Heartbleed bug
Some interesting comments from http://queue.acm.org/detail.cfm?id=2602816:
- No central architectural authority
- 6,740 goto statements
- Inline assembly code
- Multiple different coding styles
- Obscure use of macro preprocessors
- Inconsistent naming conventions
- Far too many selections and options
- Unexplained dead code
- Misleading and incoherent comments
and so on and so on.
And it's nobody's fault.
No one was ever truly in charge of OpenSSL, it just sort of became the default landfill for prototypes of cryptographic inventions, and since it had everything cryptographic under the sun (somewhere , if you could find out how to use it), it also became the default source of cryptographic functionality.
...
This bug was pretty bad, even as bugs in OpenSSL go, but my co-columnist at ACM Queue, Kode Vicious, managed to find a silver lining: "Because they used a 'short' integer, only 64 kilobytes worth of secrets are exposed."
sliqua-jcooter
Veteran
Joined: 25 Jan 2010
Age: 36
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA
It's true - the OpenSSL codebase is a gigantic mess, which is directly what allowed a rather obvious bug to persist in code for over 2 years before being discovered.
Persisting memory allocations isn't the problem, though. Heap persistence is absolutely necessary in any code designed for high-performance and scalability, and OpenSSL is required to scale well past whatever application running behind it can do. The problem is that the code contribution failed to do input sanitization - which is a fundamental security practice.
The tools that we use at my company that have high-security requirements don't run on OpenSSL for exactly this reason. I'd love to switch everything over to NSS, but unfortunately that's not really practical.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.
Oh, I wouldn't go as far as "no-one's fault"! I agree with eric76 and sliqua-jcooter that the OpenSSL developers have not followed good coding practices. There are many things they could have done better - starting with just making the code human-readable! I've never had a good reason to look at it before (I mean, everyone uses it and I'm not running anything super-secure, anyway), but now I just don't trust it. Not because of this specific mistake, but because of many systematic mistakes that allowed this one.
[Edit: just noticed this post brings my post count to 1010 - binary for decimal 10. How appropriate!]
_________________
CloudFlare eating your posts? Try the Lazarus browser extension. See https://wp-fmx.github.io/WP/
sliqua-jcooter
Veteran
Joined: 25 Jan 2010
Age: 36
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA
You can't blame individual developers for the state of the codebase as a whole. There is no organization backing OpenSSL and driving standards - it's just a bunch of people who hack the codebase to do what they need it to. There is no Linus or Theo maintaining the project, and no RedHat or SuSE sponsoring it to make sure code reviews get done.
Ultimately, it's the implementers' fault for trusting the OpenSSL codebase to be secure, not contributing enough to the project to ensure it has the resources to do security audits, and not doing their own vulnerability assessments on the code.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.
It is a good idea if there was a review though, for one being an open project makes it vulnerable to deliberate sabotage, and built in weakness. There is already a precedent for that as we know...ahem.
I don't know about anyone anybody else, but I was aware of this issue before I heard of 'heartbleed'.
It is quite common for amateurs in security to come with very bad solutions to problems even though they are often well-meaning. There are numerous cases of people inventing encryption methods that are easily broken. I've seen people do nothing more than invert the bits and claim that the "encrypted" message was secure.
The worst I ever saw was some bozo who didn't consider any computer system secure until he had disabled or removed everything having to do with security.
One time the bozo set up a firewall for us, but it never got used because whenever it was plugged in, it shut down all traffic. The reason was simple -- he thought that the proper way to plug it in was backwards -- that the Internet was the LAN and the local network was the WAN. One day, long after the bozo was gone, I found a listing of the firewall rules he used. It turned out that all the firewall did was filter out spoofed traffic and pass everything else. Of course, when hooked up backwards, the "spoofed" traffic was the legitimate traffic and any actual spoofed traffic would be passed through.
If you think back to the early days of wireless, there was the WEP encryption method. WEP was invented by people with very little concept of security and negligible knowledge about encryption. The result was an encryption standard that could be broken very easily.
In another case, I once came across some encryption that merely inverted the bits. They guy who came up with that scheme thought it was perfectly secure because nobody would ever think to invert the bits back again.
Hopefully the new LibreSSL fork will eventually help resolve this issue.
-
Obligatory XKCD comics http://xkcd.com/1353/ http://xkcd.com/1354/
sliqua-jcooter
Veteran
Joined: 25 Jan 2010
Age: 36
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA
To be fair the NSS project from Mozilla is actually very, very good. It lags behind OpenSSL on features (still doesn't support server-side SNI, for example), but the implementation and architecture are much more secure - and mozilla has a pretty good code review policy.
I'll go on record saying that everyone building web apps should use NSS.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.
sliqua-jcooter
Veteran
Joined: 25 Jan 2010
Age: 36
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA
NSS has it's origins from the Netscape days, so it's actually really old (I'm not exactly sure what the specific order is, but I wouldn't be surprised if NSS predates OpenSSL). It's now primarily maintained by the mozilla foundation, so most of the development focus is on the client side, but IMO it has a better security architecture than OpenSSL does.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.