After the Heartbleed security vulnerability was discovered in OpenSSL, the OpenBSD team audited the codebase and decided it was necessary to fork OpenSSL to remove dangerous code. The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014. In the first week of development, more than 90,000 lines of C code were removed. Unused code was removed, and support for obsolete operating systems was removed. LibreSSL was initially developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was ported to other platforms once a stripped-down version of the library was stable., the project was seeking a "stable commitment" of external funding. On 17 May 2014, Bob Beck presented "LibreSSL: The First 30 Days, and What The Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month. On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance, LibreSSL was not; Theo de Raadt accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL. On 20 June 2014, Google created another fork of OpenSSL called BoringSSL, and promised to exchange fixes with LibreSSL. Google has already relicensed some of its contributions under the ISC license, as it was requested by the LibreSSL developers. On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable. Starting on 8 July, code porting for macOS and Solaris began, while the initial porting to Linux began on 20 June.
Changes include replacement of custom memory calls to ones in a standard library. This process may help later on to catch buffer overflow errors with more advanced memory analysis tools or by observing program crashes. Fixes for potential double free scenarios have also been cited in the VCS commit logs. There have been extra sanity checks also cited in the commit logs related to ensuring length arguments, unsigned-to-signed variable assignments, pointer values, and method returns.
Proactive measures
In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier. There have also been code readability updates which help future contributors in verifying program correctness. Modification or removal of unneeded method wrappers and macros also help with code readability and auditing. Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining portability for other similar platforms. In addition, explicit_bzero and bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.
Cryptographic
There were changes to help ensure proper seeding of random number generator-based methods via replacements of insecure seeding practices. In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms along with a safer set of elliptic curves.
Added features
The initial release of LibreSSL added a number of features: the ChaCha and Poly1305 algorithm, the and elliptic curves, and the AES-GCM and ChaCha20-Poly1305 AEAD modes. Later versions added the following:
2.1.0: Automatic ephemeral EC keys
2.1.2: Built-in arc4random implementation on macOS and FreeBSD
2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL, initial Windows XP/2003 support
2.2.2: Defines LIBRESSL_VERSION_NUMBER, added TLS_*methods as a replacement for the SSLv23_*method calls, cmake build support
Old insecure features
The initial release of LibreSSL disabled a number of features by default. Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat, SSL v2 and SSL v3. Later versions disabled more features:
2.1.1: Following the discovery of the POODLE vulnerability in the legacy SSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default.
The IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency on non-free libraries
The Dual EC DRBG algorithm, which is suspected of having a back door, was cut along with support for the FIPS 140-2 standard that required it. Unused protocols and insecure algorithms have also been removed, including the support for FIPS 140-2, MD4/MD5 J-PAKE, and SRP.
Bug backlog
One of the complaints of OpenSSL was the number of open bugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.
