Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Security =>  Code Security

HeartBleed: OpenBSD now starts to clean up OpenSSL

  sonic0002      2014-04-15 04:21:26      2,867    0

Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system.

Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own code base. So far these changes done on the forked OpenSSL library include:

  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed

You can also find the change history for their codes on their site:If you take a look at the change log, you will find many of them are related to OpenSSL HeartBleed bug.

Since the bug, OpenSSD now assumes the whole libray is tainted and they are going to revew all the codes of OpenSSL and created a new SSL library based on OpenSSL. This may be a good movement to build a safer and cleaner SSL library and if someday there is a new severe bug in OpenSSL again, people can switch to OpenBSD version of SSL library in just a few hours. 

This is not an easy task, but it worth the effort. Some people even gives a new name for this project : OpenOpenSSL. Do you like it?



Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious



No comment for this article.


When PM tells programmer what to do

By sonic0002