** Description changed:
- Recently, we are trying to find SSL security problems by static
- analysis. For example, as we all know, Hostname verification is an
- important step when verifying X509 certificates, however, people tend to
- miss the step or to misunderstand the APIs when using SSL/TLS, which
- might cause severe man in the middle attack and break the entire TLS
- mechanism. And static analysis is a way of finding whether the APIs are
- called correctly.
+ Recently, our group is trying to find SSL security problems by static
+ analysis. When using Openssl, people tend to miss the step or to
+ misunderstand the APIs when using SSL/TLS, which might cause severe man
+ in the middle attack and break the entire TLS mechanism. And static
+ analysis is a way of finding whether the APIs are called correctly.
+
+ Now we just check whether a software verify the certitiface chain when
+ using Openssl.
+
+ 一. How we ensure whether a software check the certificate chain or not?
+ We make a matching algorithm. If source code doesn't match this, the software
is not secure.
+
+ Typically, when Openssl clients want to verify a certificate, there are
+ the following choices:
+
+ 1. Using built-in certificate verification(chain of trust verification,
expired validation, etc)
+ [Example 1]
+ /**
+ * set VERIFY_PEER flag before the establishment of a SSL connection
+ * OPENSSL will drop connection during handshake if verification fails
+ * No custom callback function used.
+ */
+ SSL_CTX_set_verify(ctx,VERIFY_PEER,NULL);
+
+ [Example 2]
+
+ //check the built-in verification result after the SSL handshake
+
+ if( SSL_get_peer_certificate(ssl)!=NULL
+ &&
+ SSL_get_verify_result(ssl)==X509_V_OK)
+ {
+ //PASS
+ }
+ else
+ {
+
+ //FAIL
+ }
+
+ 2. Using custom verification.
+
+ [Example 3]
+ X509* usrcert = SSL_get_peer_certificate(ssl);
+ rootCertStore = X509_STORE_new();
+ .. ..
+ ctx = X509_STORE_CTX_new();
+ ret = X509_STORE_CTX_init(ctx,rootCertStore,usrCert,NULL);
+ ret = X509_verify_cert(ctx)
+
+ This example read the certificate out using SSL_get_peer_certificate
+ API. Then it use X509 API suite to do certificate verification. X509 API
+ is part of OPENSSL library. Theoretically, a developer can use any API
+ in any libraries to do this verification, but in practice, we only
+ identify the case above: using X509 API suite.
+
+
+ 3. Add restrictions or relaxations to built-in certificate verification
+
+ The built-in certificate verification in OPENSSL library can be extended by
using custom callback functions. By default, this callback option is NULL,
indicating completely use built-in verification.
+ By adding this callback function, the developer can decide if they accept the
verify result by openssl, and they can modify the result whenever they what.
+
+ [Example 4]
+ SSL_CTX_set_verify(ctx,VERIFY_PEER,mycallback);
+ static mycallback(int preverify_ok, X509_STORE_CTX *ctx)
+ {
+ ....
+ ....
+ return preverify_ok;
+ }
+
+
+ 二. The analysis result
Now, we find some SSL problems in crtmpserver, the following is details:
-----------------------------------------------------------------------------
file : crtmpserver-apps/crtmpserver-1.0~dfsg/thelib/src/protocols/ssl
/outboundsslprotocol.cpp
-----------------------------------------------------------------------------
function : OutboundSSLProtocol::DoHandshake()
-----------------------------------------------------------------------------
SSL method : \
-----------------------------------------------------------------------------
SSL_CTX_set_verify() argument : SSL_VERIFY_NONE
-----------------------------------------------------------------------------
Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO
-----------------------------------------------------------------------------
call SSL_get_peer_certificate(): NO
-----------------------------------------------------------------------------
call SSL_get_verify_result(): NO
-----------------------------------------------------------------------------
- According to the above result, we think the SSL connection in
- crtmpserver is not secure.
+ According to the above result, we think crtmpserver doesn't check the
+ certificate chain when using OPENSSL.
- More specifically , we can take function SSL_CTX_set_verify() for
- example, when using OPENSSL, if we call SSL_CTX_set_verify(ssl_ctx,
- SSL_VERIFY_NONE, null), we should verify the certificate by calling the
- function SSL_get_peer_certificate() to get the certificate. If the
- source code does not match this model, then we can deduce this code is
- vulnerable. And other APIs have similar problems.
PS: for more information, you can see the paper:
http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf
and more details you can contact with us, we will be very glad for your
responce.
Thanks.
** Description changed:
Recently, our group is trying to find SSL security problems by static
analysis. When using Openssl, people tend to miss the step or to
misunderstand the APIs when using SSL/TLS, which might cause severe man
in the middle attack and break the entire TLS mechanism. And static
analysis is a way of finding whether the APIs are called correctly.
Now we just check whether a software verify the certitiface chain when
using Openssl.
一. How we ensure whether a software check the certificate chain or not?
We make a matching algorithm. If source code doesn't match this, the software
is not secure.
Typically, when Openssl clients want to verify a certificate, there are
the following choices:
1. Using built-in certificate verification(chain of trust verification,
expired validation, etc)
[Example 1]
- /**
- * set VERIFY_PEER flag before the establishment of a SSL connection
- * OPENSSL will drop connection during handshake if verification fails
- * No custom callback function used.
- */
- SSL_CTX_set_verify(ctx,VERIFY_PEER,NULL);
+ /**
+ * set VERIFY_PEER flag before the establishment of a SSL connection
+ * OPENSSL will drop connection during handshake if verification fails
+ * No custom callback function used.
+ */
+ SSL_CTX_set_verify(ctx,VERIFY_PEER,NULL);
[Example 2]
- //check the built-in verification result after the SSL handshake
-
- if( SSL_get_peer_certificate(ssl)!=NULL
- &&
- SSL_get_verify_result(ssl)==X509_V_OK)
- {
- //PASS
- }
- else
- {
+ //check the built-in verification result after the SSL handshake
- //FAIL
- }
+ if(SSL_get_peer_certificate(ssl)!=NULL &&
SSL_get_verify_result(ssl)==X509_V_OK)
+ {
+ //PASS
+ }
+ else
+ {
+ //FAIL
+ }
2. Using custom verification.
[Example 3]
X509* usrcert = SSL_get_peer_certificate(ssl);
rootCertStore = X509_STORE_new();
.. ..
ctx = X509_STORE_CTX_new();
ret = X509_STORE_CTX_init(ctx,rootCertStore,usrCert,NULL);
ret = X509_verify_cert(ctx)
This example read the certificate out using SSL_get_peer_certificate
API. Then it use X509 API suite to do certificate verification. X509 API
is part of OPENSSL library. Theoretically, a developer can use any API
in any libraries to do this verification, but in practice, we only
identify the case above: using X509 API suite.
-
3. Add restrictions or relaxations to built-in certificate verification
The built-in certificate verification in OPENSSL library can be extended by
using custom callback functions. By default, this callback option is NULL,
indicating completely use built-in verification.
- By adding this callback function, the developer can decide if they accept the
verify result by openssl, and they can modify the result whenever they what.
+ By adding this callback function, the developer can decide if they accept the
verify result by openssl, and they can modify the result whenever they what.
[Example 4]
SSL_CTX_set_verify(ctx,VERIFY_PEER,mycallback);
static mycallback(int preverify_ok, X509_STORE_CTX *ctx)
{
....
....
return preverify_ok;
}
-
- 二. The analysis result
+ 二. The analysis result
Now, we find some SSL problems in crtmpserver, the following is details:
-----------------------------------------------------------------------------
file : crtmpserver-apps/crtmpserver-1.0~dfsg/thelib/src/protocols/ssl
/outboundsslprotocol.cpp
-----------------------------------------------------------------------------
function : OutboundSSLProtocol::DoHandshake()
-----------------------------------------------------------------------------
SSL method : \
-----------------------------------------------------------------------------
SSL_CTX_set_verify() argument : SSL_VERIFY_NONE
-----------------------------------------------------------------------------
Have SSL_CTX_set_verify ( SSL_set_verify) callback : NO
-----------------------------------------------------------------------------
call SSL_get_peer_certificate(): NO
-----------------------------------------------------------------------------
call SSL_get_verify_result(): NO
-----------------------------------------------------------------------------
According to the above result, we think crtmpserver doesn't check the
certificate chain when using OPENSSL.
-
PS: for more information, you can see the paper:
http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf
and more details you can contact with us, we will be very glad for your
responce.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1380298
Title:
some SSL security problems
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/crtmpserver/+bug/1380298/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
