LibreSSL Upstream Patches


When older protocols, algorithms and programming practices are deprecated, often upstream software is not ready for the transition. The OpenBSD project, along with OSes and software distributions, work to patch affected software locally when removals occur, as well as push those changes upstream so that the whole software ecosystem benefits.

The purpose of this page is to track some of the patches maintained in the OpenBSD ports system. The FreeBSD project maintains a related wiki detailing current issues and porting notes.

SSLv3

A common mistake is to use SSLv3_method or TLSv1_method setting up a new SSL_CTX. These methods hard-code the connection to a particular protocol version. For example, TLSv1_method specifies that only TLS 1.0 should be used, preventing TLS 1.1, 1.2 or later versions. This is almost never what you want.

The more future-proof and secure way is to either use SSLv23_method (for compatibility with older versions of LibreSSL/OpenSSL) or the newer TLS_method, both of which will negotiate the highest supported protocol. In spite of its name, SSLv23_method can actually negotiate a TLS connection with OpenSSL or LibreSSL. As of LibreSSL 2.3.0, SSLv23_method only negotiates TLS.

Here are some of the programs and libraries affected by SSLv3 removal. In most cases, support was easily gated with OPENSSL_NO_SSLV3 checks or by switching to SSLv23_method/TLS_method. All OpenBSD packages now either have local patches in the ports tree or there is an upstream fix that has not made it into a release yet.

SHA-0

SHA-0, a hashing algorithm withdrawn shortly after its publication 20 years ago, is removed in LibreSSL 2.3.0. LibreSSL provides the new macro OPENSSL_NO_SHA0 for detecting that the algorithm is disabled. The following software needs patches to cope with the removal of SHA-0 from libcrypto:

EGD

EGD, or Entropy Gathering Daemon, is a tool written in perl meant to replace the functionality of /dev/urandom on systems without a kernel-level secure random number generator, or when /dev/urandom is not available, as in a privilege-separated chroot environment. LibreSSL provides random data via the arc4random(3) interface, and as such never needs EGD or other intervention by programs in order to provide a CSRNG to programs or for its own use. Early on, the LibreSSL project removed the RAND_egd() and RAND_egd_bytes(), guarded with OPENSSL_NO_EGD. The following software needs patches to avoid using EGD when it is unavailable.