That article is unbelievably scary, and your analysis is spot on.
I admit it: I sometimes assume that if the C compiler “likes” (matches to a declaration) what I have coded then it must be correct – given the absence of documentation. Did you see the example in the article of the API where a parameter of 1 meant No and 2 meant Yes, and a programmer had coded it passing a value of true, intending it to mean Yes, but which the compiler (of course) accepted and the function saw as a parameter of 1 (= No)? Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sanford Staab(Gmail) Sent: Thursday, November 15, 2012 5:27 AM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks It’s interesting that this article shows that LACK OF GOOD DOCUMENTATION and POOR API DESIGN are at the heart of this problem. I have noticed over the years that much of our society has changed its very idea of what a "good" application is. It used to be that if something could not be easily understood or behaved badly or unexpectedly, people would see this as a "bug" in need of fixing. With the rise in software complexity, requirements for budgets and schedules, we have now evolved to a society of "hoop jumpers" who see software as "good enough" if they can find a path to make it do what they want. Developers have followed suit, practically forced to do so, and we now have massive amounts of broken code on broken code on broken code. Ownership of code (ie really taking responsibility for it) is unheard of because the onerous burden of being responsible for your work is simply an open door to a lawyer that wants to steal the fruit of your labor. It is no wonder under these circumstances that “security by obscurity” has become the defacto standard of the day. The true bug here is our justice system unfortunately. I think it is high time for a v2 of openssl, a rewrite almost from scratch, removing support for older protocols and ciphers and simplifying it down with full TDD from start to finish to really correct this problem. And of course, probably not gonna happen. But thanks for listening. Sandy -----Original Message----- From: Marco Molteni (mmolteni) Sent: Thursday, November 15, 2012 4:42 AM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks Another amen. I am a professional programmer. I am grateful for OpenSSL. At the same time, each time I have to use it directly (as opposed to use a few of the good C++ wrappers) I know I will be going down to hell and fight for my life, and when I will come back, my hairs will be grayer :-) Lack of good documentation is a problem for any software library, but in this case lack of documentation can also cause security vulnerabilities because the user of the API misunderstood it. As Charles, I propose as food for though the very recent, very good paper on the security risks of (among other things) wrong APIs and wrong documentation: "The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software", available at <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf> http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf marco.m On 13.11.2012 19:49 , "Charles Mills" <charl...@mcn.org> wrote: >AMEN! > >Why is it easier to answer dumb question after dumb question here rather >than to document the darned product once? (Never mind the cumulative >labor of all the > programmers trying to figure out and debug the same problems again and >again and again, all over the world.) > >Consider >http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf. Doesn’t *some* of the >responsibility for these (severe and scary!) problems fall on the lack of >clear documentation? > >It’s a GREAT product and I love it and am grateful but why after years >and years do the man pages still say “under construction”? > >Charles :��I"Ϯ��r�m���� (���Z+�K‑�+����1���x ��h���[�z�(���Z+� ��f�y�����‑�f���h��)z{,���
