From owner-freebsd-security@FreeBSD.ORG Wed Apr 23 00:34:12 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 389BC6F0 for ; Wed, 23 Apr 2014 00:34:12 +0000 (UTC) Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) by mx1.freebsd.org (Postfix) with SMTP id 05352105A for ; Wed, 23 Apr 2014 00:34:11 +0000 (UTC) Received: (qmail 18187 invoked by uid 0); 23 Apr 2014 00:34:10 -0000 Received: from unknown (HELO cmgw2) (10.0.90.83) by gproxy2.mail.unifiedlayer.com with SMTP; 23 Apr 2014 00:34:10 -0000 Received: from box543.bluehost.com ([74.220.219.143]) by cmgw2 with id tCa21n00b36DqkS01Ca5RQ; Tue, 22 Apr 2014 18:34:09 -0600 X-Authority-Analysis: v=2.1 cv=Q9RBveGa c=1 sm=1 tr=0 a=m1eD20qHdBbyQr3wvGb0tQ==:117 a=m1eD20qHdBbyQr3wvGb0tQ==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=J0QyKEt1u0cA:10 a=oA0Jii2iB0UA:10 a=ZzjhlJrv0foA:10 a=kj9zAlcOel0A:10 a=hBmbxFWgAAAA:8 a=O5JQB85wRqYA:10 a=9NnC__TRAO0A:10 a=n-kJSqksAAAA:8 a=70qzlKQjAAAA:8 a=dM-xeHiPX5eh3JM4h3wA:9 a=CjuIK1q_8ugA:10 a=98jSFH7WqmUA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=apotheon.net; s=default; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=KBkjzO4OAWyE/zTVHUrYF6Q0qmbJeBRN+zr6/A+f6PU=; b=vCyvklXC5TLCfqI+5lGPtJd1cZv9UVHPgXmbf3rzOg7S+MBysmVSYwE3nOHnOOgcp7BiiqJPufcuwYVLm36N98eqVX04eMudqp993gUEHp08bB1Yj8uY78h+gJhTnbAo; Received: from [98.245.97.34] (port=62798 helo=localhost) by box543.bluehost.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from ) id 1Wcl8V-0000s8-EM; Tue, 22 Apr 2014 18:34:03 -0600 Date: Tue, 22 Apr 2014 18:34:00 -0600 From: Chad Perrin To: "Ronald F. Guilmette" Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <20140423003400.GA8271@glaze.hydra> Mail-Followup-To: "Ronald F. Guilmette" , freebsd-security@freebsd.org References: <8783.1398202137@server1.tristatelogic.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8783.1398202137@server1.tristatelogic.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.net} {sentby:smtp auth 98.245.97.34 authed with code@apotheon.net} Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2014 00:34:12 -0000 On Tue, Apr 22, 2014 at 02:28:57PM -0700, Ronald F. Guilmette wrote: > In message , > Charles Swiger wrote: > > > >Bug Type Quantity > >All Bugs 182 > > > >Dead store > > Dead assignment 121 > > Dead increment 12 > > Dead initialization 2 > > > >Logic error > > Assigned value is garbage or undefined 3 > > Branch condition evaluates to a garbage value 1 > > Dereference of null pointer 27 > > Division by zero 1 > > Result of operation is garbage or undefined 9 > > Uninitialized argument value 2 > > Unix API 4 > > Thank you for doing this. > > Perhaps it goes without aying, but I'll say it anyway. The above results > are at once both enlightening and disgusting. > > Apparently, the OpenBSD guys are reorganizing/rewriting OpenSSL. I hope > that they take the time to do what you have done *and* also to drive every > bleedin' last one of these numbers to zero. I feel sure that the vast > majority of the issues uncovered by clang are not in any sense exploitable, > however its the one or two or three that are that worry me. LibreSSL (re: reorganizing/forking OpenSSL). I'm sure they'll be doing a very thorough job, as LibreSSL will apparently be added to the full body of code managed and extensively code-reviewed by the OpenBSD project. The developers are also taking the encouraging first step of throwing away eight metric tons of cruft. I do not know whether they plan to specifically use Clang's static analyzer as an aid to their efforts, but I would guess they'll be taking similar measures. >From what I have seen (which, admittedly, is pretty superficial by many standards), it looks like OpenSSL is probably just the best of a really bad breed of software. The most widespread, popular, by some standard "major" TLS packages all seem to be rancid crap, with OpenSSL just being the marginally least rancid of the lot. If something like the heartbeat leak exists in OpenSSL, I fully expect that the other big players have worse problems. Consider for instance that (real-world impact aside) the heartbeat bug was the result of a failure of secure coding that took the form of a fairly common way for people to overlook memory management problems in C, while the validation issues recently unearthed in Apple and GnuTLS encryption packages were the sorts of errors that are rather uncommon for people to overlook, in that it almost takes a malicious act of stupidity to forget to *use* an otherwise correct validation, right there in the code where it took place. Even if LibreSSL ends up only halving the vulnerability that comes with OpenSSL (which is, I think, a quite inadequate level of improvement), it should end up being a fantastic leap forward, putting OpenSSL itself in a distant second place over alternatives. I'm mostly just hand-waving, though. If someone with deeper insight into the guts of these TLS packages offer contradicts me in some way with actual independently verifiable supporting analysis, you should probably believe that person. > > P.S. I was reading last night about VP8. In that case, apparently, > the formal specification for that protocol *is* the code. (See RFC > 6386, Section 1.) > > If you have time, Charles, perhaps you could run this same analysis on > that code too, and report numbers for that as well. > > I am *not* looking forward to the day when I'll be rooted because I was > watching funny kitten videos on YouTube. Solution: Dont' watch funny kitten videos on YouTube. I kid. I know it's impossible to stop watching funny kitten videos. A useful mitigation, however, might be to never log in to any Google service, and avoid HTTPS URIs for Google services when you must visit them. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]