OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?

Charles Swiger cswiger at mac.com
Tue Apr 22 19:00:53 UTC 2014 

On Apr 21, 2014, at 6:38 PM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> In the aftermath of this whole OpenSSL brouhaha... which none other than
> Bruce Schneier publically pronounced to be a 12, on a scale from 1 to 10,
> in terms of awfulness... I do wonder if anyone has taken the time or effort
> to run the OpenSSL sources through any kind of analyzer to try to obtain
> some of the standard sorts of software science metrics on it.

Sure.  Running clang's static analyzer against openssl-1.0.1g yields:

Bug Type	Quantity
All Bugs	182	

Dead store
	Dead assignment		121
	Dead increment		12
	Dead initialization	2

Logic error
	Assigned value is garbage or undefined		3
	Branch condition evaluates to a garbage value	1
	Dereference of null pointer			27
	Division by zero				1
	Result of operation is garbage or undefined	9
	Uninitialized argument value			2
	Unix API					4

The "division by zero" is ssl/t1_enc.c:267 and has 15 steps to reach;
one of the null pointer cases, crypto/asn1/f_string.c:191, has a
path length of 39.

[ ... ]
> P.S.  I do think that Schneier has seriously overstated the criticality of 
> Heartbleed.  So far, I am not aware of -any- banks or other financial
> institutions which have been confirmed to have been affected, and by and
> large, life goes on and the world has not ended.

Most of the large financial institutions use hardware crypto-accelerators
to speed up SSL; devices like F5's BIG-IP, Brocade's ServerIrons,
Citrix NetScalers, etc.

These vendors and their hardware tend to be conservative and were generally
sticking with capabilities mirroring OpenSSL 0.9.8, rather than chasing
TLS v1.2, perfect forward secrecy and the like from OpenSSL 1.x.

Just as an FYI, I'd heard a rumbling or two about Heartbleed on Friday April 4,
but the first open publication I saw of this was on Ars Technica thread here:

   http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping

Note that around comment #78 by raphidae, that user ran the exploit against Ars
and was able to grab username+passwords and login as other users.

Regards,
-- 
-Chuck

More information about the freebsd-security mailing list