Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Security

First Release of LibreSSL Portable Is Available 101

ConstantineM writes: It has finally happened. Bob Beck of The OpenBSD Foundation has just announced that the first release of LibreSSL portable is now available, and can be found in the LibreSSL directory of your favourite OpenBSD mirror. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OS X and FreeBSD. This is intended to be an initial portable release of OpenBSD's libressl to allow the community to start using it and providing feedback, and has been done to address the issue of incorrect portable versions being attempted by third-parties. Support for additional platforms will be added as time and resources permit.
This discussion has been archived. No new comments can be posted.

First Release of LibreSSL Portable Is Available

Comments Filter:
  • Donate (Score:2, Informative)

    by Anonymous Coward

    Through my student years I was very much supported by donations.

    The LibReSSL effort was the first time I donated ever. So FFS donate, it is that kind of asshole attitude that produces good code, so support it.

  • by armanox ( 826486 ) <asherewindknight@yahoo.com> on Friday July 11, 2014 @04:22PM (#47434411) Homepage Journal

    Guess I'll have to see if this builds on IRIX when I get home...just to see.

    • Post when you get home. I'm betting it will build.
      • by armanox ( 826486 )

        Does not compile. ./configure fails when used with MIPSPro Compiler, and when using gcc I get the following:

        CC libcrypto_la-malloc-wrapper.lo
        malloc-wrapper.c: In function 'CRYPTO_strdup':
        malloc-wrapper.c:143:2: error: implicit declaration of function 'strdup' [-Werror=implicit-function-declaration]
        malloc-wrapper.c:143:2: error: return makes pointer from integer without a cast [-Werror]
        cc1: all warnings being treated as errors
        *** Error code 1 (bu21)
        *** Error code 1 (bu21)

        • Fascinating
          • by armanox ( 826486 )

            Got it to get along a bit further with some editing of the configure file.

            Changing CFLAGS="$CFLAGS -Wall -Werror -std=c99 -g -Wno-pointer-sign" to #CFLAGS="$CFLAGS -Wall -Werror -std=c99 -g " brings us to a different stopping point.

            CC asn1/libcrypto_la-n_pkey.lo
            asn1/n_pkey.c:92:2: warning: implicit declaration of function '__INTADDR__' [-Wimplicit-function-declaration]
            asn1/n_pkey.c:92:2: error: initializer element is not constant
            asn1/n_pkey.c:92:2: error: (near initialization for 'NETSC

            • You could try removing -Werror and changing -std to -std=gnu99, that might fix some of them
              • by armanox ( 826486 )

                No dice. I've posted it over on Nekochan to see if people who are more familiar with compiling things in IRIX can come up with anything. In the mean time, I'll go back to trying to get Qt5 to compile...

                • In the mean time, I'll go back to trying to get Qt5 to compile...

                  Brave man

                • by Kumba ( 84067 )

                  Just an FYI, but IRIX support was removed in gcc-4.8, in case you're thinking of trying that. Not that Linux is going to get you any farther on an Octane, as I am currently chasing down a futex hanging bug in 4.8 on MIPS R10000 platforms. See gcc PR61538 and Gentoo Bug 516548 for the gory details. Have to git bisect gcc to chase this down, which is _not_ fun.

                  • by armanox ( 826486 )

                    Certainly doesn't sound fun. Looks like I was stuck with something it didn't like in the MIPSPro files (/usr/include). Removing that from $C_INCLUDE_PATH got it to move on a bit further.

              • by armanox ( 826486 )

                We've got progress - it's continuing to build now, thanks to some help from nekochan - apparently it really doesn't like MIPSPro, and despite being farther down in my $C_INCLUDE_FILES, the MIPSPro headers in /usr/include were causing issues. Changed $C_INCLUDE_FILES to remove /usr/include and it's continuing to build. I wonder what else will decide to build with that removed.

    • I want to check if it builds on Plan9 APE. There is an old openssl port, but when I tried a more recent one it choked (lots of symlinks generated during configure, not supported on Plan9)
      • by armanox ( 826486 )

        I'd be surprised. I'm running fairly recent software on my Octane, but it is time for a round of updates (Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1g PHP/5.4.27)

    • by prat393 ( 757559 )
      Why IRIX? Used at your job?
  • by jandrese ( 485 ) <kensama@vt.edu> on Friday July 11, 2014 @04:43PM (#47434567) Homepage Journal
    Oh good, now we can get that vital VMS, DOS, and MacOS 7 support so they're not stuck on OpenSSL.
  • by ci4 ( 98735 ) on Friday July 11, 2014 @05:23PM (#47434909)

    Test suite summary for libressl 2.0.0
    'make check' under -current amd64:

    TOTAL: 41
    PASS: 41
    SKIP: 0
    XFAIL: 0
    FAIL: 0
    XPASS: 0
    ERROR: 0

    • Awesome! Another good test would be building pkgsrc on top of LibreSSL, with no signs of the original OpenSSL present.

    • by Anonymous Coward

      Of course, it it were OpenSSL code ported to OpenBSD, it would be:

            if $OS != OpenBSD; then
                            return true
            else
                          RunTest
            fi

  • by Anonymous Coward

    And the tarball is unsigned.... why?

  • by Anonymous Coward

    I saw the updated http://www.libressl.org/ [libressl.org] page with details for the portable version.

    Saw someone else did a speed test https://gist.github.com/bertjw... [github.com]

    and thought I would do the same

    http://pastebin.com/SBVWPQmB [pastebin.com]

    I'm not an expert but at this stage it appears

    LibreSSL Speed as % of OpenSSL
    type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes

    Aes-128 cbc 152.40 152.

  • There is a lot of political discussion on this thread. How about a bit of technical discussion?

    I spent about 20-30 minutes code reviewing the first few files in ssl/*.c.

    The codebase looks better than most C code I look at. The indentation is a pleasure to look at.

    I did notice a few issues. Wrappers are apparently still being used around memory allocation functions. I don't know if this is for API compatibility or what. There is more casting than I would like to read. I hope it is all absolutely necessary. I

You know you've landed gear-up when it takes full power to taxi.

Working...