OpenBSD Journal

When Porting LibreSSL, Don't Assume Your OS Is As Sane As OpenBSD

Contributed by tbert on from the one-pufferfish-in-every-port dept.

OpenBSD users and developers know to appreciate that our favorite operating system is a sanely constructed, modern Unix with a well deserved reputation for an emphasis on security. That is perhaps one of the reasons why the LibreSSL initiative has caused so much excitement, to the point where several people have independently started efforts to port the OpenBSD project's work in progress LibreSSL code to other platforms.

Now blogger Insane Coder comes out with a stern warning to LibreSSL porters in two articles (here and here).

The main takeway is:

OpenBSD functions may be more secure than counterparts elsewhere

OpenBSD functions may be more secure than counterparts elsewhere

This is a generic issue where OpenBSD is deleting some silly platform wrappers, or reducing multiple functions calls with glue logic down to a single standardized function. OpenBSD is depending on the security of their implementation of said function, while the porters have no idea that their platform is less secure, and have no inkling that something is wrong, because there are no compiler errors about missing functions in this scenario.

or, to paraphrase,

A lot of work has gone into making OpenBSD secure.

Don't randomly assume that the platform you're porting to has the same code sanitation and general sanity checks in place.

Perhaps it's time that Theo de Raadt's (deraadt@) Security Mitigation Techniques: An update after 10 years became required reading for operating system developers everywhere?

(Comments are closed)


  1. By Noryungi (noryungi) noryungi@yahoo.com on

    Insane Coder posted a very interesting discussion on random numbers and entropy as a follow-up to his original articles on LibreSSL:

    http://insanecoding.blogspot.com/2014/05/a-good-idea-with-bad-usage-devurandom.html

    Quite an interesting perspective for would-be porters of LibreSSL.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]