Linked by Thom Holwerda on Wed 23rd Apr 2014 22:19 UTC, submitted by mlauzon
Privacy, Security, Encryption

Members of the OpenBSD project, already known for the OpenBSD operating system and related projects such as OpenSSH, OpenBGPD, OpenNTPD, OpenSMTPD, are creating a fork of the OpenSSL project, likely to be called LibreSSL. (OpenSSL and OpenBSD are completely separate projects with different people working on them.)

Apparently, the focus is not so much on taking OpenSSL into a completely different direction, but more on a massive code cleanup and long-overdue maintenance.

Order by: Score:
Finally...
by xnoreq on Thu 24th Apr 2014 00:28 UTC
xnoreq
Member since:
2009-01-06

Oh and anyone interested in following the development:
http://opensslrampage.org/

Edited 2014-04-24 00:30 UTC

Reply Score: 6

v RE: Finally...
by Luminair on Thu 24th Apr 2014 03:23 UTC in reply to "Finally..."
RE[2]: Finally...
by YALoki on Thu 24th Apr 2014 04:57 UTC in reply to "RE: Finally..."
YALoki Member since:
2008-08-13

Who is this tedunangst guy?
His name is Ted Unangst. The surname is from the German where un = not and angst = fear

Is it really true that OpenBSD people are crazy assholes?

Only if that is a term that describes people who spend lots of their spare time writing code that is as secure as the best.

As well it would have to describe people who not only write good code but who make it available free of charge with a licence that only has one restriction.
(See: http://www.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.templa...)

And to cap it all this project's plan is:
1/ Clean out the cruft and replace all insecure code with quality work.

2/ Bed it down and audit after it checks out as functional on OpenBSD

3/ After a break from doing the above and when manpower and funds are up to it, engineer a portable version in the manner that OpenSSH has. That makes it much easier for porting to other platforms.

Crazy? For doing all that work for $0? Maybe.
Assholes? Assholes don't provide other platforms with well documented reliable source code that needs little work to get working.

Reply Score: 9

RE[3]: Finally...
by cfgr on Thu 24th Apr 2014 17:37 UTC in reply to "RE[2]: Finally..."
cfgr Member since:
2009-07-18

Crazy? For doing all that work for $0? Maybe.
Assholes? Assholes don't provide other platforms with well documented reliable source code that needs little work to get working.


I sometimes wonder why people think the OpenBSD guys are assholes. I've been following the lists for a while (though less than I used to) and to be honest, the few assholes there are pretty much always trolls that have nothing to do with OpenBSD. So I tend to think it's hearsay that starts to confirm itself when repeated often enough by people who 1) don't read the source, 2) take things out of context or 3) feel offended way too easily.

/rant

Edited 2014-04-24 17:38 UTC

Reply Score: 4

RE[4]: Finally...
by kwan_e on Fri 25th Apr 2014 04:06 UTC in reply to "RE[3]: Finally..."
kwan_e Member since:
2007-02-18

"Crazy? For doing all that work for $0? Maybe.
Assholes? Assholes don't provide other platforms with well documented reliable source code that needs little work to get working.


I sometimes wonder why people think the OpenBSD guys are assholes.
"

Guilt by association with Theo de Raadt. And personally, I think Theo isn't really as bad as Linus and I don't think you can really be arseholes about security. It's a serious issue and there can be no pussyfooting.

Reply Score: 4

RE[4]: Finally...
by Soulbender on Fri 25th Apr 2014 08:51 UTC in reply to "RE[3]: Finally..."
Soulbender Member since:
2005-08-18

I sometimes wonder why people think the OpenBSD guys are assholes


The funny thing is how often this is said by people who also laud Linus for is frankness.

Edited 2014-04-25 08:56 UTC

Reply Score: 4

RE[5]: Finally...
by gfolkert on Fri 25th Apr 2014 19:25 UTC in reply to "RE[4]: Finally..."
gfolkert Member since:
2008-12-15

Linus ain't got nothing on Theo de Raadt.

Reply Score: 2

RE[6]: Finally...
by Soulbender on Sat 26th Apr 2014 07:42 UTC in reply to "RE[5]: Finally..."
Soulbender Member since:
2005-08-18

Theo is actually comparatively mellow these days.

Reply Score: 3

RE[6]: Finally...
by kwan_e on Sat 26th Apr 2014 09:17 UTC in reply to "RE[5]: Finally..."
kwan_e Member since:
2007-02-18

Linus ain't got nothing on Theo de Raadt.


No. When Linus called the OpenBSD guys masturbating monkeys for their fixation on security over other bugs, Theo won by explaining that they treat any bug (including documentation) as having potential security implications. ie, they don't concentrate on security bugs, but that they look at every bug in terms of security. So Linus was being the arsehole and he got his arse kicked.

* This was my recollection of events.

Edited 2014-04-26 09:18 UTC

Reply Score: 3

RE[2]: Finally...
by Soulbender on Thu 24th Apr 2014 06:27 UTC in reply to "RE: Finally..."
Soulbender Member since:
2005-08-18

Who is this tedunangst guy?

A better developer than you and I will ever be.

Is it really true that OpenBSD people are crazy assholes?


....does it matter what we answer? You have already made up your mind.

Edited 2014-04-24 06:31 UTC

Reply Score: 4

RE: Finally...
by reduz on Thu 24th Apr 2014 05:16 UTC in reply to "Finally..."
reduz Member since:
2006-02-25

This is gold.

How comes everyone was using this library blindly like that, did no one ever have the balls to audit it?

Edited 2014-04-24 05:20 UTC

Reply Score: 4

RE[2]: Finally...
by 1c3d0g on Thu 24th Apr 2014 16:50 UTC in reply to "RE: Finally..."
1c3d0g Member since:
2005-07-06

This is gold.

How comes everyone was using this library blindly like that, did no one ever have the balls to audit it?

They did, but it appears not all is green on the other side of the fence (playing devil's advocate):

http://arstechnica.com/information-technology/2014/04/tech-giants-c...
“OpenSSL rarely accepts code contributions,” the developer wrote in an e-mail. “The work just sits in the RT [request tracker] system. I've got patches for bug fixes and documentation changes that have *never* even been considered.”


OTOH, I must mention this:

OpenSSL has a “smaller community of people who have very specialized expertise.”
Not always the best kinds of people when it comes to communication/dialogue & leadership skills of such an important yet unforgiving project.

One mistake is all it takes for the whole world to come down your throat with an ax - or at the minimum gnash their teeth at you, while no one else wants to (or is even able to) lift a finger, since it requires a very thorough understanding of the inner workings of cryptography, network security, etc.

It's certainly not the easiest project to be a developer/maintainer for, that's for damn sure.

Reply Score: 4

Comment by Drumhellar
by Drumhellar on Thu 24th Apr 2014 00:30 UTC
Drumhellar
Member since:
2005-07-12

Eww. I hate the name.

However, good work.

It should be noted that they didn't remove Windows support; rather, they removed old Win32 support. They removed old code that worked around an absence of features that Windows used to lack (POSIX-style sockets, for example), but now supports. So, Win9x will no longer be supported, likely NT4 won't work.

Reply Score: 5

RE: Comment by Drumhellar
by Treza on Thu 24th Apr 2014 01:51 UTC in reply to "Comment by Drumhellar"
Treza Member since:
2006-01-11

Eww. I hate the name.


Libre cómo el aire
Libre cómo el viento
Cómo las estrellas en el firmamento !

Reply Score: 3

RE[2]: Comment by Drumhellar
by reduz on Thu 24th Apr 2014 05:10 UTC in reply to "RE: Comment by Drumhellar"
reduz Member since:
2006-02-25

Como el mar.

Reply Score: 3

RE: Comment by Drumhellar
by YALoki on Thu 24th Apr 2014 04:25 UTC in reply to "Comment by Drumhellar"
YALoki Member since:
2008-08-13

The name of the project is LibReSSL.

Reply Score: 4

RE: Comment by Drumhellar
by bassbeast on Fri 25th Apr 2014 15:19 UTC in reply to "Comment by Drumhellar"
bassbeast Member since:
2007-11-11

Considering neither NT4 nor Win98 haven't been supported by...well pretty much anybody for over a decade? Can't really say as I blame 'em for tossing the cruft.

Reply Score: 3

My Crypto
by Alfman on Thu 24th Apr 2014 02:17 UTC
Alfman
Member since:
2011-01-28

I created my own crypto lib a few years ago to learn and as a personal challenge. It's not nearly as feature complete as openssl, but it could be if I continued to work on it - ideally I could commit to it professionally rather than as a side-hobby competing for my personal time. I figured there would be little interest in yet another unknown 3rd party crypto package, however given the quality issues with openssl maybe there is an opening for independent projects?

I actually love this kind of work, but I'm always forced to revert to less interesting web-dev stuff because that's what pays the bills; I have yet to find anyone interested in funding my pet projects. Any takers? ;)

Reply Score: 4

RE: My Crypto
by kwan_e on Thu 24th Apr 2014 04:10 UTC in reply to "My Crypto"
kwan_e Member since:
2007-02-18

I created my own crypto lib a few years ago to learn and as a personal challenge. It's not nearly as feature complete as openssl, but it could be if I continued to work on it - ideally I could commit to it professionally rather than as a side-hobby competing for my personal time. I figured there would be little interest in yet another unknown 3rd party crypto package, however given the quality issues with openssl maybe there is an opening for independent projects?

I actually love this kind of work, but I'm always forced to revert to less interesting web-dev stuff because that's what pays the bills; I have yet to find anyone interested in funding my pet projects. Any takers? ;)


How feature complete is it compared to crypto++? Or more importantly, how much do you know about withstanding attacks to styles of implementations of common crypto functionality? My limited understanding of the subject is that you can eliminate the very common buffer-related errors, but there are still a whole host of other designs which can be attacked.

Reply Score: 3

RE[2]: My Crypto
by Alfman on Thu 24th Apr 2014 12:59 UTC in reply to "RE: My Crypto"
Alfman Member since:
2011-01-28

kwan_e,

[q]How feature complete is it compared to crypto++? Or more importantly, how much do you know about withstanding attacks to styles of implementations of common crypto functionality? My limited understanding of the subject is that you can eliminate the very common buffer-related errors, but there are still a whole host of other designs which can be attacked.[q]

Well, that's the thing. You don't know until it gets revealed ;)

With careful & consistent coding, you should avoid buffer overflows which are so common with C. That's pretty bad that openssl had these. Side channel attacks are tougher though because even the timing of code can leak information. The most obvious way to solve this is to make every operation take the same amount of time. For asymmetric encryption like RSA, that means running more iterations than actually needed to encrypt/decrypt data.

Symmetric algorithms generally already have an even time distribution, however there are other subtle issues: Symmetric ciphers like AES can have very complicated local attacks whereby the attacker controls which pages of the lookup tables are in cache, which can happen when the lookup tables are in a shared library accessible to the attacker. Therefor a timing attack could leak information about the bits that determine which cache entries get used. There's lots of entropy complicating matters, but over enough measurements there will conceivably be a correlation. A solution needs to eliminate this correlation.

Also, historically many implementations have failed due to faulty random number generation. TBH I've never worked on this since my code just reads from /dev/random.


Even though I'm aware of the issues, sometimes it can be easy to slip up and make invalid assumptions. I still enjoy the challenge though. In any case, hardware implementations (ie intel's new aes instructions) are hopefully not vulnerable ;)

Edited 2014-04-24 13:06 UTC

Reply Score: 3

RE[3]: My Crypto
by Alfman on Thu 24th Apr 2014 14:55 UTC in reply to "RE[2]: My Crypto"
Alfman Member since:
2011-01-28

More info about cache attacks:
http://tau.ac.il/~tromer/papers/cache-joc-20090619.pdf

A long, yet very interesting read!

Reply Score: 3

RE[4]: My Crypto
by kwan_e on Fri 25th Apr 2014 04:02 UTC in reply to "RE[3]: My Crypto"
kwan_e Member since:
2007-02-18

More info about cache attacks:
http://tau.ac.il/~tromer/papers/cache-joc-20090619.pdf

A long, yet very interesting read!


It's stuff like this that makes me wonder if it is wise to keep redeveloping crypto suites and possibly reinventing the same lines of attacks that a more mature library may have dealt with already.

Reply Score: 3

RE[5]: My Crypto
by Alfman on Fri 25th Apr 2014 13:43 UTC in reply to "RE[4]: My Crypto"
Alfman Member since:
2011-01-28

kwan_e,

It's stuff like this that makes me wonder if it is wise to keep redeveloping crypto suites and possibly reinventing the same lines of attacks that a more mature library may have dealt with already.


Well, on the other hand these recent breaks show just how bad it is to have a monoculture with little diversity. When there's a failure, it's catastrophic. Diversity is necessary for good security practices, and yet the general attitude in the community actively discourages it.

For what it's worth, my symmetric aes encryption code wasn't vulnerable to this cache attack. Obviously it's hard to tell what other unknown vulnerabilities there might be though.

I think the solution shouldn't be discouraging alternatives, but creating and encouraging the widespread use of new tools to help us audit the code for side channel flaws. The paper above documents some very powerful analytic techniques that could be built into a standard framework in such a way that anybody could benefit (crypto and even in other libraries). It would certainly help build confidence that an implementation isn't vulnerable to these kinds of extremely subtle problems. This would be true both of independent crypto code as well as openssl/dmcrypt/etc.

Reply Score: 3

RE[6]: My Crypto
by kwan_e on Fri 25th Apr 2014 14:01 UTC in reply to "RE[5]: My Crypto"
kwan_e Member since:
2007-02-18

Well, on the other hand these recent breaks show just how bad it is to have a monoculture with little diversity.
...
I think the solution shouldn't be discouraging alternatives, but creating and encouraging the widespread use of new tools to help us audit the code for side channel flaws.


True. There could also be a case for "randomly" choosing an implementation to do the actual crypto to maybe make it a tad less predictable which implementation's flaws to attack. There could be something like that in existence, but I don't know enough to be aware of one.

Or maybe I'm making too much of side channel attacks and that buffer errors, or even simply waiting for new buffer errors to be injected as will always be the case in C, is still a much more effective attack.

Edited 2014-04-25 14:05 UTC

Reply Score: 3

libre > open
by stabbyjones on Thu 24th Apr 2014 02:47 UTC
stabbyjones
Member since:
2008-04-15

If the upheavel is half as good as the libreoffice movement from the document foundation. there won't be a distro left that supports openssl in a year

Reply Score: 3

Jondice
Member since:
2006-09-20

And also an efficient programming language:

http://bluishcoder.co.nz/2014/04/11/preventing-heartbleed-bugs-with...

The language (ATS) emits C, and it is easy to embed in a C project, which is what was done here with OpenSSL.

Reply Score: 4

As someone who deals with OpenSSL from C
by reduz on Thu 24th Apr 2014 05:14 UTC
reduz
Member since:
2006-02-25

Good riddance. OpenSSL is a huge bloated convoluted and undocumented piece of code. All the BIO system is fucked up and makes it tweak it for your own uses a mess.

I hope LibreSSL is actually at least better documented. That alone will make me happy.

Reply Score: 3

YALoki Member since:
2008-08-13

I hope LibreSSL is actually at least better documented. That alone will make me happy.

OpenBSD treats documentation as if it were code.

Even a spelling error is classed as a bug that must be fixed.

It's a bit early to see docs for libReSSL but you can get an idea by going to the on-line man pages:http://www.openbsd.org/cgi-bin/man.cgi

The source code is visible via http://www.openbsd.org/cgi-bin/cvsweb/ which lets you browse the CVS contents without downloading piles of stuff.

I don't know (without searching for) where all the stuff for SSL is located but you can see that all of the OpenBSD generated source is formatted uniformly and commented.

Reply Score: 4

Lennie Member since:
2007-09-22

For now their API will stay compatible. Knowing the OpenBSD guys they'll probably add a new API.

I think I did see mentioned somewhere they want to split it in several libraries.

One library could be just a compatibility layer the lowlevel library would then have the better API.

Edited 2014-04-24 08:42 UTC

Reply Score: 2

how did this happen?
by project_2501 on Thu 24th Apr 2014 12:13 UTC
project_2501
Member since:
2006-03-20

I am ever grateful for the quality work that OpenBSD does, not just for openbsd but for the wider open ecosystem.

Without distracting from this much needec cleanup - one does have to ask - how did this happen? What lessons are there to be learned?

I think this "inquiry" and "report" shouldn't be done just in forum posts ,... but taken much more seriously with a much publicised review and report, funded and resourced properly - especially by those huge organisations (eg redhat but others too) who can afford, and can't afford not to, do that.

So many products depend on openssl code.... it is important for the industry to understand what and how things went wrong for openssl.

The open ecosystem is always much more honest with itself than closed commercial software - and it will benefit hugely from such a review.

If I was cisco, redhat, sony, etc ... I'd be supporting such a coordinated review and lessons learned. I'd be surprised if an outcome wasn't better funding for such important code.

Reply Score: 4

The OpenBSD guys saving the world again ...
by pfgbsd on Thu 24th Apr 2014 15:54 UTC
pfgbsd
Member since:
2011-03-12

I can't think of any better team to do an audit over OpenSSL. This all brings the subject of how grossly underfunded most opensource projects are. The world owes the OpenBSD foundation for OpenSSH already and these guys barely have money to pay for the electricity. Oh and the linux distributions, which all carry this code, haven't given a cent.

Even more sad is that collectively the opensource community is lacking to address the bigger issues revealed by Snowden, and there is nothing to do about it.

And now that some companies with deep pockets are apparently understanding they depend on a bunch of volunteers for their most critical operations they give the money to some intermediaries (TLF) so that they "manage" it.

Reply Score: 3

1c3d0g Member since:
2005-07-06

I concur. Say what you want about Theo de Raadt and his beliefs, but when it comes to computer security, he and his team definitely know a thing or two, to put it lightly.

I also believe that this Heartbleed bug has finally awakened many companies to start taking open source projects seriously. Funding for some very sorely needed projects is finally starting to become reality, which is great news for all of us. So although this bug was incredibly devastating, some very good things have come as a result of it.

Edited 2014-04-26 18:32 UTC

Reply Score: 3

Alfman Member since:
2011-01-28

1c3d0g,

I also believe that this Heartbleed bug has finally awakened many companies to start taking open source projects seriously. Funding for some very sorely needed projects is finally starting to become reality, which is great news for all of us. So although this bug was incredibly devastating, some very good things have come as a result of it.


I'm not so sure, I see it time and time again where companies only take security seriously *after the fact*. When you raise the point that something *needs* to be fixed, many will just shrug it off and point out that there's no budget for fixing theoretical vulnerabilities. It puts all of us at risk, but the only time they are genuinely interested in security is when it's compromised. All of a sudden it becomes important. Does anyone else see this?

I suspect after this Heartbleed bug passes over, things will revert to business as usual and nothing will fundamentally shift in the secure space. We'll have to wait and see, I suppose, but from where I'm standing it already looks like interest has faded.

Reply Score: 3