In message <0EEF6678B3EEC94B9AE44705DF224D023D48BF92@G9W0725.americas.hpqcorp.n et>, "Koornstra, Reinoud" writes:
>Well, OpenSSL isn't the most beautiful code ever written for sure, but to >say it's a pile a crap would be a little too far to the negative end. >[...] >Most vulnerabilities in encryption are due to implementation issues. >Having not audited the OpenSSL code on this I cannot say whether there are >implementation issues there. You are of course entitled to have your own opinion, but I think you should go look at the bloody code before you voice an opinion. I call it a piece of crap, because the code clearly is not designed as much as thrown together from random phd-projects, and the most positive thing I can say about the API is that it is "opaque". Using OpenSSL correctly takes a LOT of skill and a fair bit of knowing "it only works if you do it this way", and most people lack that, so they copy & paste, which probably made the job much easier for NSA. I wrote a blog entry (In Danish: http://www.version2.dk/blog/nsas-gennembrud-eller-noget-53787) and I wanted to show an example. I opened an openssl source file at random and the first thing I see is: ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { ASN1_OBJECT *r; int i; char *ln=NULL,*sn=NULL; unsigned char *data=NULL; if (o == NULL) return(NULL); if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication is this??? */ [...] An "Obj_dup()" function which silently doesn't ? I am not going to enumerate how many ways that is wrong, it should not be necessary to do so in present company. And BTW: That XXX comment is 10 years old. No, I say with conviction, based on personal inspection and experience, that OpenSSL is crap. And as Garrett Wollman correctly pointed out on twitter: It remains yet to be seen if any implementation of SSL/TLS can be non-crap, given that they are stuck with X.509. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
