Stories
Slash Boxes
Comments

SoylentNews is people

OpenSSH No Longer has to Depend on OpenSSL

posted by janrinok on Thursday May 01 2014, @12:14PM   Printer-friendly
from the its-progress dept.

cnst writes:

What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality - with the help of some recently adopted crypto from DJ Bernstein. OpenSSH now finally has a compile-time option to no longer depend on OpenSSL, the option `make OPENSSL=no` has now been introduced for a reduced-configuration OpenSSH to be built without OpenSSL.

The result would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys.

[Editor's Note: This appears to be very much a Work-in-Progress, so might not be available for your distro or via standard repositories.]

 
This discussion has been archived. No new comments can be posted.
OpenSSH No Longer has to Depend on OpenSSL | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Thursday May 01 2014, @12:39PM

    by Anonymous Coward on Thursday May 01 2014, @12:39PM (#38461)

    I didn't even realize OpenSSH depended on libssl until heartbleed. I have been avoiding SSL where possible(eg using SFTP instead of FTPS) for years and it is scary to think that this whole time I have been exposed to that pile of shit. At least from now on it is going to be LibreSSL.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1  

  • (Score: 1) by RandomSchmoe on Thursday May 01 2014, @01:26PM

    by RandomSchmoe (4058) on Thursday May 01 2014, @01:26PM (#38472) Homepage

    All LibreSSL has done so far is remove a bunch of cruft. While that's an improvement we don't yet know how much better they'll make the library long term.

    • (Score: 3, Informative) by jdccdevel on Thursday May 01 2014, @03:06PM

      by jdccdevel (1329) on Thursday May 01 2014, @03:06PM (#38520) Journal

      Have you been following The openssl valhalla rampage [opensslrampage.org] blog?

      To say that all they've done is "remove a bunch of cruft" is a absolute disservice to the incredible number of bugs they're fixing.

      You would be astonished at the bugs they've fixed. Buffer overruns, Integer over/underflow, double free issues and many more. Each of which is a potential security issue waiting to happen.

      They're also prepping for a real code audit.

      You are right that it's early days yet. That said, you should see the mess they're cleaning up! After taking a look, I can understand their outrage at the abysmally poor code quality, and their motivation to get it fixed.

      I know enough C to follow what they're doing, and you don't have to follow the blog for very long to tell these are real, security conscious professionals. We also know from their track record (i.e. OpenBSD) these are people who deliver on what they promise. How long that will take remains to be seen, but they're making good progress.

      Some people are comparing this fork to the openoffice/libreoffice split. I don't think that's the best analogy. This is more like the XOrg fork from XFree86. When was the last time you saw a XFree86 install?

      Two years (my estimate) from now, once this effort is mature, I don't think any distro worth it's name will ship openssl by default. It'll all be libressl. The day can't come soon enough.

      • (Score: 2) by frojack on Friday May 02 2014, @12:18AM

        by frojack (1554) on Friday May 02 2014, @12:18AM (#38695) Journal

        I agree, it will be good to have the grown-ups in charge, and I'm betting every distribution switches to the new stack.

        Crap code can come from a lot of different places, but it almost always hangs around due to being maintained too long by the people who wrote it originally.

        Stuff that couldn't fail, gets maintained to death, and all of a sudden moving data from one 2k buffer to another 2k buffer ends up being rewritten as a string operation where one or both arguments are not size checked. Shit like that happens all the time, and unless someone else looks at it, the patch goes in and sits there like a time bomb.

        --
        No, you are mistaken. I've always had this sig.

  • (Score: 1) by Anthony J. Bentley on Thursday May 01 2014, @05:35PM

    by Anthony J. Bentley (2757) on Thursday May 01 2014, @05:35PM (#38566)

    OpenSSL is composed of two libraries, libssl (which implements various versions of SSL and TLS) and libcrypto (which implements various crypto primitives). Libcrypto is generally considered to be somewhat more sane than libssl; it is certainly smaller and less complex. Heartbleed only affected programs using libssl. OpenSSH uses libcrypto, but that is now optional (but likely to remain the default) due to its new elliptic curve support.

  • (Score: 2) by frojack on Thursday May 01 2014, @08:43PM

    by frojack (1554) on Thursday May 01 2014, @08:43PM (#38641) Journal

    I have been avoiding SSL where possible(eg using SFTP instead of FTPS) for years and it is scary to think that this whole time I have been exposed to that pile of shit.

    The TFA is somewhat misleading and hypish. (Intentionally, I suspect).

    OpenSSL via libssl were virtually NEVER actually used in mainstream SSH, and you were NOT at risk this whole time.

    The feature to use libssl was for third party authentication mechanisms typically found in managing remote/virtual machines via a web browser interface [fedoraproject.org].

    It never was mainstream use, and I will bet you a dollar you never ever used it.

    --
    No, you are mistaken. I've always had this sig.