mercredi 13 janvier 2016

My First contribution to the Linux Kernel - LibreSSL


OpenSSL is simply a library written in C that provides routings for cryptographic primitives utilized in implementing the SSL/TLS protocol.
OpenSSL also includes routines for implementing the SSL protocol itself. As of 2014, two thirds of all servers globally have been using OpenSSL.


An extremely severe bug was disclosed in April 2014, the heartbleed bug. It allowed a third party to exploit/steal the protected information that is encrypted
by the SSL protocol.SSL/TLS provides communication security and privacy over the internet for applications such as web, email, instant Messaging and
some Virtual Private Networks(VPNs).

The Heartbleed bug allows everyone to read the memory of protected systems by the vulnerable versions of the OpenSSl software.
This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Here comes our savior: LibreSSL!

The guys at OpenBSD were tired of this situation and decided to fork and massively commit and reached a desirable result. By removing all VMS stuff and windows, they got rid
of half the existing bloat, implemented several safety features and all the apps in the OpenBSD tree keep on compiling. Not bad right?
They called this fork LibreSSL!

By default, the linux kernel supports only OpenSSL. So we at have been working on a patch to make the linux kernel support both LibreSSL and OpenSSL. When you come to think of it, having 2 different open source SSL implementations is good for "diversity". Encourages both of them to innovate.

[PATCH] [linux-next] scripts/sign-file.c Fix LibreSSL support
Here is the link to the patch:

Aucun commentaire:

Enregistrer un commentaire