Re: And they're going to do what about me doing this?
Don't be so dismissive.
The same 'they' did to TrueCrypt, and at least attempted at Veracrypt, for example.
Targeted attacks, confusion and disinformation can amount to such a level that at a certain point you just have to trust the software.
Was openssl ever audited?
Can you trust all parties involved in the audit? To what extend?
What was the scope of the audit? Core libs or GUI code?
Which version do you use? Before of after the audit?
Do you get a compiled binary and you verify the hash if there is one?
Or you build from source because you don't trust the available binaries or no hash available?
Does it use OS libs or it's 100% self-contained? If not, ask the same questions about those libs too...
But wait, there's more! (imagine the guy in the TV commercial)
Encryption software was once subject to export restrictions just like weapons and ammunition.
Which version you have? the export ready or the other one?
What OS are you running those binaries on?
What firmware is below that OS?
On what hardware are you running that firmware?
It gets very tricky very fast. In the end it's just about how high is your trust bar and how much effort are you willing to put into it, but be reminded that most of the planet has much lower bar.
If only you in your family/friends/work circle accept and know how to use openssl, what is the use of it for you?
All of this trust chain is being attacked constantly, the only thing in our side is that governments don't have infinite resources and they have bigger problems.
In an extremis careless scenario, only a few thousand netizens kind of trust something they build but it's complex to use, while most of the world trusts something else that is easy to use, but can very well be a 'fit for export' software. Think of how easy it could be for a North Korean to get their hands on hardware and software that would allow him to send you a message that only the two of you can read.
It's fine if you don't make this your life battle, I don't either, but don't be so dismissive about it.