LibreSSL, OpenSSL Replacement: The First 30 Days
LibreSSL is the OpenBSD group's response to the Heartbleed security vulnerability that was discovered a few weeks ago in OpenSSL. LibreSSL aims at fully pruning/refactoring OpenSSL to provide a secure and stable code base, fix long standing bugs, introduce modern programming practices, and redesign portability. Bob Beck, OpenBSD developer and the director of Alberta-based non-profit OpenBSD Foundation gave a talk at BSDCan 2014 in Ottawa providing a 30-day status update.
LibreSSL aims at applying a "saner" development model by targeting a mature operating system like OpenBSD and not trying to support older compilers like Visual C 1.52 or older OSes, what made OpenSSL be built into some sort of "lowest common denominator" C. Along the same lines, LibreSSL wants to avoid the "spaghetti mess of
#ifdef #ifndef horror" by encapsulating all platform-dependent code in platform-specific layers and force all platforms to use them, along the lines of the approach to portability taken in OpenSSH.
During the first month of work on LibreSSL, unused code has been removed, as well as support for older or now-rare operating systems. Among the most notable removals are support for Ebcdic, DOS, MacOS Classic support (pre OS X), Win16 and other many flavours of Windows, VMS, and others. The heartbleed functionality itself has been removed.
Among the most important changes aiming at fixing security problems with OpenSSL, Bob Beck lists the following:
- All OpenSSL custom memory calls (malloc, calloc, realloc, snprintf, strlcat, etc.) have been replaced by calls to the standard library.
- Improper seeding of random number generator has been fixed by relaying on features offered by the kernel itself for entropy generation.
- Several new cipher suites based on Brainpool, ChaCha, poly1305, and ANSSI FRP256v1 algorithms.
- Support for the FIPS standard was removed because considered harmful and unconvenient for the development of the library, together with its mandated Dual_EC_DRBG algorithm, which was suspected of including a backdoor.
- Many bugs taken directly from OpenSSL Request Tracker have been fixed, although they haven't been yet for OpenSSL.
Only in the first week of code pruning, more than 90,000 lines of C code were removed. All this intense refactoring is being tested for API compatibility against the OpenBSD ports tree, which includes more than 8,000 applications.
The discovery of the OpenSSL Heartbleed vulnerability sparked an intense discussion about the status of the library across the Internet. Among the main reasons behind criticism were the way the project was run, the quality of the API and source code, deemed impenetrable, and its documentation.
That should be certainly the starting point to understand how LibreSSL came into existence, but, according to Bob Beck, Heartbleed was not the only issue with OpenSSL. More important was the malloc replacement that it used, which had several problems, such as not freeing memory, using a LIFO recycling scheme ending up allowing reuse after free, and allowing to replace malloc/free at runtime. Even worse, goes on Bob, is the way the project was managed, i.e., by giving priority to new features implementation and not applying patches there were sent in to fix bugs: "Bugs rot for years in the bug tracker". To further complicate the matter, OpenSSL code is so contrived, says Bob, that even tools like Valgrind could not detect the issues with the allocator.
LibreSSL was forked from the OpenSSL library starting with the 1.0.1g branch and will follow the security guidelines used elsewhere in the OpenBSD project.
LibreSSL aims at being API compatible with OpenSSL and initially targets POSIX based systems, namely OpenBSD 5.6. Only after a stable version is reached for the reference platform, work will start to port it back to other platforms.
LibreSSL is actively looking for funding commitment for a couple of years in order to:
- Sponsor several developers to re-write some key pieces of the codebase.
- Sponsor some efforts of the portability/ports people to track the effects of changes through the ports tree and push changes upstream.
- Speed the rewrite of the library without affecting OpenBSD, OpenSSH and related projects.
The OpenBSD Foundation has asked the Linux Foundation for sponsorship but it has not yet received a commitment.
Todd Montgomery Dec 19, 2014
Juergen Hoeller,Stéphane Nicoll Dec 18, 2014