LibreSSL: clean version of OpenSSL (OpenBSD project)

Information Security

Participants of the OpenBSD project, that have developed the system of the same name and also different tools such as OpenSSH, OpenBGPD, OpenNTPD and OpenSMTPD, began a LibreSSL project. It is a cleared from odd codes, easier version of OpenSSL.

Theo de Raadt, the founder and the manager of OpenBSD and OpenSSH projects said that they have managed to get rid of approximately 90 000 code lines at C and 150 000 lines of the content on the whole. MacOS, Netware, OS/2, VMS and Windows support is deleted as few people need it. ”We are trying to make code more clean. 99.99% community representatives don’t need VMS support and 98% don’t need Windows support, — says Theo de Raadt. – They need POSIX support so that Unix and Unix-derivatives could start. People don’t care about FIPS. Code should be simple. Even after all the changes, the code base is still compatible with API. Our full collection of ports (8700 applications) keeps compiling and working, after all the changes.”

OpenSSL is considered to be a standard library for traffic encryption with the help of SSL/TLS logs. But the reputation of this program turned out to be tarnished by Heartbleed bug. As it turned out, approximately two-thirds of ”secured” web-sites of the Internet have been open for the intercept during the last two years. Experts suppose that leading special services of the world learnt about it within the two weeks after its appearance in 2012, as there are special departments in the services for the search of bugs in programs with an open source code.

The incident caused mass criticism of the code OpenSSL quality, ill documented and sometimes ungrammatical, refer to the article “OpenSSL was written by monkeys”.

LibreSSL project is to become a worth alternative. Among the deleted in OpenSSL fragments is the code, which developers had intended delete, but never did.

Comments

874

Ropes — Fast Strings

Most of us work with strings one way or another. There’s no way to avoid them — when writing code, you’re doomed to concatinate strings every day, split them into parts and access certain characters by index. We are used to the fact that strings are fixed-length arrays of characters, which leads to certain limitations when working with them. For instance, we cannot quickly concatenate two strings. To do this, we will at first need to allocate the required amount of memory, and then copy there the data from the concatenated strings.