OpenBSD founder Theo de Raadt has created a fork of the OpenSSL cryptographic library that contained the Heartbleed bug, saying that the original code lacks clarity, contains a lot of "discarded leftovers", and is too much of a mess. He was responding to the question why he wanted to start over instead of helping to make OpenSSL better, ArsTechnica reports.
"The Open Source model depends [on] people being able to read the code. It depends on clarity. That is not a clear code base, because their community does not appear to care about clarity. Obviously, when such cruft builds up, there is a cultural gap. I did not make this decision... in our larger development group, it made itself", de Raadt said.
LibreSSL's code base is on OpenBSD.org, and the project currently supports only OpenBSD. Although there are plans to support multiple operating systems, that'll happen only after the code and funding are shored up. The project is funded by the OpenBSD Foundation and OpenBSD Project.
When asked to elaborate on the term "discarded leftovers", de Raadt says that the OpenSSL project contains thousands of lines of VMS support, WIN 32 support, and FIPS support, which aren't required. In addition, there are thousands of lines of code that the OpenSSL team intended to deprecate 12 years ago, but are still there in the code.
De Raadt says that his team has done a lot of code cleanup, removing almost 90000 lines of C code, and the code still compiles and works fine.
When asked to comment, OpenSSL Software Foundation President Steve Marquess said that he hasn't yet got the chance to look at the LibreSSL's code base. In a blog post last week, Marquess highlighted OpenSSL's struggle to obtain funds and code contributions.