Slashdot Mirror


OpenBSD Team Cleaning Up OpenSSL

First time accepted submitter Iarwain Ben-adar (2393286) writes "The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a 'portable' version of this new OpenSSL fork. Or not."

5 of 304 comments (clear)

  1. Re:What about a re-implementation... by Lunix+Nutcase · · Score: 5, Insightful

    So if C is so bad why should we trust the languages that are implemented in it? You do realize that most of these "safe" languages are written in C, right?

  2. "Ancient." "Cruft." by jabberw0k · · Score: 5, Insightful

    I read that as discarding stuff for Windows 98, 2000, and other ancient platforms that have fallen almost entirely from use, and certainly outside the pool of what's tested: A good thing.

  3. While it may sound like that... by Anonymous Coward · · Score: 5, Insightful

    The first step to cleaning up the code is getting it into a state where you're not leaving crap in place because 'It's for something I don't understand.'

    That's what got us in the current OpenSSL mess in the first place.

    Additionally, once the core code is cleaned up you can always follow the changelogs and merge the legacy stuff back in (assuming they're using git, or another VCS with a good git check(in/out) module.)

    Honestly anyone still running any of those OSes is probably running a 0.9 series library and thus wasn't vulnerable to this bug to begin with. Who knows how many of those alternate paths even still worked anymore.

  4. Re:Backport\Upstream? Seems unlikely by serviscope_minor · · Score: 5, Insightful

    they are choosing the greater of two evils.

    No.

    Eventually supporting too many screwy and ancient systems starts to cause just so many problems that it is really, really hard to write solid, well tested, clear code. The heartbleed bug was exactly a result of this. Because of supporting so many screwy platforms, they couldn't even rely on having malloc() work well. That means they had their own malloc implementation working from internal memory pools. Had they not, they would have benefited from the modern mmap() based implementations and you'd have got a segfault rather than a dump of the process memory.

    Supporting especially really old systems means having reimplementations of things which ought to be outside the scope of OpenSSL. Then you have to decide whether to always use the reimplementation or switch on demand between the custom one and the system one and whether or not to have some sort of quirk/bug correction.

    This sort of stuff starts to add up and lead to a maintainance nightmare.

    What OpenBSD are doing: throwing out all the accumulated crud and keeping the good parts is a fine way to proceed. It will almost certainly be portable to the other BSDs, OSX and Linux since they provide similar low level facilities. I doubt a port back to Windows would be hard because modern windows provides enough sane facilities that it's generally not too bad for heavily algorithmic code like this.

    Basically there's no way for them to get started except to first rationalise the code base and then audit it.

    --
    SJW n. One who posts facts.
  5. Re:de Raadt by bmajik · · Score: 5, Insightful

    Actually, it is you who are wrong.

    Theo's point from the beginning is that a custom allocator was used here, which removed any beneficial effects of both good platform allocators AND "evil" allocator tools.

    His response was a specific circumstance of the poor software engineering practices behind openSSL.

    Furthermore, at some point, openSSL became behaviorally dependant on its own allocator -- that is, when you tried to use a system allocator, it broke -- because it wasn't handing you back unmodified memory contents you had just freed.

    This dependency was known and documented. And not fixed.

    IMO, using a custom allocator is a bit like doing your own crypto. "Normal people" shouldn't do it.

    If you look at what open SSL is

    1) crypto software
    2) that is on by default
    3) that listens to the public internet
    4) that accepts data under the control of attackers ... you should already be squarely in the land of "doing every possible software engineering best practice possible". This is software that needs to be written differently than "normal" software; held to a higher standard, and correct for correctness sake.

    I would say that, "taking a hard dependence on my own custom allocator" and not investigating _why_ the platform allocator can no longer be used to give correct behavior is a _worst practice_. And its especially damning given how critical and predisposed to exploitability something like openSSL is.

    Yet that is what the openSSL team did. And they knew it. And they didn't care. And it caught up with them.

    The point of Theo's remarks is not to say "using a system allocator would have prevented bad code from being exploitable". The point is "having an engineering culture that ran tests using a system allocator and a debugging allocator would have prevented this bad code from staying around as long as it did"

    Let people swap the "fast" allocator back in at runtime, if you must. But make damn sure the code is correct enough to pass on "correctness checking" allocators.

    --
    My opinions are my own, and do not necessarily represent those of my employer.