Openssl Libressl

 admin
LibreSSL
DescriptionLibreSSL is a fork of, and drop in replacement for OpenSSL. Primary development is done in OpenBSD, but it is ported to Linux as well. The LibreSSL project aims to bring support for this alternative SSL provider to Gentoo Linux.
Project email[email protected]
IRC channel#gentoo-libressl
Lead(s)
  • Anthony G. Basile(blueness)

Last elected: 2019/04/17
Member(s)
  • David Seifert(soap)
  • Stefan Strogin (steils)
  • Jason A. Donenfeld (zx2c4)
Subproject(s)
(and inherited member(s))
(none)
Parent ProjectGentoo
Project listing

A free version of the SSL/TLS protocol forked from OpenSSL in 2014. Openssl.org Source Code Changelog A robust, commercial-grade, full-featured, and Open Source cryptography library. The command line utility opensslthat we use as a general purpose crypto tool is available in libressl. It's still called 'openssl' (just change your PATH to point to the libressl on instead of your system default one) and has the same commands, but it has modifications to its underlying code and some new cipher suites, which I detail below.

Warning
As of 2021-02-01, LibreSSL will no longer be officially supported in Gentoo. It will still be possible to use LibreSSL to some degree after this date but migration to OpenSSL is strongly recommended. The interested users will continue the development of unofficial LibreSSL support in the LibreSSL overlay.

LibreSSL is a fork of, and drop-in replacement for OpenSSL. It was originally a response to the infamous heartbleed vulnerability, which was a serious security flaw in one of the most popular SSL providers in use. So, some OpenBSD developers decided that they would fork in order to 'modernize the codebase, improve security, and apply best practice development processes.' While LibreSSL has not been without its own vulnerabilities (see below), some of which it shared with OpenSSL, there has been improvements with its emphasis on security. For example, the LibreSSL team's response to the POODLE vulnerability was to disable the use of SSL 3.0 by default.

LibreSSL is not without its criticisms, however. Despite the fact that LibreSSL has as a stated goal complete API compatibility with OpenSSL, as a fork, its ABI may diverge over time, creating subtle incompatibility as a simple drop-in replacement. This is worse than some package simply not build against LibreSSL. Rather, a package built against OpenSSL may later link and run against LibreSSL, should one library be replaced with the other, but that package may misbehave. The size of some struct be off by a few bytes, or the parameters of some function might not align in the same way. This in turn can lead to unpredictable behavior, crashes or worse, exploits. So LibreSSL has been criticized for using the same library file name and even the same SONAME as OpenSSL.

So the project of porting LibreSSL to Gentoo must not be ignorant of the possible (inevitable?) ABI incompatibilities between the two. We cannot support a system where one can just switch between OpenSSL and LibreSSL without subsequently rebuilding their dependencies to make sure any ABI incompatibilities are addressed. https://github.com/gentoo/libressl

Openssl Libressl

Libressl For Windows

Retrieved from 'https://wiki.gentoo.org/index.php?title=Project:LibreSSL&oldid=919138'
  • DESCRIPTION

Crypt::OpenSSL::Random - OpenSSL/LibreSSL pseudo-random number generator access

Crypt::OpenSSL::Random provides the ability to seed and query the OpenSSL and LibreSSL library's pseudo-random number generators.

Note: On LibreSSLrandom_egd() is not defined.

EXPORT

None by default.

random_bytes (IV num_bytes)

This function, returns a specified number of cryptographically strong pseudo-random bytes from the PRNG. If the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence, then a false value is returned.

random_pseudo_bytes (IV num_bytes)

This function, is similar to random_bytes, but the resulting sequence of bytes are not necessarily unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc.

Libressl
random_seed (PV random_bytes_string)

Openssl Vs Libressl

This function seeds the PRNG with a supplied string of bytes. It returns true if the PRNG has sufficient seeding. Note: calling this function with non-random bytes is of limited value at best!

random_egd (PV egd_string)

This function seeds the PRNG with data from the specified entropy gathering daemon. Returns the number of bytes read from the daemon on success, or -1 if not enough bytes were read, or if the connection to the daemon failed.

libressl considers this function insecure, so with libressl this function does not exist.

random_status ()

This function returns true if the PRNG has sufficient seeding.

Because of the internal workings of OpenSSL's random library, the pseudo-random number generator (PRNG) accessed by Crypt::OpenSSL::Random will be different than the one accessed by any other perl module. Hence, to use a module such as Crypt::OpenSSL::Random, you will need to seed the PRNG used there from one used here. This class is still advantageous, however, as it centralizes other methods, such as random_egd, in one place.

Ian Robertson, [email protected]

Now maintained by Reini Urban, [email protected]

This module is available under the same licences as perl, the Artistic license and the GPL.

perl(1), rand(3), RAND_add(3), RAND_egd(3), RAND_bytes(3).