So... about that Heartbleed



  • You should have a peek at what the BSD crew is still finding hidden under the covers. Yikes!



  • I like how they seemed to just chuck anything they could find that looked randomish into the RNG.


  • Discourse touched me in a no-no place

    Doing a major reworking effort like this with CVS. (OK, better than Visual SourceSafe, but that's not a high bar.) At the very least, they ought to think about using something which at least has changesets, and not all of them have as high a barrier to entry as Git.

    Oh well, at least they're in there, draining the swamp and doing the Flying Spaghetti Monster's Work.



  • But, um, hasn't OpenBSD included OpenSSL for years?

    So is the gag here "Ha ha, look at all these stupid bugs (in the software we've been distributing to you for years)!"

    Well, I guess you can't blame the OpenBSD guys for not ever auditing the code they were distributing to people as "secure". I mean, there are still dozens of HP calculator models without a Nethack port; sometimes you have to prioritize!



  • The WTF is not that OpenSSL is terribly programmed and has bugs. The WTF is that a large part of the internet was using a terribly programmed security library maintained by less than 10 guys on their spare time that had obviously never passed a single security audit.


  • Discourse touched me in a no-no place

    FIPS == You have the standard set of security holes and vulnerabilities.



  • OpenBSD founder Theo de Raadt has created a fork of OpenSSL.  When asked why he wanted to start over instead of helping to
    make OpenSSL better, de Raadt said the existing code is too much of a
    mess.

    "Our group removed half of the OpenSSL source tree in a week. It was discarded leftovers"

    When asked what he meant by OpenSSL containing "discarded leftovers,"
    de Raadt said there were "Thousands of lines of VMS support. Thousands
    of lines of ancient WIN32 support. Nowadays, Windows has POSIX-like APIs
    and does not need something special for sockets. Thousands of lines of FIPS support, which downgrade ciphers almost automatically."

    There were also "thousands of lines of APIs that the OpenSSL group intended to deprecate 12 years or so ago and are still left alone."

    De Raadt told ZDNet that his team has removed 90,000 lines of C code. "Even after all those changes, the codebase is still API compatible," he said. "Our entire ports tree (8,700 applications) continue to compile and work after all these changes."

     



  • @anonymous234 said:

    The WTF is not that OpenSSL is terribly programmed and has bugs. The WTF is that a large part of the internet was using a terribly programmed security library maintained by less than 10 guys on their spare time that had obviously never passed a single security audit.

    Time for Morbs' Law #372:

    @Morbs' Law #372 said:

    All software problems--every single one--can be solved by creating a new open source license



    @The OpenSSL License said:

    ...

    Section IV: Security Vulnerabilities

    If you use OpenSSL in your project, distribute OpenSSL with your OS, connect to a server running OpenSSL or even so much as take a peek at the OpenSSL source (even accidentally over a co-worker's shoulder while you were hoping to see him type his bank password), you are not permitted to find, reveal or talk about any security vulnerability which would expose the ineptitude of the OpenSSL developers. By reading this sentence in your head you agree to the terms of the OpenSSL license, in perpetuity throughout the universe.

    ...


  • Winner of the 2016 Presidential Election

    @morbiuswilters said:

    @The OpenSSL License said:
    Section IV: Security Vulnerabilities


    By reading this sentence in your head you agree to the terms of the OpenSSL license, in perpetuity throughout the universe.


    It's a good thing I was reading aloud.



  • @joe.edwards said:

    It's a good thing I was reading aloud.

    Eyes and mouth are still in your head. Therefore, I find that you read it in your head.

    @joe.edwards said:

    Filed under: What if it's read to me?

    Still reading it, just with your ears, not eyes!



  • de Raadt said there were "Thousands of lines of VMS support"
    ....... But what will I do on my VAXen without them????



  • @Buttembly Coder said:

    I like how they seemed to just chuck anything they could find that looked randomish into the RNG.

     

    I laughed at that first one hard enough that co-workers looked at me funny. Oh man.

     

    Then I found the real punchline, on their front page:

    The real punchline is that I'll be stuck with the shittier version of this fork, precisely because I'm writing security software for the government.


     



  • @aristurtle said:

    @Buttembly Coder said:
    I like how they seemed to just chuck anything they could find that looked randomish into the RNG.

    I laughed at that first one hard enough that co-workers looked at me funny. Oh man.

     

    Then I found the real punchline, on their front page:

    http://opensslrampage.org/post/83555615721/the-future-or-lack-thereof-of-libressls-fips

    The real punchline is that I'll be stuck with the shittier version of this fork, precisely because I'm writing security software for the government.

    http://www.tedunangst.com/flak/post/worst-common-denominator-programming#addendum

    Any one or two dozen hacks would be understandable. As would the
    diabolical brace formatting. Or the dreadful (in the sense of literally
    inspiring dread) comments:

     

    /* The reason I have implemented this instead of using sscanf is because
    * Visual C 1.52c gives an unresolved external when linking a DLL 😞 */


    (Yes, you are running that code. Even on unix. OpenSSL uses it everywhere.)


    But taken all together, it’s like “drowning in an ocean composed of
    pufferfish that are pregnant with tiny Freddy Kruegers -- each detail is
    horrendous in isolation, but the aggregate sum is delightfully arranged
    into a hate flower that blooms all year.”

     

     



  • Someone wanna tell me what FIPS actually stands for? Blog doesn't bother to define it. Googling brings up something about Federal Information Processing Standards, but why would that be a "mode" in SSL?



  • @blakeyrat said:

    Someone wanna tell me what FIPS actually stands for? Blog doesn't bother to define it. Googling brings up something about Federal Information Processing Standards, but why would that be a "mode" in SSL?
    I don't actually know the answer, but I'll hazard the reasonable guess that complying with with Federal Information Processing Standards requires that SSL do something that makes it weaker and/or slower. Therefore, compliance is only enabled by users who are required to do so.



  • @HardwareGeek said:

    @blakeyrat said:
    Someone wanna tell me what FIPS actually stands for? Blog doesn't bother to define it. Googling brings up something about Federal Information Processing Standards, but why would that be a "mode" in SSL?
    I don't actually know the answer, but I'll hazard the reasonable guess that complying with with Federal Information Processing Standards requires that SSL do something that makes it weaker and/or slower. Therefore, compliance is only enabled by users who are required to do so.
    FIPS:
    Federal Information Processing Standards (FIPS) are standardizations developed by the United States federal government for use in computer systems
    by all non-military government agencies and by government contractors . . . . . . . The purpose of FIPS is to ensure that all federal government and
    agencies adhere to the same guidelines regarding security and
    communication.

    OpenSSL implemented an "FIPS Mode" so that people trying to get government contracts could check the box that says "Meets FIPS Standards".  Despite the fact that FIPS (like many government regulations) is less than worthless.



  • @aristurtle said:

    @Buttembly Coder said:

    I like how they seemed to just chuck anything they could find that looked randomish into the RNG.

     

    I laughed at that first one hard enough that co-workers looked at me funny. Oh man.

    You mean this commit?

    @cvs commit message said:

    Do not feed RSA private key information to the random subsystem as entropy. It might be fed to a pluggable random subsystem…. What were they thinking?!

    I would imagine that they were thinking that anyone with sufficient admin rights to install a malicious random subsystem could far more simply attach a debugger to the process and just read the keys straight out of RAM, without even having to figure out how to trigger the rare error condition that would lead to that codepath being executed.

    They'd already be on the other side of the airtight hatchway, to use a Chen-ism.



  • @blakeyrat said:

    Someone wanna tell me what FIPS actually stands for? Blog doesn't bother to define it. Googling brings up something about Federal Information Processing Standards, but why would that be a "mode" in SSL?

    That's the right definition. FIPS is a number of Federal standards for IT, with several dedicated to information security. Some of the FIPS standards deal with cryptography, hence why OpenSSL had a FIPS mode: to implement the features required to be in compliance with the standard. However: 1) some of the FIPS stuff is really no longer secure; and 2) apparently OpenSSL's implementation sucks (surprise), so OpenBSD is dropping it, rather than continuing to support it.

    Some people are going to be stuck using FIPS for a long time, though (mainly those developing software for government or big corporations where it is mandated) so this kind of sucks for them. I understand not wanting to support a buggy, shitty standard, but this is a good example of an open source project choosing to do what's easier/cleaner/simpler rather than what people actually need. Yeah, it sucks to support FIPS, but in the real world it's likely going to be around for a long time so what OpenBSD is doing doesn't help anyone working in those industries, which is lame.



  • @morbiuswilters said:

    Yeah, it sucks to support FIPS, but in the real world it's likely going to be around for a long time so what OpenBSD is doing doesn't help anyone working in those industries, which is lame.

     The OpenBSD guys seem to be saying that FIPS is so shitty that they can't write something that meets the standards AND is actually secure ("We have here a standard that includes worse than useless crypto, and a
    process that certifies useless implementations."). Since it's the federal government we're talking about, that could possibly be true.



  • @El_Heffe said:

    @morbiuswilters said:
    Yeah, it sucks to support FIPS, but in the real world it's likely going to be around for a long time so what OpenBSD is doing doesn't help anyone working in those industries, which is lame.

     The OpenBSD guys seem to be saying that FIPS is so shitty that they can't write something that meets the standards AND is actually secure ("We have here a standard that includes worse than useless crypto, and a
    process that certifies useless implementations."). Since it's the federal government we're talking about, that could possibly be true.

    It is true. Well, in a melodramatic nerd kinda way, but their criticisms are valid. The problem is, FIPS is still required in many industries. It would be better to FIPS on top of a more-secure OpenSSL rather than being forced to use the old OpenSSL, right? But OpenBSD is like "Nah, we wanna do what's fun" so instead a lot of people are going to be stuck using OpenSSL. Although I imagine somebody will eventually port the FIPS module to libressl.

    Edit: Oh, and I gotta say, creating a website to mock the people who wrote OpenSSL while you fix their bugs really sums up the FOSS community. Hey, it may keep people from contributing, but at least some nerd in Akron felt good about himself, briefly.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.