A bit of commentary for some selected examples from Theo’s random hunt. Mostly a post commit justification for the great posix violation.

more...

OpenBSD libc is now at version 78.0, featuring a good mix of features. Something old, something new, something different.

old

The setkey and encrypt functions were deleted. Traditionally, they implement the DES algorithm, however the the standard doesn’t mandate any algorithm, meaning interoperability is not guaranteed. XOR would satisfy the requirement, for instance. It’s not really possible to use a much better algorithm, however, because the block size is fixed at 64 bits (expressed as 64 bytes, because that’s convenient), which rules out AES. Switching to blowfish just doesn’t seem worth it, given that the interface only supports a global key. The good news is that out of the ports tree, only one program used these functions. claws mail encrypts users’ passwords with the key “passkey0”. Hope that wasn’t a secret.

The cfree function was also removed. It was added long ago to be compatible with SunOS. SunOS is dead; so is the software written for it.

new

SipHash was added to libc. It’s been in the kernel for a little while, slowly replacing other ad hoc hash functions. It’s faster than algorithms like MD5 or SHA, but less predictable than simpler functions like add and shift or FNV due to the introduction of a random key. Although the round counts are variable, we’ve standardized on 2/4 as a good enough mix. Easily changed later if it becomes necessary, but we’d like to keep things fast so that SipHash24 becomes the goto default hash function.

guenther@ added one more at syscall, chflagsat, which is like fchmodat, etc. Gotta have ‘em all.

different

deraadt@ decided that another fix for programs relying on bobo rand calls for randomness is to simply break the standard and give them what they’ve been hoping for all along.

It’s been a few years since realloc was fixed but occasionally things change, so it’s good to check up on them to make sure there aren’t any regressions. In fact, at the time of the fix, I didn’t even have a complete test case. Now I do.

more...

Everybody knows that MD5 is as terribly useless as ROT13 and you should have switched to SHA3-512 like twenty years ago. But lots of usage sticks around, and will continue to stick around for a long time to come, leading to the long tail of MD5. Why not simply convert to a better hash function? Maybe it’s not so simple.

more...

First, start with there are no good constant-time data structures. After reading the HN thread, I wanted to see if the attack was truly viable. Can we recovery a JSESSIONID? My previous efforts attacking Lua took a slightly different tack.

more...

A few notes about memcpy vs memmove and some related items as well.

more...

As more or less direct competition for Netflix’s House of Cards, Amazon has Alpha House. It’s a comedy, but still manages to capture a lot of what’s wrong with modern politicking. Gary Trudeau’s involvement helps. It may even be a more accurate portrayal in some ways, because it’s not laser focused on power and corruption. The light hearted approach leaves room for some less diabolical absurdity.

There are some long running plot lines, but for the most part it’s much more episodic. Curiously it retains much of the TV format, including a title sequence introducing each character. It’s hard to imagine a viewer “tuning in” to the middle of the series and needing such an intro. All the episodes are available online; why would anyone not start with the first?

Amazon also had a one season run of a show called Betas which I thought was nearly as biting in its parody as Silicon Valley. Amazon may not yet be a first rate producer, but I’ve been impressed with the quality of what they’re turning out in tier two.

The crypt function is a unix classic. Unfortunately, its age is showing. It’s an interface from another time, out of place on modern systems, and it’s time for OpenBSD to move on.

more...

Server Name Indication is a TLS extension that allows the client to tell the server what hostname it would like to talk to. It solves, in theory, one of the issues with moving a web server with many virtual hosts to https: different hostnames need different certs.

Unfortunately, python 2.7 doesn’t support SNI much to my regret. Thanks to an HN comment I was pointed to a python issue. The problem has been known about for five years, but fixing things isn’t the python way. Finally, somebody saw the light which led to PEP 466. Current status: partially implemented.

Where does this leave me? I could upgrade to python 3.4, but none of the auxiliary libraries I need (notably py-feedparser) are available as OpenBSD packages except for versions built against 2.7. Or I can wait for python 2.7.9, although as a practical matter that would also mean upgrading OpenBSD and everything else (and likely not until May) so maybe I’d rather not. And that’s if 2.7.9 actually includes working SNI support. Digging through the issue tracker, it sounds like only optional support will be included, and programs will need to be changed and updated as well. It’s very important that upgrades don’t make things work by accident.

There is also the inject_into_urllib3 approach which I’m honestly kind of scared of, but it could work.

Instead my solution was to change the Duo blog’s URL to a file on disk, fetched by ftp running out of cron.

The OpenBSD virtual memory layer is known as UVM. Long, long ago it was the original BSD VM (with parts from Mach at CMU), but it was mostly replaced with UVM by Chuck Cranor. More of its history and a detailed description is in the author’s USENIX paper, The UVM Virtual Memory System.

more...