites medium fixed

CVE-2014-3508 (OpenSSL) Information leak in pretty printing functions medium partially vulnerable, fixed

CVE-2014-3509 (OpenSSL) Race condition in ssl_parse_serverhello_tlsext medium fixed

CVE-2014-3505 (OpenSSL) Double Free when processing DTLS packets medium not vulnerable

CVE-2014-3506 (OpenSSL) DTLS memory exhaustion medium fixed

CVE-2014-3507 (OpenSSL) DTLS memory leak from zero-length fragments medium fixed

CVE-2014-3511 (OpenSSL) OpenSSL
TLS protocol downgrade attack medium fixed

CVE-2014-5139 (OpenSSL) Crash with SRP ciphersuite in Server Hello message medium Fixed in 2.0.4 by removing code during the embargo

CVE-2014-3512 (OpenSSL) SRP buffer overrun high Fixed in 2.0.4 by removing code during the embargo[61]

15 October 2014[edit] OpenSSL
responds to the POODLE
attack, publishes 4 vulnerabilities[62] and releases version 1.0.1j with fixes for these vulnerabilities. LibreSSL releases version 2.1.1.

CVE reference Description OpenSSL LibreSSL

CVE-2014-3568 (OpenSSL) Build option no-ssl3 is incomplete low Fixed in 2.3.0 (11 months later) by removing all SSLv3 code

CVE-2014-3513 (OpenSSL) SRTP Memory Leak high Fixed in 2.0.2 (3 months earlier)

CVE-2014-3567 (OpenSSL) Session Ticket Memory Leak medium Not vulnerable, fixed before first release

? (OpenSSL) SSL 3.0 Fallback protection medium LibreSSL disables SSLv3[63]

Note: LibreSSL reluctantly added TLS_SCSV_FALLBACK in version 2.1.4[44] "for compatibility with various auditor and vulnerability scanners". 8 January 2015[edit] OpenSSL
publishes 8 vulnerabilities[64] discovered by the OpenSSL
code review and released version 1.0.1k fixing the vulnerabilities. LibreSSL releases 2.1.4[44] with fixes for the CVEs that were applicable to LibreSSL.

CVE reference Description OpenSSL LibreSSL

CVE-2014-8275 (OpenSSL) Certificate fingerprints can be modified low Fixed

CVE-2014-3572 (OpenSSL) ECDHE silently downgrades to ECDH [Client] low Fixed

CVE-2014-3570 (OpenSSL) Bignum squaring may produce incorrect results low Fixed

CVE-2015-0205 (OpenSSL) DH client certificates accepted without verification [Server] low Fixed

CVE-2015-0206 (OpenSSL) DTLS memory leak in dtls1_buffer_record moderate Not vulnerable, fixed before first release

CVE-2014-3571 (OpenSSL) DTLS segmentation fault in dtls1_get_record moderate unfixed

CVE-2014-3569 (OpenSSL) no-ssl3 configuration sets method to NULL low Not vulnerable

CVE-2015-0204 (OpenSSL) RSA silently downgrades to EXPORT_RSA (FREAK) [Client] high[65] Fixed in 2.1.2 (a month earlier)

19 March 2015[edit] OpenSSL
publishes 14 vulnerabilities[66] discovered by the OpenSSL code review and releases versions 1.0.1m and 1.0.2a with fixes for the vulnerabilities. LibreSSL confirms that 5 of these vulnerabilities apply to LibreSSL as well.[67] notably not CVE-2015-0291 which has the highest possible impact rating for OpenSSL
since the code was new in the 1.0.2 branch. LibreSSL released 2.1.6[46] to fix these security issues.

CVE reference Description OpenSSL LibreSSL

CVE-2015-0286 (OpenSSL) Segmentation fault in ASN1_TYPE_cmp moderate Fixed

CVE-2015-0287 (OpenSSL) ASN.1 structure reuse memory corruption moderate Fixed

CVE-2015-0288 (OpenSSL) X509_to_X509_REQ NULL pointer deref moderate Fixed

CVE-2015-0289 (OpenSSL) PKCS7 NULL pointer dereferences moderate Fixed

CVE-2015-0209 (OpenSSL) Use After Free following d2i_ECPrivatekey error low Fixed

CVE-2015-0291 (OpenSSL) ClientHello sigalgs DoS (1.0.2 only) high Affected code is not present

CVE-2015-0207 (OpenSSL) Segmentation fault in DTLSv1_listen (1.0.2 only) moderate Not vulnerable

CVE-2015-0208 (OpenSSL) Segmentation fault for invalid PSS parameters (1.0.2 only) moderate Affected code is not present

CVE-2015-0290 (OpenSSL) Multiblock corrupted pointer (1.0.2 only) moderate Affected code is not present

CVE-2015-0292 (OpenSSL) Base64 decode moderate OpenSSL
fixed this 9 months earlier, LibreSSL fixed in 10 months earlier before the first release.

CVE-2015-0293 (OpenSSL) DoS via reachable assert in SSLv2 servers moderate Affected code is not present

CVE-2015-0285 (OpenSSL) Handshake with unseeded PRNG low Not vulnerable ( LibreSSL PRNG needs no seeding)

CVE-2015-1787 (OpenSSL) Empty CKE with client auth and DHE (1.0.2 only) moderate Not vulnerable (fixed 8 months earlier, before first release)

11 June 2015[edit] OpenSSL
publishes seven vulnerabilities.[68] and releases versions 1.0.1n and 1.0.2b with fixes for the vulnerabilities. LibreSSL confirms that three of these vulnerabilities apply to LibreSSL as well and one is still under review,[47] releases 2.1.7 and 2.2.0.

CVE reference Description OpenSSL LibreSSL

CVE-2015-1788 (OpenSSL) Malformed ECParameters causes infinite loop medium Fixed

CVE-2015-1789 (OpenSSL) Exploitable out-of-bounds read in X509_cmp_time medium Fixed

CVE-2015-1790 (OpenSSL) PKCS7 crash with missing EnvelopedContent medium unfixed

CVE-2015-1792 (OpenSSL) CMS verify infinite loop with unknown hash function medium Fixed

CVE-2015-1791 (OpenSSL) Race condition handling NewSessionTicket low unfixed

CVE-2014-8176 (OpenSSL) Invalid free in DTLS medium Not vulnerable

CVE-2015-4000 (OpenSSL) DHE man-in-the-middle protection (Logjam) medium Fixed in 2.1.5 (3 months earlier)

Note: CVE-2015-4000 was assigned with the second fix for this issue. 9 July 2015[edit] OpenSSL
publishes a single vulnerability[69] and releases versions 1.0.1p and 1.0.2d with fixes for the vulnerability. Bob Beck announces[70] that this vulnerability does not apply to LibreSSL.

CVE reference Description OpenSSL LibreSSL

CVE-2015-1793 (OpenSSL) Alternative chains certificate forgery high Not affected

15 October 2015[edit] Qualys publishes a memory leak and buffer overflow vulnerability[71] in all LibreSSL[b] versions prior to 2.2.4. Ted Unangst announced release 2.2.4 of LibreSSL[72] fixing the vulnerabilities.

CVE reference Description OpenSSL LibreSSL

CVE-2015-5333 (LibreSSL) Memory leak in OBJ_obj2txt() not affected fixed

CVE-2015-5334 (LibreSSL) Buffer overflow
Buffer overflow
in OBJ_obj2txt() not affected fixed

3 December 2015[edit] OpenSSL
publishes five vulnerabilities.[73] and releases versions 1.0.1q and 1.0.2e with fixes for the vulnerabilities. OpenBSD announced[74] to which they were vulnerable and released[75] 2.2.5 and 2.1.9 containing fixes.

CVE reference Description OpenSSL LibreSSL

CVE-2015-3193 (OpenSSL) BN_mod_exp may produce incorrect results on x86_64 (1.0.2 only) Moderate not affected (recent mistake in OpenSSL)

CVE-2015-3194 (OpenSSL) Certificate verify crash with missing PSS parameter Moderate fixed

CVE-2015-3195 (OpenSSL) X509_ATTRIBUTE memory leak Moderate fixed (Not reachable from TLS/SSL)

CVE-2015-3196 (OpenSSL) Race condition handling PSK identify hint low Fixed in 2.0.1 (PSK code deleted 18 months earlier)

CVE-2015-1794 (OpenSSL) Anon DH ServerKeyExchange with 0 p parameter (1.0.2 only) low not affected

28 January 2016[edit] OpenSSL
publishes two vulnerabilities and updates an earlier vulnerability[76] and releases versions 1.0.1r and 1.0.2f with fixes for the vulnerability. LibreSSL releases[77] versions 2.3.2, 2.2.6 and 2.1.10 containing corrections for the two vulnerabilities.

CVE reference Description OpenSSL LibreSSL

CVE-2016-0701 (OpenSSL) DH small subgroups (1.0.2 only) High not affected

CVE-2015-3197 (OpenSSL) SSLv2 doesn't block disabled ciphers Low not affected (SSLv2 code deleted 21 months earlier)

CVE-2015-4000 (OpenSSL) Update on DHE man-in-the-middle protection (Logjam) medium not affected

1 March 2016[edit] On 1 March 2016 the OpenSSL
project announced releases 1.0.1s and 1.0.2g addressing several security issues.

CVE reference Description OpenSSL LibreSSL

CVE-2016-0702 (OpenSSL) Side channel attack on modular exponentiation low unfixed

CVE-2016-0703 (OpenSSL) Divide-and-conquer session key recovery in SSLv2 high not affected (SSLv2 deleted 2 years earlier)

CVE-2016-0704 (OpenSSL) Bleichenbacher oracle in SSLv2 moderate not affected (SSLv2 deleted 2 years earlier)

CVE-2016-0705 (OpenSSL) Double free in DSA key parsing low Fixed in 2.0.2 (fixed 2 years earlier)

CVE-2016-0797 (OpenSSL) BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption low fixed

CVE-2016-0798 (OpenSSL) Memory leak in SRP database lookup low Fixed in 2.0.4 (SRP deleted 17 months earlier)

CVE-2016-0799 (OpenSSL) Fix memory issues in BIO_*printf functions low not affected (fixed 2 years earlier)

CVE-2016-0800 (OpenSSL) Cross-protocol attack on TLS using SSLv2 high not affected (SSLv2 deleted 2 years earlier)

3 May 2016[edit] On 3 May 2016 the OpenSSL
project announced releases 1.0.1t and 1.0.2h addressing several security issues.

CVE reference Description OpenSSL LibreSSL

CVE-2016-2108 (OpenSSL) Memory corruption in the ASN.1 encoder high fixed in 2.2.7/2.3.4[78]

CVE-2016-2107 (OpenSSL) Padding oracle in AES-NI CBC MAC check high fixed in 2.2.7/2.3.4

CVE-2016-2106 (OpenSSL) EVP_EncodeUpdate overflow low fixed in 2.2.7/2.3.4

CVE-2016-2109 (OpenSSL) ASN.1 BIO excessive memory allocation low fixed in 2.2.7/2.3.4

CVE-2016-2176 (OpenSSL) EBCDIC overread low not affected

22 September 2016[edit] On 22 September 2016 the OpenSSL
project announced releases 1.0.1u, 1.0.2i and 1.1.0a addressing several security issues.

CVE reference Description OpenSSL LibreSSL

CVE-2016-6304 (OpenSSL) OCSP Status Request extension unbounded memory growth high fixed in 2.4.3/2.5.0

CVE-2016-6305 (OpenSSL) SSL_peek() hang on empty record moderate not affected (bug introduced in 1.1)[79]

CVE-2016-2183 (OpenSSL) SWEET32 Mitigation low

CVE-2016-6303 (OpenSSL) OOB write in MDC2_Update() low

CVE-2016-6302 (OpenSSL) Malformed SHA512 ticket DoS low

CVE-2016-2182 (OpenSSL) OOB write in BN_bn2dec() low

CVE-2016-2180 (OpenSSL) OOB read in TS_OBJ_print_bio() low

CVE-2016-2177 (OpenSSL) Pointer arithmetic undefined behaviour low

CVE-2016-2178 (OpenSSL) Constant time flag not preserved in DSA signing low fixed in 2.3.6/2.4.1[80]

CVE-2016-2179 (OpenSSL) DTLS buffered message DoS low

CVE-2016-2181 (OpenSSL) DTLS replay protection DoS low

CVE-2016-6306 (OpenSSL) Certificate message OOB reads low

CVE-2016-6307 (OpenSSL) Excessive allocation of memory in tls_get_message_header() low

CVE-2016-6308 (OpenSSL) Excessive allocation of memory in dtls1_preprocess_fragment() low

26 September 2016[edit] On 26 September 2016 the OpenSSL
project announced releases 1.0.2j and 1.1.0b addressing several security issues introduced by regressions in the 22 September 2016 release.

CVE reference Description OpenSSL LibreSSL

CVE-2016-6309 (OpenSSL) Fix Use After Free for large message sizes critical not affected

CVE-2016-7052 (OpenSSL) Missing CRL sanity check moderate not affected

10 November 2016[edit] On 10 November 2016 the OpenSSL
project announced the following CVEs

CVE reference Description OpenSSL LibreSSL

CVE-2016-7054 (OpenSSL) CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack high not affected[81]

CVE-2016-7053 (OpenSSL) Applications parsing invalid CMS structures can crash with a NULL pointer dereference. moderate not affected

CVE-2016-7055 (OpenSSL) Carry propagating bug in the Broadwell-specific Montgomery multiplication low not affected

10 January 2017[edit] On 10 January 2017 a local ECDSA P-256 timing attack was disclosed.[82][83] A local user can mount a cache-timing attack to recover ECDSA P-256 private keys. This vulnerability only affected the obsolete (unsupported) branch 1.0.1 of OpenSSL.

CVE reference Description OpenSSL LibreSSL

CVE-2016-7056 Local ECDSA P-256 timing attack not affected moderate, fixed in LibreSSL 2.4.5[84]

See also[edit]

portal Free Software portal

Comparison of TLS implementations OpenSSH


^ No official rating for this vulnerability is available, however another PRNG seeding issue, CVE-2015-0285 "Handshake with unseeded PRNG", has been rated as low. ^ OpenSSL
does not contain these


^ https://www.youtube.com/watch?v=Yg3iPoZzt2Q&t=97 ^ "LibreSSL: Releases". Retrieved 2 April 2018.  ^ " LibreSSL Releases".  ^ a b Unangst, Ted (22 April 2014). "Origins of libressl". flak. Retrieved 24 April 2014.  ^ Kemer, Sean Michael (22 April 2014). "After Heartbleed, OpenSSL
Is Forked Into LibreSSL". eWeek. Retrieved 24 April 2014.  ^ "Not Just a Cleanup Any More: LibreSSL Project Announced". Slashdot. 22 April 2014. Retrieved 24 April 2014.  ^ M, Constantine (17 May 2014). Soulskill, ed. "30-Day Status Update On LibreSSL". Slashdot.  ^ "LibreSSL".  ^ a b Seltzer, Larry (21 April 2014). " OpenBSD
forks, prunes, fixes OpenSSL". Zero Day. ZDNet. Retrieved 21 April 2014.  ^ Hessler, Peter (15 April 2014). " OpenBSD
has started a massive strip-down and cleanup of OpenSSL". OpenBSD
Journal. Retrieved 24 April 2014.  ^ a b Brodkin, Jon (22 April 2014). " OpenSSL
code beyond repair, claims creator of "LibreSSL" fork". Ars Technica. Retrieved 24 April 2014.  ^ McCallion, Jane (22 April 2014). "Heartbleed: LibreSSL scrubs "irresponsible" OpenSSL
code". PC Pro. Retrieved 23 April 2014.  ^ Larabel, Michael (9 May 2014). " OpenBSD
Affirms That LibreSSL Will Be Portable". Phoronix. Retrieved 30 May 2014.  ^ Beck, Bob (17 May 2014). "LibreSSL: The first 30 days, and what the Future Holds Slides". Retrieved 17 May 2014.  ^ "Re: OpenSSL
seven security fixes". oss-sec (Mailing list). 5 June 2014. Retrieved 9 June 2014.  ^ de Raadt, Theo (5 June 2014). "Re: new OpenSSL
flaws". openbsd-misc (Mailing list). Retrieved 9 June 2014.  ^ a b Langley, Adam (20 June 2014). " BoringSSL
(20 Jun 2014)". ImperialViolet. Retrieved 21 June 2014.  ^ Goodin, Dan (20 June 2014). "Google unveils independent "fork" of OpenSSL
called "BoringSSL"". Ars Technica. Retrieved 21 June 2014.  ^ Sing, Joel (21 June 2014). " OpenBSD
— lib/libssl/src/crypto/evp evp_aead.c e_chacha20poly1305.c". Archived from the original on 22 June 2014. Retrieved 21 June 2014.  ^ de Raadt, Theo (21 June 2014). "Boringssl and such". openbsd-tech (Mailing list). Retrieved 28 October 2015.  ^ Beck, Bob (8 July 2014). " OpenBSD
- lib/libcrypto/crypto getentropy_osx.c getentropy_solaris.c".  ^ Beck, Bob (20 June 2014). " OpenBSD
— lib/libcrypto/crypto getentropy_linux.c".  ^ "Alpine edge has switched to libressl". Natanael Copa. Retrieved 10 October 2016.  ^ "[Beta] git: Switch base to use private LibreSSL libaries [sic]". John Marino. Retrieved 7 September 2016.  ^ " LibreSSL Enabled By Default". Shawn Webb. Retrieved 16 September 2016.  ^ admin. "Project - Morpheus Linux". morpheus.2f30.org.  ^ a b c d Jacoutot, Antoine (1 November 2014). " OpenBSD
5.6 Released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ Raue, Stephan. " OpenELEC Mediacenter - [Beta] OpenELEC 6.0 Beta 2 released". openelec.tv.  ^ "PC-BSD Evolves into TrueOS". Retrieved 16 September 2016.  ^ Mark VonFange. "PC-BSD 10.1.2: an Interview with Kris Moore". Official PC-BSD Blog. Retrieved 15 October 2015.  ^ " LibreSSL enabled by default". Void Linux. Retrieved 15 October 2015.  ^ "Add DEFAULT_VERSIONS=ssl=XXX".  ^ "Project: LibreSSL - Gentoo".  ^ " OPNsense
version 15.7 Released". OPNsense. Retrieved 15 October 2015.  ^ Orr, William (23 April 2014). "A quick recap over the last week". OpenSSL
Valhalla Rampage. Retrieved 30 April 2014. [self-published source?] ^ " OpenBSD
LibreSSL CVS Calloc Commits".  ^ " OpenBSD
LibreSSL CVS Double Free Commits".  ^ " OpenBSD
LibreSSL CVS insecure seeding".  ^ " OpenBSD
LibreSSL CVS Kernel Seeding".  ^ a b c "LibreSSL-portable ChangeLog". LibreSSL.  ^ Beck, Bob (12 October 2014). " LibreSSL 2.1.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ Beck, Bob (9 December 2014). " LibreSSL 2.1.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ a b Cook, Brent (22 January 2015). " LibreSSL 2.1.3 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ a b c Cook, Brent (4 March 2015). " LibreSSL 2.1.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ Cook, Brent (17 March 2015). " LibreSSL 2.1.5 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ a b Cook, Brent (19 March 2015). " LibreSSL 2.1.6 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ a b Cook, Brent (11 June 2015). " LibreSSL 2.1.7 and 2.2.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ a b Cook, Brent (9 July 2015). " LibreSSL 2.2.1 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ a b Cook, Brent (6 August 2015). " LibreSSL 2.2.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ Beck, Bob (16 October 2014). " LibreSSL 2.1.1 released".  ^ " OpenBSD
LibreSSL CVS OPENSSL_NO_HEARTBEATS".  ^ Miod Vallat. "Remove support for big-endian i386 and amd64".  ^ Perlroth, Nicole (10 September 2013). "Government Announces Steps to Restore Confidence on Encryption Standards". The New York Times. Retrieved 9 May 2014.  ^ "The future (or lack thereof) of LibreSSL's FIPS Object Module".  ^ Beck, Bob (3 August 2014). " LibreSSL 2.0.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ Vallat, Miod (10 November 2014). "Re: CVS: cvs.openbsd.org: src". openbsd-cvs (Mailing list). Retrieved 28 October 2015.  ^ Ayer, Andrew (13 July 2014). "LibreSSL's PRNG is Unsafe on Linux".  ^ Beck, Bob (16 July 2014). " LibreSSL portable 2.0.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ " OpenSSL
Security Advisory [6 Aug 2014]". 6 August 2014.  ^ Cook, Brent (8 August 2014). " LibreSSL 2.0.5 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ "Remove SRP code". 28 July 2014.  ^ " OpenSSL
Security Advisory [15 Oct 2014]". 15 October 2014.  ^ Sing, Joel (15 October 2015). "Disable SSLv3 by default". openbsd-cvs (Mailing list). Retrieved 28 October 2015.  ^ " OpenSSL
Security Advisory [08 Jan 2015]". 8 January 2015.  ^ Reclassified from low to high ^ " OpenSSL
Security Advisory [19 Mar 2015]". 19 March 2015.  ^ Beck, Bob (19 March 2015). "Official word outbound: Of the 13 CVE's only 5 affect #LibreSSL".  ^ " OpenSSL
Security Advisory [11 Jun 2015]". 11 June 2015.  ^ " OpenSSL
Security Advisory [09 Jul 2015]". 9 July 2015.  ^ Beck, Bob (9 July 2015). "# LibreSSL is not vulnerable to CVE-2015-1793".  ^ "Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)". oss-security (Mailing list). 15 October 2015. Retrieved 28 October 2015.  ^ Unangst, Ted (15 October 2015). "Oct 15 OpenBSD
errata and LibreSSL releases". openbsd-announce (Mailing list). Retrieved 28 October 2015.  ^ " OpenSSL
Security Advisory [3 Dec 2015] - Updated [4 Dec 2015]". 4 December 2015.  ^ " OpenBSD
errata, Dec 3, 2015" (Mailing list). 3 December 2015.  ^ " LibreSSL 2.2.5 and 2.1.9 released" (Mailing list). 8 December 2015.  ^ " OpenSSL
Security Advisory [28 Jan 2016]". 28 January 2016.  ^ " LibreSSL 2.3.2, 2.2.6, and 2.1.10 released". 28 January 2016.  ^ >http://marc.info/?l=openbsd-tech&m=146228598730414&w=2 ^ "Openssl : Security vulnerabilities". www.cvedetails.com.  ^ https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.6-relnotes.txt ^ Inc., OpenSSL
Foundation,. "/news/vulnerabilities.html". www.openssl.org.  ^ Garcia, Cesar Pereida. "oss-sec: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)". seclists.org.  ^ https://eprint.iacr.org/2016/1195.pdf ^ https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.5-relnotes.txt

External links[edit]

Official website LibreSSL Portable on GitHub

v t e

The OpenBSD

Operating system


version history security

Related projects

CARP LibreSSL mandoc OpenSSH OpenBGPD OpenIKED OpenOSPFD OpenNTPD OpenSMTPD PF sndio spamd Systrace tmux Xenocara




Theo de Raadt Niels Provos OpenBSD
Foundation Plaid Tongued Devils



v t e

Cryptographic software

Email clients

Apple Mail Claws Mail Enigmail GPG (Gpg4win) Kontact Outlook p≡p PGP Sylpheed Thunderbird

Secure communication


Adium BitlBee Centericq ChatSecure climm Jitsi Kopete MCabber Profanity


Dropbear lsh OpenSSH PuTTY SecureCRT WinSCP wolfSSH Xshell


Bouncy Castle BoringSSL Botan cryptlib GnuTLS JSSE LibreSSL MatrixSSL NSS OpenSSL mbed TLS RSA BSAFE SChannel SSLeay stunnel wolfSSL


Check Point VPN-1 Hamachi Openswan OpenVPN SoftEther VPN strongSwan Tinc


CSipSimple Jitsi Linphone Ring Zfone


Bitmessage RetroShare Tox


Matrix OMEMO

Conversations Cryptocat ChatSecure

Proteus Signal Protocol

Google Allo Facebook Messenger Signal TextSecure WhatsApp

Disk encryption (Comparison)

BestCrypt BitLocker CrossCrypt Cryptoloop DiskCryptor dm-crypt DriveSentry E4M eCryptfs FileVault FreeOTFE GBDE geli LUKS PGPDisk Private Disk Scramdisk Sentry 2020 TrueCrypt




GNUnet I2P Java Anon Proxy Tor Vidalia RetroShare Ricochet Wickr

systems (List)

EncFS EFS eCryptfs LUKS PEFS Rubberhose StegFS Tahoe-LAFS

Service providers

Freenet Tresorit TeamDrive Wuala



Related topics

Outline of cryptography Timeline of cryptography Hash functions

Cryptographic hash function List of hash functions


Category Commons Portal

v t e


Protocols and technologies

Transport Layer Security / Secure Sockets Layer (TLS/SSL) Datagram Transport Layer Security (DTLS) Server Name Indication (SNI) Application-Layer Protocol Negotiation (ALPN) DNS-based Authentication of Named Entities (DANE) DNS Certification Authority Authorization (CAA) HTTPS HTTP Strict Transport Security
HTTP Strict Transport Security
(HSTS) HTTP Public Key Pinning (HPKP) OCSP stapling Perfect forward secrecy STARTTLS

Public-key infrastructure

Automated Certificate Management Environment (ACME) Certificate authority
Certificate authority
(CA) CA/Browser Forum Certificate policy Certificate revocation list (CRL) Domain-validated certificate (DV) Extended Validation Certificate
Extended Validation Certificate
(EV) Online Certificate Status Protocol (OCSP) Public key certificate Public-key cryptography Public key infrastructure
Public key infrastructure
(PKI) Root certificate Self-signed certificate

See also

Domain Name System Security Extensions (DNSSEC) Internet Protocol Security (IPsec) Secure Shell
Secure Shell


Export of cryptography from the United States Server-Gated Cryptography


Bouncy Castle BoringSSL Botan cryptlib GnuTLS JSSE LibreSSL MatrixSSL mbed TLS NSS OpenSSL RSA BSAFE S2n SChannel SSLeay stunnel wolfSSL


Certificate Transparency Convergence HTTPS
Everywhere Perspectives Project



Man-in-the-middle attack Padding oracle attack


Bar mitzvah attack


(in regards to SSL 3.0)


Certificate authority
Certificate authority
compromise Random number generator
Random number generator
attacks FREAK goto fail Heartbleed Lucky Thirteen attack POODLE
(in regards