From owner-freebsd-security@FreeBSD.ORG Mon Sep 9 07:34:19 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 37AD68F8 for ; Mon, 9 Sep 2013 07:34:19 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id F00422C71 for ; Mon, 9 Sep 2013 07:34:18 +0000 (UTC) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.61.3]) by phk.freebsd.dk (Postfix) with ESMTP id BDA263EB44; Mon, 9 Sep 2013 07:34:17 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.7/8.14.7) with ESMTP id r897YHAF095934; Mon, 9 Sep 2013 07:34:17 GMT (envelope-from phk@phk.freebsd.dk) To: "Koornstra, Reinoud" Subject: Re: Anything in this story of concern? In-reply-to: <0EEF6678B3EEC94B9AE44705DF224D023D48BF92@G9W0725.americas.hpqcorp.net> From: "Poul-Henning Kamp" References: <20130909144142.J99094@sola.nimnet.asn.au> <94943.1378706943@critter.freebsd.dk> <0EEF6678B3EEC94B9AE44705DF224D023D48BF92@G9W0725.americas.hpqcorp.net> Content-Type: text/plain; charset=ISO-8859-1 Date: Mon, 09 Sep 2013 07:34:17 +0000 Message-ID: <95933.1378712057@critter.freebsd.dk> Cc: "freebsd-security@freebsd.org" , Ian Smith X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Sep 2013 07:34:19 -0000 In message <0EEF6678B3EEC94B9AE44705DF224D023D48BF92@G9W0725.americas.hpqcorp.n et>, "Koornstra, Reinoud" writes: >Well, OpenSSL isn't the most beautiful code ever written for sure, but to >say it's a pile a crap would be a little too far to the negative end. >[...] >Most vulnerabilities in encryption are due to implementation issues. >Having not audited the OpenSSL code on this I cannot say whether there are >implementation issues there. You are of course entitled to have your own opinion, but I think you should go look at the bloody code before you voice an opinion. I call it a piece of crap, because the code clearly is not designed as much as thrown together from random phd-projects, and the most positive thing I can say about the API is that it is "opaque". Using OpenSSL correctly takes a LOT of skill and a fair bit of knowing "it only works if you do it this way", and most people lack that, so they copy & paste, which probably made the job much easier for NSA. I wrote a blog entry (In Danish: http://www.version2.dk/blog/nsas-gennembrud-eller-noget-53787) and I wanted to show an example. I opened an openssl source file at random and the first thing I see is: ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { ASN1_OBJECT *r; int i; char *ln=NULL,*sn=NULL; unsigned char *data=NULL; if (o == NULL) return(NULL); if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication is this??? */ [...] An "Obj_dup()" function which silently doesn't ? I am not going to enumerate how many ways that is wrong, it should not be necessary to do so in present company. And BTW: That XXX comment is 10 years old. No, I say with conviction, based on personal inspection and experience, that OpenSSL is crap. And as Garrett Wollman correctly pointed out on twitter: It remains yet to be seen if any implementation of SSL/TLS can be non-crap, given that they are stuck with X.509. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.