Ben Laurie blathering

Yet Another Serious Bug That’s Been Around Forever

Late last year the Google Security Team found a bug in OpenSSL that’s been there, well, forever. That is, nearly 10 years in OpenSSL and, I should think, for as long as SSLeay existed, too. This bug means that anyone can trivially fake DSA and ECDSA signatures, which is pretty damn serious. What’s even worse, numerous other packages copied (or independently invented) the same bug.

I’m not sure what to say about this, except to reiterate that it seems people just aren’t very good at writing or reviewing security-sensitive code. It seems to me that we need better static analysis tools to catch this kind of obvious error – and so I should bemoan, once more, that there’s really no-one working seriously on static analysis in the open source world, which is a great shame. I’ve even offered to pay real money to anyone (credible) that wants to work in this area, and still, nothing. The closed source tools aren’t that great, either – OpenSSL is using Coverity’s free-for-open-source service, and it gets a lot of false positives. And didn’t find this rather obvious (and, obviously staticly analysable) bug.

Oh, I should also say that we (that is, the OpenSSL Team) worked with oCERT for the first time on coordinating a response with other affected packages. It was a very easy and pleasant experience, I recommend them highly.


  1. Sadly, static analysis isn’t a magic bullet… FreeBSD also uses the Coverity free-for-open-source service. Since MeetBSD last year, I’ve been babysitting the nightly builds (I often get myself into trouble like that) and with care and feeding, the ratio of false positives to real problems becomes more manageable. Managing static analysis “well” though, I fear is a full-time job. For the past couple of years, I’ve also been running Gimpel’s FlexeLint on code I write for customers. It’s even more “blunt” than Coverity in many respects, but again with care and feeding, useful stuff comes out.

    I’m also definitely in favour of more open source effort in static analysis!

    …and now of course I’m going to have to spend an evening this week trying to torture either Coverity or FlexeLint to complain about this particular bug. ;-)

    Comment by Philip Paeps — 8 Jan 2009 @ 0:23

  2. How is that bug “obviously staticly (sic!) analysable” ? The only way I see to catch this bug using static analysis requires the source tree to be annotated.

    Comment by Ralf-Philipp Weinmann — 19 Jan 2009 @ 2:32

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress

E-mail It