LibreSSL

From AIXTOOLS
Jump to: navigation, search

Packages|openbsd|aixtools.openbsd.libressl.2.3.4.0.I
Report Issues

MD5 Checksums

DC2440C0F0783B84D0766B1DED841897 aixtools.openbsd.libressl.2.3.4.0.I
9A9BEFE194CEC4A171EB4C86838020B8 aixtools.openbsd.libressl.2.2.7.0.I
AB9D882E269BE18547C96BDD9E161D5D aixtools.openbsd.libressl.2.2.4.0.aix537.I
4ACD87CEB2BA29E7DDC0609730ACE0D8 aixtools.openbsd.libressl.2.3.0.0.aix537.I
FE230581098670B6832E06B6AD798E22 aixtools.openbsd.libressl.2.2.3.0.aix537.I
D31288029726F10DC713F348DB0A6AAF aixtools.openbsd.libressl.2.2.1.0.aix537.I
09C8D7469F7E3A392F4D0F0ECE9678C2 aixtools.openbsd.libressl.2.2.0.0.aix537.I
12575DC278B2ED3FAC1B8F78250E6933 aixtools.openbsd.libressl.2.1.6.0.aix537.I

libreSSL is a project of openBSD. The project began in May 2014 with openSSL-1.0.1g as starting point.

Package Details

Sources from: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/?M=D
Depends on:

News

--Michael Felt (talk) 07:42, 31 May 2016 (UTC) LibreSSL-2.3.X is the latest stable branch, LibreSSL-2.2.7 is a maintenance release (which is almost unusual for openBSD managed projects - but some degree of backwards compatibility is needed as the ABI changes so often (see details below)

And - please accept my apologies for not having released the packages in between.

--Michael Felt (talk) 09:38, 23 October 2015 (UTC)

  • The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun and memory leak, as reported by Qualys Security. This can be abused by an attacker to cause a denial of service in some cases.
  • Version libreSSL-2.2.4 has this corrected

--Michael Felt (talk) 12:37, 28 September 2015 (UTC)

  • LibreSSL is now released with two API/ABI releases - LibreSSL-2.2.X and LibreSSL-2.3.X. Both are available on aixtools. All internal tests (i.e., make check) have passed for both versions.

--Michael Felt (talk) 07:42, 31 May 2016 (UTC) A little more detail from the different versions. root@x064:[/data/prj/openbsd/libressl]find libressl* -name lib\*.so\* libressl-2.2.6/crypto/.libs/libcrypto.so.35 libressl-2.2.6/tls/.libs/libtls.so.6 libressl-2.2.6/ssl/.libs/libssl.so.35 libressl-2.2.7/crypto/.libs/libcrypto.so.35 libressl-2.2.7/tls/.libs/libtls.so.6 libressl-2.2.7/ssl/.libs/libssl.so.35 libressl-2.3.3/crypto/.libs/libcrypto.so.37 libressl-2.3.3/tls/.libs/libtls.so.10 libressl-2.3.3/ssl/.libs/libssl.so.38 libressl-2.3.4/crypto/.libs/libcrypto.so.37 libressl-2.3.4/tls/.libs/libtls.so.10 libressl-2.3.4/ssl/.libs/libssl.so.38 libresslRC-2.1.4/crypto/.libs/libcrypto.so.32 libresslRC-2.1.4/ssl/.libs/libssl.so.32

  • LibreSSL-2.3.X is a development branch!
LibreSSL-2.3.0 release notes
LibreSSL-2.2.3 release notes

I first noticed libreSSL(-portable) just as version 2.1.3 was being released. The code in the crypto/compat directory was still lacking any support for AIX.

  • isseteuid() is a kernel function 'standard' in openbsd, but not a posix requirement.
  • getentrophy_platform - something was needed for when /dev/urandom was not available (e.g., a chroot() environment)

Both of these were added and together with some minor changes to changes to arc4random.h, configure.ac, Makefile.in, etc. libreSSL for AIX was possible - and is available to you for testing via the link above!

Already built using LibreSSL is LibreSSH. This is renamed packaging of the latest version of OpenSSH. Other than changing the name of the package and linking against libreSSL - there is no difference with the openSSH I have packaged. Obviously, LibreSSH has LibreSSL as a dependency. But they should work - ASIS - on any version of AIX starting from AIX 5.3 TL7.

Update

--Michael Felt (talk) 09:18, 1 March 2015 (UTC)

libresslRC-2.1.4 (release candidate) is now in the repository. The biggest packaging change is that it is located in /opt/libressl so that it can co-exist with packages needing either /usr/lib/libcrypto.a (IBM packaging), or aixtools old location (/opt/lib/libcrytpo.a)

Personal tools
Namespaces

Variants
Actions
Navigation
Downloads
Toolbox