[Cryptography] Apple and OpenSSL

[Ben Laurie]

On 19 April 2014 22:23, Jon Callas <jon at callas.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Apr 18, 2014, at 5:35 PM, Jerry Leichter <leichter at lrw.com> wrote:
>
>> Be aware that this is a strongly pro-Apple site, and that comes through plainly in the article.  Still, it's an interesting history of how one company has been dealing with the issue of crypto software.
>>
>> http://appleinsider.com/articles/14/04/18/how-apple-dodged-the-heartbleed-bullet
>
> It's an amusing read, as I was the developer who gave the 2011 WWDC talk. It's not completely accurate. Some of the places where it says "API" it actually should be "ABI" but it's understandable how you'd confuse those, especially when transcribing from the spoken word.
>
> The fuller story is that OS X, like many modern operating systems is rather fond of dynamically linked libraries. It shipped with OpenSSL dylibs through much of the history. However, in and around the 0.9.8 to 1.0 versions of OpenSSL, there were flurries of activity in OpenSSL and long stretches where it remained stable.
>
> The problem is, as I said above, that OpenSSL does not have a stable ABI. That's Application Binary Interface, and if that's not familiar to you, it means a number of things like that if you add a field to a data structure, you have to add it to the end, not the middle. If you add it to the middle of the data structure then code that dynamically links to that updated library will look at the old offset for the field, not the new one.

OpenSSL does have a stable ABI.

> Consequently, if you made an OpenSSL dylib and people expected it to work, uh, you know, with dynamic linking, their code will break. This causes dismay. Some people express their dismay through the use of lawyers, or at least the threat of them. That lead us to think that Something Must Be Done.
>
> We talked to the OpenSSL people and noted that we really needed to be able to be able to make and ship dylibs, and asked if there was anything we could do to help. Also at this time, we were culling security libraries. An open question was whether we should keep an Apple-written SSL package, or just start using something open source, and the favorite on this was OpenSSL. The consensus as I felt it was drifting away from chucking Secure Transport because that year's flurry of SSL bugs affected everything *but* Secure Transport. There was still a lot of sentiment for stopping supporting an internal SSL toolkit and devote resources to an external one, and that was part of that discussion.
>
> I wasn't part of the discussions between Apple and the OpenSSL team, but I know it didn't go well. OpenSSL rebuffed Apple and I gathered that the rebuff was actually insulting. It probably wasn't literally, "why don't you go back and make lickable buttons" but that would have given a similar result.

If this is the conversation I remember (and it probably has to be,
because I'm pretty sure there was only one), Apple's suggestion was
that OpenSSL should change its API to CDSA, and wrap that with an
OpenSSL compatibility layer. If declining that crazy idea caused
insult, I'm sorry.

> One thing I know that OpenSSL said was that the unstable ABI was a feature,

See above.