
LibreSSL: More Than 30 Days Later - lflux
http://www.openbsd.org/papers/eurobsdcon2014-libressl.html
======
peatmoss
I've said this before, but kudos to the OpenBSD Project for shouldering a
disproportionate share of the burden of maintaining core bits of our
libre/open infrastructure. I can't think of anyone in tech who has not
benefited mightily from OpenSSH and who will not benefit mightily from
LibreSSL.

This article is a good reminder for me to get off my arse and cut my meager
grad-student checks to the EFF and OpenBSD project.

~~~
riffraff
> disproportionate share

Disproportionate based on/compared to what? (I agree that the openbsd folks do
a ton of good, I am just trying to understand your references here)

~~~
peatmoss
What spindritf said. OpenBSD has an extraordinarily high impact-to-X ratio,
for many values of X (funding, notoriety, number of contributors, unnecessary
problematization, glamor, etc.).

Even though I'm more likely to use OS X or Linux these days than OpenBSD,
OpenBSD would fare better in the absence of most Linux distros, than most
Linux distros would fare without OpenBSD.

~~~
dobbsbob
You're probably using plenty of OpenBSD software anyways like pf in OSX

~~~
peatmoss
Wow, I'd forgotten that one. I guess that really proves the point about
OpenBSD being everywhere.

------
Panino
Among the good and bad stories this year, so far, LibreSSL is the good story
of the year.

Also happy to hear a bit about the ressl API. To me it sounds like a focused,
high-level API that makes it easy to get right and hard to get wrong. So kind
of like NaCl. It's clearly the future -- look at the huge amount of software
being written for Sodium now, for example. It's huge.

~~~
ianlevesque
Relatedly is there an SSL implementation based on NaCL anywhere?

~~~
jfindley
Not exactly the same thing, but there's CurveCP which is essentially a TCP
replacement for creating encrypted communication tunnels. It is part of NaCL
and uses the same crypto primitives.

It's a really interesting project, but it's not ready for production use just
yet, and even when it is I don't think that replacing SSL is necessarily what
it's targeting.

------
Twirrim
> In particular, we answer the question "What would the user like to do?" and
> not "What does the TLS protocol allow the user to do?"

This makes me think of the laudable approach taken by the developers for the
Cryptography library for python. Expose functions to users with _sane and
safe_ settings to users, and provide the abilities to override the defaults if
you really must (but in such a manner that it's extremely clear that you're
stepping into dangerous territory)

------
MoOmer
Interesting and quick work. The story of the libcrypto SRP glass house makes
me feel like a little kid who just heard a ghost story.

Is OpenSSL being notified of security bugs you all find in your pairing down
process?

~~~
clarry
> Is OpenSSL being notified of security bugs you all find in your pairing down
> process?

Determining whether a bug can actually be exploited (on what system, under
what configuration?) is hard work, and it's harder still to prove a negative.
Mostly the OpenBSD devs just fix the bug and move on. If it looks like the
typical kind of a bug that could lead to crashes, they release a patch against
the previous two releases (assuming the code is present there).

A lot of the bugs they fix turn out to be "security bugs" only long after
someone else finds that out on a version of the code running on another system
not hardened by the OpenBSD devs.

After 5.6, if any serious bug is found, you can expect to find a patch for it
on
[http://www.openbsd.org/errata56.html](http://www.openbsd.org/errata56.html) ;
however, as the code between LibreSSL and OpenSSL diverges, it won't be
obvious whether they apply to OpenSSL at all.

------
bickfordb
It's pretty surprising that they are using CVS for a new project

~~~
segmondy
What's so surprising? OpenBSD folks don't fall for the next new shiny thing.
10 years from now, something else might take over git, and everyone will jump
to it. OpenBSD folks don't care, if what they have works, they stick to it.

~~~
Peaker
Do you consider "git" a shiny new thing?

Using CVS over git in this day and age is a very dumb decision. They may make
up for it in other, good decisions. But this decision is a dumb one.

~~~
currysausage
_> But this decision is a dumb one._

What is it with this obsession with telling people _how_ to get sh't done? If
they write their code on used kleenex using wax crayons and share that using
carrier pigeons, I don't give a sh't as long as the finished product is fine.

~~~
danielweber
It's a perfect example of bike-shedding.

Most readers have no way of evaluating their crypto primitives, or their
nuclear power plant, or a zillion other things.

But we _can_ evaluate their source control!

~~~
EdwardDiego
That bike shed would be way more robust if you used FP to paint it.

------
Beltiras
There is some agonizing done over the rewrite culminating in the need for a
redesign of the API. I've wondered why there wasn't a light-weight library
that simply implemented the _smallest_ number of protocols to delivered the
necessary components for a secure _HTTPS_ connection. You'd have some other
library for other protocols, but this one should have the feature of being as
light-weight (and small) as possible. Wouldn't that be the cyphersuite of
choice for most hosting facilities?

------
rocky1138
Off-topic, but the markup of that page is really interesting. I've never seen
someone do this before:

<h1>LibreSSL: More Than 30 Days Later</h1> Ted Unangst<p> tedu@openbsd.org<p>

LibreSSL was officially announced to the world just about exactly five months
ago. Bob spoke at BSDCan about the first 30 days. For those who weren't there,
I'll quickly rehash some of that material. Also, it's always best to start at
the beginning, but then I'll try to focus on some new material and updates.

<h1>openssl</h1>

~~~
_ZeD_
What's so strange about this markup? It's plain html.

~~~
cygx
He's probably unaware of tag omission[1].

The site uses it incorrectly, though: The <p> tag belongs at the start of a
paragraph - it is _not_ a separator like <br>.

[1] [http://www.w3.org/TR/html-
markup/p.html#p-tags](http://www.w3.org/TR/html-markup/p.html#p-tags)

------
felixrabe
It kinda bugs me when time-sensitive articles (like those about software) are
published without a date on them. The article does not mention a date when it
was written, I assume it was recently. It mentions "2014-09-09 FreeBSD
advisory", and the date today is 2014-09-28, so September 2014 is a good bet.

~~~
ams6110
It was presented at EuroBSDCon2014, but you're right that's not really obvious
IN the paper (it is indicated in the URL).

A more chronological catalog is at
[http://www.openbsd.org/papers/](http://www.openbsd.org/papers/)

------
IshKebab
> Look at all the points where memory is allocated, and then make sure it is
> freed, exactly one time, no more, no less.

C is clearly the wrong language for something this security critical if that's
where your bugs are. C++ solved this many years ago.

~~~
AceJohnny2
While I agree that C is the wrong language for security-critical applications
(and I write this as a mostly C developer myself), I strongly disagree that
C++ is a better language. Sure, it has constructors and destructors and pass-
by-reference, but that's not enough, and cons/destr's don't fit the common
memory usage-model of performance-critical applications (where an SSL library
is often used), which use preallocated memory pools.

~~~
wtetzner
Seems like an area where Rust could really shine.

~~~
tormeh
How about Ada?

~~~
krylon
I think - please correct me if I'm wrong - that Ada has pretty much the same
problems as C if you use manual dynamic memory management. Ada supports
Garbage Collection in theory, but it is optional, and I don't think many
implementations actually supply a GC. Especially since Ada apparently is often
used in realtime systems where dynamic memory management is usually avoided
altogether (there is a subset of Ada specifically designed for building
realtime software that explicitly prohibits any dynamic memory management).

Ada is - as far as I remember - much safer with regards to buffer overflows
and bounds checking. But the bigger problem is probably that far more
developers know C than Ada, and that something like an SSL library intended
for widespread use needs to work with many different compilers and linkers. If
you use GCC, I think it is possible to compile Ada code using the GNU Ada
compiler and link it to C code compiled using the GNU C compiler, but I am not
sure how things look if you use some other C compiler.

------
illumen
So...

* it's broken on other platforms

* they broke features in their releases (no QA/testing?)

* they're making a new API based on requirements of their own programs that doesn't provide many of the OpenSSL features.

* they're using CVS, no public code reviews available. There's no evidence some of the changes were reviewed by someone other than who made the commit. (OpenSSL now does reviews)

* no public audit available.

* they have some hateful note about hipsters on their web page as an excuse after 5 months to not make it readable. So unprofessional it hurts.

* Most changes were done five months ago, with not much at all done for two months.

* The test/ directory has very few changes at all. No extra tests have been added.

* I can't find a release plan, architecture documentation, or any documentation a serious software project should have. (OpenSSL is working on these though)

Finally... their official distribution website doesn't use SSL. That's a major
security issue of the face palm variety.

Not. Inspiring. Confidence.

The OpenSSL project on the other hand has been doing some good work. Please
see the projects road map from July to see what they are changing.
[https://www.openssl.org/about/roadmap.html](https://www.openssl.org/about/roadmap.html)

~~~
kome
> they have some hateful note about hipsters on their web page as an excuse
> after 5 months to not make it readable. So unprofessional it hurts.

Are you talking about this
[http://www.libressl.org/](http://www.libressl.org/) ? That's one of the most
readable webpage ever.

~~~
DanBC
On iOS the font used to be a horrible script - really hard to read.

Currently it's comic sans (or a clone of it).

I personally fucking love the site and wish wish wish more people would stop
throwing weird stuff in websites. I do think the dig at hipsters is
pointlessly antagonistic. Isn't there an evangelism guide for people in open
source projects?

~~~
pgeorgi
> evangelism guide for people in open source projects

There are, tons of them. OpenBSD traditionally doesn't give a fuck, and backs
up that attitude by shipping solid products.

Not exactly surprising given the history of the project (started by de raadt
after being kicked out of NetBSD for being hard to work with).

If external reviews, github pull requests and documentation galore are
important to the GP, they better stop using OpenSSH, which is developed using
the same unfathomable development methods as libressl.

