OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?

Tue, 22 Apr 2014 12:01:13 -0700 

On Apr 21, 2014, at 6:38 PM, Ronald F. Guilmette <r...@tristatelogic.com> wrote:
> In the aftermath of this whole OpenSSL brouhaha... which none other than
> Bruce Schneier publically pronounced to be a 12, on a scale from 1 to 10,
> in terms of awfulness... I do wonder if anyone has taken the time or effort
> to run the OpenSSL sources through any kind of analyzer to try to obtain
> some of the standard sorts of software science metrics on it.

Sure.  Running clang's static analyzer against openssl-1.0.1g yields:

Bug Type        Quantity
All Bugs        182     

Dead store
        Dead assignment         121
        Dead increment          12
        Dead initialization     2

Logic error
        Assigned value is garbage or undefined          3
        Branch condition evaluates to a garbage value   1
        Dereference of null pointer                     27
        Division by zero                                1
        Result of operation is garbage or undefined     9
        Uninitialized argument value                    2
        Unix API                                        4

The "division by zero" is ssl/t1_enc.c:267 and has 15 steps to reach;
one of the null pointer cases, crypto/asn1/f_string.c:191, has a
path length of 39.

[ ... ]
> P.S.  I do think that Schneier has seriously overstated the criticality of 
> Heartbleed.  So far, I am not aware of -any- banks or other financial
> institutions which have been confirmed to have been affected, and by and
> large, life goes on and the world has not ended.

Most of the large financial institutions use hardware crypto-accelerators
to speed up SSL; devices like F5's BIG-IP, Brocade's ServerIrons,
Citrix NetScalers, etc.

These vendors and their hardware tend to be conservative and were generally
sticking with capabilities mirroring OpenSSL 0.9.8, rather than chasing
TLS v1.2, perfect forward secrecy and the like from OpenSSL 1.x.

Just as an FYI, I'd heard a rumbling or two about Heartbleed on Friday April 4,
but the first open publication I saw of this was on Ars Technica thread here:

   
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping

Note that around comment #78 by raphidae, that user ran the exploit against Ars
and was able to grab username+passwords and login as other users.

Regards,
-- 
-Chuck

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Reply via email to