[cryptography] Just how bad is OpenSSL ?

Andy Isaacson adi at hexapodia.org
Fri Oct 26 15:38:04 EDT 2012


On Fri, Oct 26, 2012 at 06:29:47PM +0000, John Case wrote:
> So, given what is in the stanford report and then reading this rant
> about openssl, I am wondering just how bad openssl is ?  I've never
> had to implement it or code with it, so I really have no idea.
> 
> How long has it been "understood" that it's a mess (if it is indeed
> a mess) ?  How dangerous is it ?
> 
> It looks like the rant was published in 2009 ....

"Bad" is such a subjective measurement.

OpenSSL is very very hard for a non-expert to code against.  It's hard
to figure out what interfaces you should use, what interfaces are well
tested, what interfaces are known to be unsafe, and what interfaces are
buggy but can be used safely with careful coding.  It's fairly easy to
accidentally disable security critical codepaths in the process of
iterative "hmm that doesn't quite work, the docs are unclear, maybe this
is a bug in my code or maybe a bug in OpenSSL?" that is a normal part of
software development.  If you need to implement anything even slightly
different from what was expected by the authors.

The source code is mostly written to the OpenSSL coding standards, which
are seriously different from any other coding standard I've seen (it's
not Linux/K&R, nor GNU, nor Microsoft, nor Sun/Oracle).  Nonconformance
with the coding standards in later patches is very common, so it's a
mishmash of indentation standards on top of that.  Naming conventions
sometimes indicate that functions are strictly internal and should not
be used by applications, but sometimes you have to use an internal API
to get a necessary result and other times there are clearly internal
APIs in the public namespace.  I could go on.

Overall, I would say that yes, OpenSSL is a huge mess for application
developers.  In that sense, it's very bad.  On the other hand, it's the
most thoroughly reviewed open source crypto implementation, and hasn't
had very many security bugs found in the library per se.  Its
performance is fairly good.  In that sense it's still the best option
for some use cases.

-andy



More information about the cryptography mailing list