This is a great idea – especially the donate link.
Some of things are so horrible that I don’t know if I should laugh or cry. Just makes me wonder if this could actually be the case where total rewrite could provide better outcome than fixing.
If you need openssl’s API, then rewriting IMHO wouldn’t be a good idea, however if you don’t… Look up nss and polarssl
Am I the only one who has a problem with the tone present in all those messages? Imagine reading this commit log in 2 years and trying to figure out why they decided things?
I mean, seriously? “Metrojerks compiler”? Thats not even funny.
You’re not the only one; you’re just in the minority.
I don’t think there will be much reexamination of the changes you’re likely complaining about. If somebody doesn’t know that’s a reference to metroworks, they can read the diff. It’s not subtle. Does it really need a better explanation?
My point is that it doesn’t need such a poor “joke”.
Unfortunately some things that look bad (okay, ARE bad) have side effects if they are removed that may not be obvious. https://twitter.com/matthew_d_green/status/456960435845996544
That person has no idea how the random subsystem works on OpenBSD, or any halfway sane system for that matter.
If someone tweeted it, it must be true!
I am not a cryptography expert, but the people who tweeted it include the guy who audited TrueCrypt, a Tor core developer, well-known cryptographers, leader of the main “dissident faction” on the OpenSSL dev list, etc. There is no doubt they know cryptography.
But, as duclare says, the people in that Twitter conversation don’t know the specifics of OpenBSD. I’m just pointing out that there are many critical subtleties. Dumb code is not (necessarily) in there because the original developers were idiots, and the amount of rip-n-replace that is being done so quickly worries me.
[..] the amount of rip-n-replace that is being done so quickly worries me
If you look carefully, the changes so far have been quite simple and janitorial. Ignoring whitespace diffs, there’s been plenty of unifdeffing to simply remove code that won’t be used, or to remove knobs and unconditionally enable code that should always be there. Then there’s been an effort to remove unnecessary wrappers around some standard library calls.
One actual change was to replace the built-in RNG goo with a call to arc4random, which is used everywhere on OpenBSD. With this change most of the RNG related functions are reduced to stubs that do nothing (they are unnecessary, arc4random just works), and the one useful function only does one function call.
Then you have a few bug fixes for freeing things in error paths, or passing the right buffer size to snprintf and such. Using calloc instead of malloc & memset. Simplified ways to construct some strings. Simplification across the board.
Thus far it’s really been just rip-n-simplify, with very very few code additions. There’s little new replacement code that would have flaws in it (aight, a few mistakes were committed and fixed soon enough).
But if you are worried, keep watching the commits. It can’t hurt to have an extra pair of eyeballs.
The dumb code exists because the developers subscribe to a worst common denominator philosophy. Instead of foisting this nonsense onto the users and developers of broken systems, they have internalized it.
Anyone “worried” about unspecified “critical subtleties” has a very easy way to assuage his feelings: stick with OpenSSL and do not use the OpenBSD fork.
They couldn’t find something other than the private key to seed the entropy pool with?