OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Charles Swiger
cswiger at mac.com
Tue Apr 22 19:00:53 UTC 2014
On Apr 21, 2014, at 6:38 PM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> In the aftermath of this whole OpenSSL brouhaha... which none other than
> Bruce Schneier publically pronounced to be a 12, on a scale from 1 to 10,
> in terms of awfulness... I do wonder if anyone has taken the time or effort
> to run the OpenSSL sources through any kind of analyzer to try to obtain
> some of the standard sorts of software science metrics on it.
Sure. Running clang's static analyzer against openssl-1.0.1g yields:
Bug Type Quantity
All Bugs 182
Dead store
Dead assignment 121
Dead increment 12
Dead initialization 2
Logic error
Assigned value is garbage or undefined 3
Branch condition evaluates to a garbage value 1
Dereference of null pointer 27
Division by zero 1
Result of operation is garbage or undefined 9
Uninitialized argument value 2
Unix API 4
The "division by zero" is ssl/t1_enc.c:267 and has 15 steps to reach;
one of the null pointer cases, crypto/asn1/f_string.c:191, has a
path length of 39.
[ ... ]
> P.S. I do think that Schneier has seriously overstated the criticality of
> Heartbleed. So far, I am not aware of -any- banks or other financial
> institutions which have been confirmed to have been affected, and by and
> large, life goes on and the world has not ended.
Most of the large financial institutions use hardware crypto-accelerators
to speed up SSL; devices like F5's BIG-IP, Brocade's ServerIrons,
Citrix NetScalers, etc.
These vendors and their hardware tend to be conservative and were generally
sticking with capabilities mirroring OpenSSL 0.9.8, rather than chasing
TLS v1.2, perfect forward secrecy and the like from OpenSSL 1.x.
Just as an FYI, I'd heard a rumbling or two about Heartbleed on Friday April 4,
but the first open publication I saw of this was on Ars Technica thread here:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping
Note that around comment #78 by raphidae, that user ran the exploit against Ars
and was able to grab username+passwords and login as other users.
Regards,
--
-Chuck
More information about the freebsd-security
mailing list