OpenBSD Journal

c2k15: beck@ on LibreSSL security, midlayer work

Contributed by pitrh on from the puffy ssslithers along, TLS! dept.

For your reading pleasure, here is the c2k15 report from Bob Beck (beck@):

So, Unlike many hackathons I really didn't go into this one with any specific goal of getting anything accomplished. Well, that's kind of a Lie, I did have one hidden agenda.. I knew doug@ and bcook@ and miod@ would be there, and I wanted to get many of our Coverity found issues in LibreSSL addressed.

While to the uninitiated, bug reports from a vulnerablility scanner in a security sensitive library sounds like fun, it's not... after the first couple of interesting things, it's boring, nasty, drudge work, that you have to be careful with.

You have to be careful because vulnerability scanners do find false positives... and you need to make sure what you are doing doesn't change the world in adverse ways (Always recall the debian "optimization" to OpenSSH's random number generation from a few years back).

So anyway, with that in mind, my hidden agenda was to convince (coerce, AKA be loud and obnoxious and make them do it in self defence to shut me up) my four sometimes table-mates to help address the Coverity-found defects and get us down to near zero - and in a state we can watch changes to the library to ensure we don't bring in new issues. Effectively this means we can continue to use Coverity as a tool to help us ensure that new code brought in to the library and new code changes don't make the situation worse. It's not a panacea, and it's not a silver bullet, but it's one more tool In the arsenal of techniques we use, and I'm happy with the state we're in at the moment. Think of it as another baby step to a better steady state. (And thanks to Coverity for upping our free scan limit so we could do this faster)

The other thing I did was revise some work I started in Australia, with the buffer cache. tedu@ took us to using a 2q buffer cache (a technique to keep re-used buffers in the cache preferentially over non-reused buffers). and I managed to split this into two 2q caches - in preparation for dealing with large memory size issues.. we informally call this "double double" (after the Canadian version of a double double - how Canadians deal with bad Tim Horton's Coffee....) I'll probably talk more about this later in another venue that's appropriate to deal with the complexities of it, but this effectively moves us to a Multi-Q algorithm for the buffer cache.

As I mentioned, the Coverity work was kind of drudgery, So I tended to alternate my time, and table, with diving into the midlayer in the kernel for 2q, and when that frustrated me, moving over to the LibreSSL table. I had brought with me one of my most treasured posessions - a NSFW wind up monkey toy given to me annoymously some years ago by a OpenBSD user after a famous Linus Torvalds comment about OpenBSD developers. At the time I got it it really made my day and got me out of a bit of a funk, so I brought it along to share the joy. The wind-up monkey toy performed a repeating action that was very similar to the drudgery of dealing with Coverity issues in LibreSSL, so every time I returned to the table I would "Wind the Monkey" to get my brain reset from kernel hacking mode to the fixing of ugly drudgery mode...

Anyway, It was a very good hackathon, with some very intereseting discussions with a lot of people, and I look forward to doing it again.

Thanks for the report and an awesome turd polishing effort, Bob!

(Comments are closed)


Comments
  1. By Anonymous Coward (46.165.221.166) on

    s/intereseting/interesting/
    s/OpenSSH/OpenSSL/

    Thanks for the report and all the work!

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]