LibreSSL, one year later
0 likes1,070 views
This document discusses the Heartbleed bug in OpenSSL and the creation of LibreSSL as a more secure alternative. It notes that 17% of HTTPS servers were vulnerable to Heartbleed, which allowed attackers to steal passwords, credit cards, and other private data from server memory. LibreSSL was created to have fewer lines of code, modern coding practices, and fewer portability workarounds than OpenSSL to address bugs like Heartbleed. The document emphasizes fixing bugs quickly and not reinventing standard library functions.
LibreSSL, one year later
- 2. About Me sys admin and developer @SNB
- 3. About Me sys admin and developer @SNB OpenBSD developer Open Source developer in several other projects
- 4. CVE-2014-0160 17% of https web servers use OpenSSL as SSL/TLS library and have heartbeat extension enabled
- 5. CVE-2014-0160 17% of https web servers use OpenSSL as SSL/TLS library and have heartbeat extension enabled at least Cisco, Fortinet, Oracle and Siemens products has been affected
- 6. CVE-2014-0160 17% of https web servers use OpenSSL as SSL/TLS library and have heartbeat extension enabled at least Cisco, Fortinet, Oracle and Siemens products has been affected bug was introduced on December 2011 and fixed on April 2014
- 7. CVE-2014-0160 17% of https web servers use OpenSSL as SSL/TLS library and have heartbeat extension enabled at least Cisco, Fortinet, Oracle and Siemens products has been affected bug was introduced on December 2011 and fixed on April 2014 exploitation of this bug does not leave any trace
- 8. CVE-2014-0160 17% of https web servers use OpenSSL as SSL/TLS library and have heartbeat extension enabled at least Cisco, Fortinet, Oracle and Siemens products has been affected bug was introduced on December 2011 and fixed on April 2014 exploitation of this bug does not leave any trace eWEEK estimated a total cost of $500 million
- 9. How the Heartbleed bug works: attacker can dump up to 64k of memory near the SSL heartbeat of the attacked machine
- 10. How the Heartbleed bug works: attacker can dump up to 64k of memory near the SSL heartbeat of the attacked machine attack can be repeated many times to obtain different memory allocations of 64k size
- 11. How the Heartbleed bug works: attacker can dump up to 64k of memory near the SSL heartbeat of the attacked machine attack can be repeated many times to obtain different memory allocations of 64k size memory stolen could reveal any kind of data: passwords, credit card numbers, personal data, ...
- 12. Why Heartbleed happened ? code too complex and intricated
- 13. Why Heartbleed happened ? code too complex and intricated developers mostly interested in adding features, not fixing code
- 14. Why Heartbleed happened ? code too complex and intricated developers mostly interested in adding features, not fixing code fixes not merged upstream
- 15. Why Heartbleed happened ? code too complex and intricated developers mostly interested in adding features, not fixing code fixes not merged upstream bugs (and fixes) sleep for years in the bug tracker
- 16. OpenSSL malloc replacement it never frees memory (tools cannot spot bugs)
- 17. OpenSSL malloc replacement it never frees memory (tools cannot spot bugs) it uses LIFO recycling (no ’use after free’ problems)
- 18. OpenSSL malloc replacement it never frees memory (tools cannot spot bugs) it uses LIFO recycling (no ’use after free’ problems) includes a debugging malloc that send private info to logs
- 19. OpenSSL malloc replacement it never frees memory (tools cannot spot bugs) it uses LIFO recycling (no ’use after free’ problems) includes a debugging malloc that send private info to logs includes the ability to replace the malloc/free at runtime
- 20. What’s wrong with OpenSSL code ? quite all OpenSSL API headers are public
- 21. What’s wrong with OpenSSL code ? quite all OpenSSL API headers are public it is developed using ”OpenSSL C”
- 22. What’s wrong with OpenSSL code ? quite all OpenSSL API headers are public it is developed using ”OpenSSL C” it uses its own functions instead of those provided by libc like BIO free(3) or BIO strdup
- 23. What’s wrong with OpenSSL code ? quite all OpenSSL API headers are public it is developed using ”OpenSSL C” it uses its own functions instead of those provided by libc like BIO free(3) or BIO strdup it has strange compile options (in OpenSSL both NO OLD ASN1 and NO ASN1 OLD compile options are present but their meaning is slightly different)
- 24. LibreSSL very young project, development started on April 2014
- 25. LibreSSL very young project, development started on April 2014 mostly developed by OpenBSD team
- 26. LibreSSL very young project, development started on April 2014 mostly developed by OpenBSD team forked from OpenSSL 1.0.1g
- 27. LibreSSL goals preserve API/ABI compatibility with OpenSSL
- 28. LibreSSL goals preserve API/ABI compatibility with OpenSSL bring more people into working with the codebase (+KNF, -#ifdef)
- 29. LibreSSL goals preserve API/ABI compatibility with OpenSSL bring more people into working with the codebase (+KNF, -#ifdef) fix bugs asap, use modern coding practices
- 30. LibreSSL goals preserve API/ABI compatibility with OpenSSL bring more people into working with the codebase (+KNF, -#ifdef) fix bugs asap, use modern coding practices do portability the right wayTM
- 31. Some differences between LibreSSL and OpenSSL ∼90000 lines of code less but same functionalities
- 32. Some differences between LibreSSL and OpenSSL ∼90000 lines of code less but same functionalities does not support VMS, MsDos nor MacOS 9
- 33. Some differences between LibreSSL and OpenSSL ∼90000 lines of code less but same functionalities does not support VMS, MsDos nor MacOS 9 does not have FIPS support
- 34. Some differences between LibreSSL and OpenSSL ∼90000 lines of code less but same functionalities does not support VMS, MsDos nor MacOS 9 does not have FIPS support different set of ciphers (-MD2, -SRP, +ChaCha, +poly1305)
- 35. Some differences between LibreSSL and OpenSSL ∼90000 lines of code less but same functionalities does not support VMS, MsDos nor MacOS 9 does not have FIPS support different set of ciphers (-MD2, -SRP, +ChaCha, +poly1305) BIO * functions do the right thingTM
- 36. Some differences between LibreSSL and OpenSSL ∼90000 lines of code less but same functionalities does not support VMS, MsDos nor MacOS 9 does not have FIPS support different set of ciphers (-MD2, -SRP, +ChaCha, +poly1305) BIO * functions do the right thingTM malloc(x*y) has been converted to reallocarray(x,y)
- 37. How OpenSSL does portable use and abuse of internal functions that behaves ”more or less” the same as libc counterpart
- 38. How OpenSSL does portable use and abuse of internal functions that behaves ”more or less” the same as libc counterpart #ifdef and #ifndef everywhere
- 39. How OpenSSL does portable use and abuse of internal functions that behaves ”more or less” the same as libc counterpart #ifdef and #ifndef everywhere support for as many combinations of operating systems and compilers out there
- 40. How OpenSSH (and LibreSSL) does portable assume a sane target OS (OpenBSD) and code with his standards
- 41. How OpenSSH (and LibreSSL) does portable assume a sane target OS (OpenBSD) and code with his standards build and maintain code on the main target OS, using modern C
- 42. How OpenSSH (and LibreSSL) does portable assume a sane target OS (OpenBSD) and code with his standards build and maintain code on the main target OS, using modern C provide portability code only to provide functions that other OS’s don’t provide
- 43. How OpenSSH (and LibreSSL) does portable assume a sane target OS (OpenBSD) and code with his standards build and maintain code on the main target OS, using modern C provide portability code only to provide functions that other OS’s don’t provide do not reimplement libc
- 44. How OpenSSH (and LibreSSL) does portable assume a sane target OS (OpenBSD) and code with his standards build and maintain code on the main target OS, using modern C provide portability code only to provide functions that other OS’s don’t provide do not reimplement libc put as few #ifdefs as possible in the code
- 45. LibreSSL API, ftp client - if (inet_pton(AF_INET, host, &addrbuf) != 1 && - inet_pton(AF_INET6, host, &addrbuf) != 1) { - if (SSL_set_tlsext_host_name(ssl, host) == 0) { - ERR_print_errors_fp(ttyout); - goto cleanup_url_get; - } - } - if (SSL_connect(ssl) <= 0) { - ERR_print_errors_fp(ttyout); + if (ressl_connect_socket(ssl, s, host) != 0) { + fprintf(ttyout, "SSL failure: %sn", ressl_error(ssl)); goto cleanup_url_get; } - if (ssl_verify) { - X509 *cert; - - cert = SSL_get_peer_certificate(ssl); - if (cert == NULL) { - fprintf(ttyout, "%s: no server certificaten", - getprogname()); - goto cleanup_url_get; - } - - if (ssl_check_hostname(cert, host) != 0) { - X509_free(cert); - fprintf(ttyout, "%s: host ‘%s’ not present in" - " server certificaten", - getprogname(), host); - goto cleanup_url_get; - } - - X509_free(cert);
- 46. What should we have learned ? fix bugs ASAP, do not let them sleep fo years
- 47. What should we have learned ? fix bugs ASAP, do not let them sleep fo years use as few workarounds as possible in your code
- 48. What should we have learned ? fix bugs ASAP, do not let them sleep fo years use as few workarounds as possible in your code review your code
- 49. What should we have learned ? fix bugs ASAP, do not let them sleep fo years use as few workarounds as possible in your code review your code look at your old code and fix horrors sleeping there
- 50. What should we have learned ? fix bugs ASAP, do not let them sleep fo years use as few workarounds as possible in your code review your code look at your old code and fix horrors sleeping there do not reinvent the wheel
- 51. What should we have learned ? fix bugs ASAP, do not let them sleep fo years use as few workarounds as possible in your code review your code look at your old code and fix horrors sleeping there do not reinvent the wheel every bug could be a security bug