** Description changed: Recently, our group is trying to find SSL security problems by static analysis. When using Openssl, people tend to miss the step or to misunderstand the APIs when using SSL/TLS, which might cause severe man in the middle attack and break the entire TLS mechanism. And static analysis is a way of finding whether the APIs are called correctly. - Now we just check whether a software verify the certitiface chain when - using Openssl. + The source code we analysis was from ubuntu: apt-get source <package name>.And we use this command in Ubuntu 12.04. + Now we just check whether a software verify the certitiface chain when using Openssl. 一. How we ensure whether a software check the certificate chain or not? We make a matching algorithm. If source code doesn't match this, the software is not secure. Typically, when Openssl clients want to verify a certificate, there are the following choices: 1. Using built-in certificate verification(chain of trust verification, expired validation, etc) [Example 1] - /** - * set VERIFY_PEER flag before the establishment of a SSL connection - * OPENSSL will drop connection during handshake if verification fails - * No custom callback function used. - */ - SSL_CTX_set_verify(ctx,VERIFY_PEER,NULL); + /** + * set VERIFY_PEER flag before the establishment of a SSL connection + * OPENSSL will drop connection during handshake if verification fails + * No custom callback function used. + */ + SSL_CTX_set_verify(ctx,VERIFY_PEER,NULL); [Example 2] //check the built-in verification result after the SSL handshake if(SSL_get_peer_certificate(ssl)!=NULL && SSL_get_verify_result(ssl)==X509_V_OK) { - //PASS + //PASS } else { - //FAIL + //FAIL } 2. Using custom verification. [Example 3] X509* usrcert = SSL_get_peer_certificate(ssl); rootCertStore = X509_STORE_new(); .. .. ctx = X509_STORE_CTX_new(); ret = X509_STORE_CTX_init(ctx,rootCertStore,usrCert,NULL); ret = X509_verify_cert(ctx) This example read the certificate out using SSL_get_peer_certificate API. Then it use X509 API suite to do certificate verification. X509 API is part of OPENSSL library. Theoretically, a developer can use any API in any libraries to do this verification, but in practice, we only identify the case above: using X509 API suite. 3. Add restrictions or relaxations to built-in certificate verification The built-in certificate verification in OPENSSL library can be extended by using custom callback functions. By default, this callback option is NULL, indicating completely use built-in verification. By adding this callback function, the developer can decide if they accept the verify result by openssl, and they can modify the result whenever they what. [Example 4] SSL_CTX_set_verify(ctx,VERIFY_PEER,mycallback); static mycallback(int preverify_ok, X509_STORE_CTX *ctx) { .... .... return preverify_ok; } 二. The analysis result Now, we find some SSL problems in perdition, the following is details: ----------------------------------------------------------------------------- file : perdition/perdition-1.19~rc4/perdition/ssl.c ----------------------------------------------------------------------------- function : __perdition_ssl_connection ----------------------------------------------------------------------------- SSL method : SSLv23 ----------------------------------------------------------------------------- SSL_CTX_set_verify() argument : SSL_VERIFY_PEER ----------------------------------------------------------------------------- Have SSL_CTX_set_verify ( SSL_set_verify) callback : YES (but accept self-signed certificate & expired certificate) ----------------------------------------------------------------------------- call SSL_get_peer_certificate(): NO ----------------------------------------------------------------------------- call SSL_get_verify_result(): NO ----------------------------------------------------------------------------- According to the above result, we think the SSL connection in perdition is not secure .perdition can accept self-signed certificate & certificate, which means MITM attack is possible. PS: for more information, you can see the paper: http://people.stfx.ca/x2011/x2011ucj/SSL/p38-georgiev.pdf and more details you can contact with us, we will be very glad for your responce. Thanks.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1380304 Title: perdition have some SSL security problems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perdition/+bug/1380304/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs