** Description changed: - Recently, we are trying to find SSL security problems by static - analysis. For example, as we all know, Hostname verification is an - important step when verifying X509 certificates, however, people tend to - miss the step or to misunderstand the APIs when using SSL/TLS, which - might cause severe man in the middle attack and break the entire TLS - mechanism. And static analysis is a way of finding whether the APIs are - called correctly. + Recently, our group is trying to find SSL security problems by static + analysis. When using Openssl, people tend to miss the step or to + misunderstand the APIs when using SSL/TLS, which might cause severe man + in the middle attack and break the entire TLS mechanism. And static + analysis is a way of finding whether the APIs are called correctly. + + Now we just check whether a software verify the certitiface chain when + using Openssl. + + 一. How we ensure whether a software check the certificate chain or not? + We make a matching algorithm. If source code doesn't match this, the software is not secure. + + Typically, when Openssl clients want to verify a certificate, there are + the following choices: + + 1. Using built-in certificate verification(chain of trust verification, expired validation, etc) + [Example 1] + /** + * set VERIFY_PEER flag before the establishment of a SSL connection + * OPENSSL will drop connection during handshake if verification fails + * No custom callback function used. + */ + SSL_CTX_set_verify(ctx,VERIFY_PEER,NULL); + + [Example 2] + + //check the built-in verification result after the SSL handshake + + if(SSL_get_peer_certificate(ssl)!=NULL && SSL_get_verify_result(ssl)==X509_V_OK) + { + //PASS + } + else + { + //FAIL + } + + 2. Using custom verification. + + [Example 3] + X509* usrcert = SSL_get_peer_certificate(ssl); + rootCertStore = X509_STORE_new(); + .. .. + ctx = X509_STORE_CTX_new(); + ret = X509_STORE_CTX_init(ctx,rootCertStore,usrCert,NULL); + ret = X509_verify_cert(ctx) + + This example read the certificate out using SSL_get_peer_certificate + API. Then it use X509 API suite to do certificate verification. X509 API + is part of OPENSSL library. Theoretically, a developer can use any API + in any libraries to do this verification, but in practice, we only + identify the case above: using X509 API suite. + + 3. Add restrictions or relaxations to built-in certificate verification + + The built-in certificate verification in OPENSSL library can be extended by using custom callback functions. By default, this callback option is NULL, indicating completely use built-in verification. + By adding this callback function, the developer can decide if they accept the verify result by openssl, and they can modify the result whenever they what. + + [Example 4] + SSL_CTX_set_verify(ctx,VERIFY_PEER,mycallback); + static mycallback(int preverify_ok, X509_STORE_CTX *ctx) + { + .... + .... + return preverify_ok; + } + + 二. The analysis result Now, we find some SSL problems in perdition, the following is details: ----------------------------------------------------------------------------- file : perdition/perdition-1.19~rc4/perdition/ssl.c ----------------------------------------------------------------------------- function : __perdition_ssl_connection ----------------------------------------------------------------------------- SSL method : SSLv23 ----------------------------------------------------------------------------- SSL_CTX_set_verify() argument : SSL_VERIFY_PEER ----------------------------------------------------------------------------- Have SSL_CTX_set_verify ( SSL_set_verify) callback : YES (but accept self-signed certificate & expired certificate) ----------------------------------------------------------------------------- call SSL_get_peer_certificate(): NO ----------------------------------------------------------------------------- call SSL_get_verify_result(): NO ----------------------------------------------------------------------------- According to the above result, we think the SSL connection in perdition is not secure .perdition can accept self-signed certificate & certificate, which means MITM attack is possible. PS: for more information, you can see the paper: http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf and more details you can contact with us, we will be very glad for your responce. Thanks.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1380304 Title: perdition have some SSL security problems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perdition/+bug/1380304/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs