LibreSSL, one year later
-
Upload
giovanni-bechis -
Category
Software
-
view
151 -
download
3
Transcript of LibreSSL, one year later
![Page 2: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/2.jpg)
About Me
I sys admin and developer @SNB
I OpenBSD developer
I Open Source developer in several other projects
![Page 3: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/3.jpg)
About Me
I sys admin and developer @SNB
I OpenBSD developer
I Open Source developer in several other projects
![Page 4: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/4.jpg)
CVE-2014-0160
I 17% of https web servers use OpenSSL as SSL/TLSlibrary and have heartbeat extension enabled
I at least Cisco, Fortinet, Oracle and Siemens productshas been affected
I bug was introduced on December 2011 and fixed onApril 2014
I exploitation of this bug does not leave any trace
I eWEEK estimated a total cost of $500 million
![Page 5: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/5.jpg)
CVE-2014-0160
I 17% of https web servers use OpenSSL as SSL/TLSlibrary and have heartbeat extension enabled
I at least Cisco, Fortinet, Oracle and Siemens productshas been affected
I bug was introduced on December 2011 and fixed onApril 2014
I exploitation of this bug does not leave any trace
I eWEEK estimated a total cost of $500 million
![Page 6: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/6.jpg)
CVE-2014-0160
I 17% of https web servers use OpenSSL as SSL/TLSlibrary and have heartbeat extension enabled
I at least Cisco, Fortinet, Oracle and Siemens productshas been affected
I bug was introduced on December 2011 and fixed onApril 2014
I exploitation of this bug does not leave any trace
I eWEEK estimated a total cost of $500 million
![Page 7: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/7.jpg)
CVE-2014-0160
I 17% of https web servers use OpenSSL as SSL/TLSlibrary and have heartbeat extension enabled
I at least Cisco, Fortinet, Oracle and Siemens productshas been affected
I bug was introduced on December 2011 and fixed onApril 2014
I exploitation of this bug does not leave any trace
I eWEEK estimated a total cost of $500 million
![Page 8: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/8.jpg)
CVE-2014-0160
I 17% of https web servers use OpenSSL as SSL/TLSlibrary and have heartbeat extension enabled
I at least Cisco, Fortinet, Oracle and Siemens productshas been affected
I bug was introduced on December 2011 and fixed onApril 2014
I exploitation of this bug does not leave any trace
I eWEEK estimated a total cost of $500 million
![Page 9: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/9.jpg)
How the Heartbleed bug works:
I attacker can dump up to 64k of memory near theSSL heartbeat of the attacked machine
I attack can be repeated many times to obtaindifferent memory allocations of 64k size
I memory stolen could reveal any kind of data:passwords, credit card numbers, personal data, ...
![Page 10: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/10.jpg)
How the Heartbleed bug works:
I attacker can dump up to 64k of memory near theSSL heartbeat of the attacked machine
I attack can be repeated many times to obtaindifferent memory allocations of 64k size
I memory stolen could reveal any kind of data:passwords, credit card numbers, personal data, ...
![Page 11: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/11.jpg)
How the Heartbleed bug works:
I attacker can dump up to 64k of memory near theSSL heartbeat of the attacked machine
I attack can be repeated many times to obtaindifferent memory allocations of 64k size
I memory stolen could reveal any kind of data:passwords, credit card numbers, personal data, ...
![Page 12: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/12.jpg)
Why Heartbleed happened ?
I code too complex and intricated
I developers mostly interested in adding features, notfixing code
I fixes not merged upstream
I bugs (and fixes) sleep for years in the bug tracker
![Page 13: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/13.jpg)
Why Heartbleed happened ?
I code too complex and intricated
I developers mostly interested in adding features, notfixing code
I fixes not merged upstream
I bugs (and fixes) sleep for years in the bug tracker
![Page 14: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/14.jpg)
Why Heartbleed happened ?
I code too complex and intricated
I developers mostly interested in adding features, notfixing code
I fixes not merged upstream
I bugs (and fixes) sleep for years in the bug tracker
![Page 15: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/15.jpg)
Why Heartbleed happened ?
I code too complex and intricated
I developers mostly interested in adding features, notfixing code
I fixes not merged upstream
I bugs (and fixes) sleep for years in the bug tracker
![Page 16: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/16.jpg)
OpenSSL malloc replacement
I it never frees memory (tools cannot spot bugs)
I it uses LIFO recycling (no ’use after free’ problems)
I includes a debugging malloc that send private info tologs
I includes the ability to replace the malloc/free atruntime
![Page 17: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/17.jpg)
OpenSSL malloc replacement
I it never frees memory (tools cannot spot bugs)
I it uses LIFO recycling (no ’use after free’ problems)
I includes a debugging malloc that send private info tologs
I includes the ability to replace the malloc/free atruntime
![Page 18: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/18.jpg)
OpenSSL malloc replacement
I it never frees memory (tools cannot spot bugs)
I it uses LIFO recycling (no ’use after free’ problems)
I includes a debugging malloc that send private info tologs
I includes the ability to replace the malloc/free atruntime
![Page 19: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/19.jpg)
OpenSSL malloc replacement
I it never frees memory (tools cannot spot bugs)
I it uses LIFO recycling (no ’use after free’ problems)
I includes a debugging malloc that send private info tologs
I includes the ability to replace the malloc/free atruntime
![Page 20: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/20.jpg)
What’s wrong with OpenSSL code ?
I quite all OpenSSL API headers are public
I it is developed using ”OpenSSL C”
I it uses its own functions instead of those provided bylibc like BIO free(3) or BIO strdup
I it has strange compile options (in OpenSSL bothNO OLD ASN1 and NO ASN1 OLD compile optionsare present but their meaning is slightly different)
![Page 21: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/21.jpg)
What’s wrong with OpenSSL code ?
I quite all OpenSSL API headers are public
I it is developed using ”OpenSSL C”
I it uses its own functions instead of those provided bylibc like BIO free(3) or BIO strdup
I it has strange compile options (in OpenSSL bothNO OLD ASN1 and NO ASN1 OLD compile optionsare present but their meaning is slightly different)
![Page 22: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/22.jpg)
What’s wrong with OpenSSL code ?
I quite all OpenSSL API headers are public
I it is developed using ”OpenSSL C”
I it uses its own functions instead of those provided bylibc like BIO free(3) or BIO strdup
I it has strange compile options (in OpenSSL bothNO OLD ASN1 and NO ASN1 OLD compile optionsare present but their meaning is slightly different)
![Page 23: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/23.jpg)
What’s wrong with OpenSSL code ?
I quite all OpenSSL API headers are public
I it is developed using ”OpenSSL C”
I it uses its own functions instead of those provided bylibc like BIO free(3) or BIO strdup
I it has strange compile options (in OpenSSL bothNO OLD ASN1 and NO ASN1 OLD compile optionsare present but their meaning is slightly different)
![Page 24: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/24.jpg)
LibreSSL
I very young project, development started on April2014
I mostly developed by OpenBSD team
I forked from OpenSSL 1.0.1g
![Page 25: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/25.jpg)
LibreSSL
I very young project, development started on April2014
I mostly developed by OpenBSD team
I forked from OpenSSL 1.0.1g
![Page 26: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/26.jpg)
LibreSSL
I very young project, development started on April2014
I mostly developed by OpenBSD team
I forked from OpenSSL 1.0.1g
![Page 27: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/27.jpg)
LibreSSL goals
I preserve API/ABI compatibility with OpenSSL
I bring more people into working with the codebase(+KNF, -#ifdef)
I fix bugs asap, use modern coding practices
I do portability the right wayTM
![Page 28: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/28.jpg)
LibreSSL goals
I preserve API/ABI compatibility with OpenSSL
I bring more people into working with the codebase(+KNF, -#ifdef)
I fix bugs asap, use modern coding practices
I do portability the right wayTM
![Page 29: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/29.jpg)
LibreSSL goals
I preserve API/ABI compatibility with OpenSSL
I bring more people into working with the codebase(+KNF, -#ifdef)
I fix bugs asap, use modern coding practices
I do portability the right wayTM
![Page 30: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/30.jpg)
LibreSSL goals
I preserve API/ABI compatibility with OpenSSL
I bring more people into working with the codebase(+KNF, -#ifdef)
I fix bugs asap, use modern coding practices
I do portability the right wayTM
![Page 31: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/31.jpg)
Some differences between LibreSSL and OpenSSL
I ∼90000 lines of code less but same functionalities
I does not support VMS, MsDos nor MacOS 9
I does not have FIPS support
I different set of ciphers (-MD2, -SRP, +ChaCha,+poly1305)
I BIO * functions do the right thingTM
I malloc(x*y) has been converted to reallocarray(x,y)
![Page 32: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/32.jpg)
Some differences between LibreSSL and OpenSSL
I ∼90000 lines of code less but same functionalities
I does not support VMS, MsDos nor MacOS 9
I does not have FIPS support
I different set of ciphers (-MD2, -SRP, +ChaCha,+poly1305)
I BIO * functions do the right thingTM
I malloc(x*y) has been converted to reallocarray(x,y)
![Page 33: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/33.jpg)
Some differences between LibreSSL and OpenSSL
I ∼90000 lines of code less but same functionalities
I does not support VMS, MsDos nor MacOS 9
I does not have FIPS support
I different set of ciphers (-MD2, -SRP, +ChaCha,+poly1305)
I BIO * functions do the right thingTM
I malloc(x*y) has been converted to reallocarray(x,y)
![Page 34: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/34.jpg)
Some differences between LibreSSL and OpenSSL
I ∼90000 lines of code less but same functionalities
I does not support VMS, MsDos nor MacOS 9
I does not have FIPS support
I different set of ciphers (-MD2, -SRP, +ChaCha,+poly1305)
I BIO * functions do the right thingTM
I malloc(x*y) has been converted to reallocarray(x,y)
![Page 35: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/35.jpg)
Some differences between LibreSSL and OpenSSL
I ∼90000 lines of code less but same functionalities
I does not support VMS, MsDos nor MacOS 9
I does not have FIPS support
I different set of ciphers (-MD2, -SRP, +ChaCha,+poly1305)
I BIO * functions do the right thingTM
I malloc(x*y) has been converted to reallocarray(x,y)
![Page 36: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/36.jpg)
Some differences between LibreSSL and OpenSSL
I ∼90000 lines of code less but same functionalities
I does not support VMS, MsDos nor MacOS 9
I does not have FIPS support
I different set of ciphers (-MD2, -SRP, +ChaCha,+poly1305)
I BIO * functions do the right thingTM
I malloc(x*y) has been converted to reallocarray(x,y)
![Page 37: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/37.jpg)
How OpenSSL does portable
I use and abuse of internal functions that behaves”more or less” the same as libc counterpart
I #ifdef and #ifndef everywhere
I support for as many combinations of operatingsystems and compilers out there
![Page 38: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/38.jpg)
How OpenSSL does portable
I use and abuse of internal functions that behaves”more or less” the same as libc counterpart
I #ifdef and #ifndef everywhere
I support for as many combinations of operatingsystems and compilers out there
![Page 39: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/39.jpg)
How OpenSSL does portable
I use and abuse of internal functions that behaves”more or less” the same as libc counterpart
I #ifdef and #ifndef everywhere
I support for as many combinations of operatingsystems and compilers out there
![Page 40: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/40.jpg)
How OpenSSH (and LibreSSL) does portable
I assume a sane target OS (OpenBSD) and code withhis standards
I build and maintain code on the main target OS,using modern C
I provide portability code only to provide functionsthat other OS’s don’t provide
I do not reimplement libc
I put as few #ifdefs as possible in the code
![Page 41: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/41.jpg)
How OpenSSH (and LibreSSL) does portable
I assume a sane target OS (OpenBSD) and code withhis standards
I build and maintain code on the main target OS,using modern C
I provide portability code only to provide functionsthat other OS’s don’t provide
I do not reimplement libc
I put as few #ifdefs as possible in the code
![Page 42: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/42.jpg)
How OpenSSH (and LibreSSL) does portable
I assume a sane target OS (OpenBSD) and code withhis standards
I build and maintain code on the main target OS,using modern C
I provide portability code only to provide functionsthat other OS’s don’t provide
I do not reimplement libc
I put as few #ifdefs as possible in the code
![Page 43: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/43.jpg)
How OpenSSH (and LibreSSL) does portable
I assume a sane target OS (OpenBSD) and code withhis standards
I build and maintain code on the main target OS,using modern C
I provide portability code only to provide functionsthat other OS’s don’t provide
I do not reimplement libc
I put as few #ifdefs as possible in the code
![Page 44: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/44.jpg)
How OpenSSH (and LibreSSL) does portable
I assume a sane target OS (OpenBSD) and code withhis standards
I build and maintain code on the main target OS,using modern C
I provide portability code only to provide functionsthat other OS’s don’t provide
I do not reimplement libc
I put as few #ifdefs as possible in the code
![Page 45: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/45.jpg)
LibreSSL API, ftp client- if (inet_pton(AF_INET, host, &addrbuf) != 1 &&
- inet_pton(AF_INET6, host, &addrbuf) != 1) {
- if (SSL_set_tlsext_host_name(ssl, host) == 0) {
- ERR_print_errors_fp(ttyout);
- goto cleanup_url_get;
- }
- }
- if (SSL_connect(ssl) <= 0) {
- ERR_print_errors_fp(ttyout);
+ if (ressl_connect_socket(ssl, s, host) != 0) {
+ fprintf(ttyout, "SSL failure: %s\n", ressl_error(ssl));
goto cleanup_url_get;
}
- if (ssl_verify) {
- X509 *cert;
-
- cert = SSL_get_peer_certificate(ssl);
- if (cert == NULL) {
- fprintf(ttyout, "%s: no server certificate\n",
- getprogname());
- goto cleanup_url_get;
- }
-
- if (ssl_check_hostname(cert, host) != 0) {
- X509_free(cert);
- fprintf(ttyout, "%s: host ‘%s’ not present in"
- " server certificate\n",
- getprogname(), host);
- goto cleanup_url_get;
- }
-
- X509_free(cert);
![Page 46: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/46.jpg)
What should we have learned ?
I fix bugs ASAP, do not let them sleep fo years
I use as few workarounds as possible in your code
I review your code
I look at your old code and fix horrors sleeping there
I do not reinvent the wheel
I every bug could be a security bug
![Page 47: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/47.jpg)
What should we have learned ?
I fix bugs ASAP, do not let them sleep fo years
I use as few workarounds as possible in your code
I review your code
I look at your old code and fix horrors sleeping there
I do not reinvent the wheel
I every bug could be a security bug
![Page 48: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/48.jpg)
What should we have learned ?
I fix bugs ASAP, do not let them sleep fo years
I use as few workarounds as possible in your code
I review your code
I look at your old code and fix horrors sleeping there
I do not reinvent the wheel
I every bug could be a security bug
![Page 49: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/49.jpg)
What should we have learned ?
I fix bugs ASAP, do not let them sleep fo years
I use as few workarounds as possible in your code
I review your code
I look at your old code and fix horrors sleeping there
I do not reinvent the wheel
I every bug could be a security bug
![Page 50: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/50.jpg)
What should we have learned ?
I fix bugs ASAP, do not let them sleep fo years
I use as few workarounds as possible in your code
I review your code
I look at your old code and fix horrors sleeping there
I do not reinvent the wheel
I every bug could be a security bug
![Page 51: LibreSSL, one year later](https://reader031.fdocuments.in/reader031/viewer/2022032617/55acd24d1a28ab4a078b464a/html5/thumbnails/51.jpg)
What should we have learned ?
I fix bugs ASAP, do not let them sleep fo years
I use as few workarounds as possible in your code
I review your code
I look at your old code and fix horrors sleeping there
I do not reinvent the wheel
I every bug could be a security bug