In the year-plus since surveillance, privacy and Snowden became part of the daily security conversation, technologies that safeguard online communication and commerce have become Job 1 for experts anxious to plug gaping flaws and shore up other usability deficiencies.
OpenSSL is probably at the top of the list, magnified greatly by the Heartbleed vulnerability. Bad enough that the specter of a possible NSA backdoor hangs over any encryption technology, but other shortcomings, such as a lack of funding and manpower, have surfaced around OpenSSL since Heartbleed in particular.
Last Friday, Google engineer Adam Langley announced that another fork of the popular cryptographic libraries was in the works, joining LibreSSL as potential alternatives to OpenSSL. Temporarily dubbed BoringSSL, this version marks a shift for Google, which has built as many as 70 patches for OpenSSL for use in its products, including Android and Chrome.
“So we’re switching models to one where we import changes from OpenSSL rather than rebasing on top of them,” Langley said. “The result of that start to appear in the Chromium repository soon and, over time, we hope to use it in Android and internally too.”
Google’s patchwork version of OpenSSL became unwieldy, Langley said.
“We have used a number of patches on top of OpenSSL for many years. Some of them have been accepted into the main OpenSSL repository, but many of them don’t mesh with OpenSSL’s guarantee of API and ABI stability and many of them are a little too experimental,” he said. “But as Android, Chrome and other products have started to need some subset of these patches, things have grown very complex. The effort involved in keeping all these patches (and there are more than 70 at the moment) straight across multiple code bases is getting to be too much.”
Langley said BoringSSL is not meant to be a substitute for OpenSSL and that Google will continue to contribute security patches to the project and import any changes. Google is also part of the conglomerate funding the Core Infrastructure Initiative and OpenBSD Foundation, initiatives whose aim is to fund open source projects that are critical Internet infrastructure.
BoringSSL will also live peacefully side by side with LibreSSL, a fork announced in April by the founder of OpenBSD, Theo de Raadt. LibreSSL had already deleted more than 90,000 lines of C code in OpenSSL in April, and modern C programming practices were introduced.
“Important bugs sat in OpenSSL’s tracker for four years—until we found them and fixed them in our tree,” developer Bob Beck said. “Most of the code doesn’t use anything approaching best practices for modern C code. Lots of it will make your eyes bleed and roll backwards into your skull as your brain tries desperately not to see it. There are lots of magical string lengths in there that we are slowly killing.”
De Raadt, meanwhile, gave his blessing on the OpenBSD mailing list.
“I suspect everyone working on LibreSSL is happy to hear the news about BoringSSL. Choice is good!!” de Raadt said. “Their priority is on safety, not on ABI compatibility. Just like us. Over time, I suspect google’s version will also become ‘reduced API’, since they require less legacy application support. That may give LibreSSL the opportunity to head in the same direction, if the applications are willing…”