The perils of security tools

Ben Laurie ben at links.org
Sat May 24 15:29:51 EDT 2008 

Eric Young wrote:
>>   #ifndef PURIFY
>>                 MD_Update(&m,buf,j); /* purify complains */
>>   #endif
>>
>>   
> 
> I just re-checked, this code was from SSLeay, so it pre-dates OpenSSL
> taking over from me
> (about 10 years ago, after I was assimilated by RSA Security).
> 
> So in some ways I'm the one at fault for not being clear enough about
> why 'purify complains' and why it was not relevant.
> Purify also incorrectly companied about a construct used in the digest
> gathering code which functioned correctly, but purify was
> also correct (a byte in a read word was uninitialised, but it was later
> overwritten by a shifted byte).
> 
> One of the more insidious things about Purify is that once its
> complaints are investigated, and deemed irrelevant (but left in the
> library),
> anyone who subsequently runs purify on an application linking in the
> library will get the same purify warning.
> This leads to rather distressed application developers.  Especially if
> their company has a policy of 'no purify warnings'.
> 
> One needs to really ship the 'warning ignore' file for purify (does
> valgrind have one?).
> 
> I personally do wonder why, if the original author had purify related
> comments, which means he was aware of the issues,
> but had still left the code in place, the reviewer would not consider
> that the code did some-thing important enough to
> ignore purify's complaints.

I think the core point is that 10+ years ago, when this code was 
written, randomness was actually quite hard to come by. Daemons like EGD 
had to be installed and fed and cared for. So, even a little entropy 
from "uninitialised" memory (I use the quotes because I do appreciate 
that the memory probably has somewhat predictable content) was worth having.

Of course, we have now persuaded even the most stubborn OS that 
randomness matters, and most of them make it available, so perhaps this 
concern is moot.

Though I would be interested to know how well they do it! I did have 
some input into the design for FreeBSD's, so I know it isn't completely 
awful, but how do other OSes stack up?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list