OpenBSD Journal

g2k14: Brent Cook on the portable LibreSSL

Contributed by phessler on from the insane porting dept.

A new developer with the OpenBSD project, Brent Cook (bcook@) writes in:

As unusual as it sounds for someone working with the OpenBSD project, I'm not primarily an OpenBSD user. I actually use a Mac and Linux equally, and even do fair amount of Windows development. Some might say my involvement was more of a survival of the fittest.

After Heartbleed, licking the fresh wounds at my work of updating all-the-things, and being continually annoyed at the build process of OpenSSL, I decided to take a stab (apparently, among many others) at porting LibreSSL, posting the early results to GitHub.

A few weeks go by and I suddenly see a lot of hits and referrals from the Insane Coding blog (after all, GitHub is great at helping you find your coding social network . What followed was a humbling experience, as I quickly learned to be suspicious of any and all portability code for other OSes.

I continued developing the port, occasionally pushing fixes upstream to the OpenBSD project that removed some BSDisms that were creeping in. Some patches were easily accepted, others were summarily rejected, but nothing that I wasn’t used to. My first Linux kernel patch fixing duplicate file handling in procfs was rejected with 'Doctor it hurts when I do this'

Fast forward to month ago while on vacation, and Theo starts emailing me suggestions about things to try in my port. Armed with just a pokey ARM Chromebook and third-world internet connectivity, I managed to start integrating what would become the getentropy(2) emulations and other improvements from the OpenBSD source tree, while my family was asleep. A short time after, I was invited to help work on the official port.

Apparently, I was the only 'unofficial port' maintainer that had actually continued maintaining his port and had actually done an OK job with it.

The hackathon was a whirlwind that accelerated throughout the week, as Bob and I went from nothing to an almost fully scripted integration and release system. We still have a lot of work to do, but it was rewarding getting the first couple of builds out the door and getting so much feedback.

Look forward to many more interesting LibreSSL releases in the future! I certainly am looking forward to when I can replace OpenSSL with LibreSSL in my own projects. I will certainly be using OpenBSD a lot more from now on as well.

(Comments are closed)

  1. By Kevin ( on

    Thanks Brent. Us users really appreciate it.

  2. By clarry ( on

    Thank you for your efforts on porting LibreSSL. And congrants for having the opportunity to work with what must be one of the smartest and most inspiring team of hackers. I don't know what your past experience with OpenBSD is like, but perhaps your involvement will make you understand why some of us absolutely love OpenBSD. Who knows, maybe one day it'll be your primary OS, or at least equal to the others ;-)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]