fishinabarrel / bounty Goto Github PK
View Code? Open in Web Editor NEWFish in a Barrel Memory Safety Bounty
Fish in a Barrel Memory Safety Bounty
Hi, in the absence of a better place to write about this/get feedback, I figured I'd post here. Whether or not this is eligible for a bounty I think it would probably be a good thing for the ecosystem and wanted to try to make progress on it.
I looked last night at the feasibility of replacing the OpenSSL implementation in nginx. My initial idea was to use mesalink - github.com/mesalock-linux/mesalink - since this would allow you to compile in rustls without needing to change the nginx source code at all. If I got it working, I could put together a prototype, benchmark it, test it in our development environment and then write up instructions on how to build it.
Unfortunately nginx uses the SSL_CTX_set_options
OpenSSL API, which is not currently supported by mesalink, and it doesn't look like the mesalink library has momentum, see mesalock-linux/mesalink#51 for details.
I guess my options right now would be
Mainly I am looking for advice at this point - I am good at fighting build systems and getting stuff to compile and less good at understanding what's currently possible to do in the crypto ecosystem, and at writing C code - I've probably written under 2,000 lines of C in my life.
Git uses libcurl for http://
and https://
fetches. If you are using a curl older than 7.34, then git will use OpenSSL to do IMAP fetches.
The recent change to add a rustls backend for curl - documented here: https://daniel.haxx.se/blog/2021/02/09/curl-supports-rustls/ - means that Git should use Rust for TLS as long as you are compiling in a libcurl that has been compiled with TLS, which should be possible on tip, or in version 7.76.0.
To do SSH transfers Git executes the "ssh" binary - it doesn't compile SSH in. The ssh binary on most machines is typically OpenSSH. I'm not sure if there is a Rust replacement for everything OpenSSH does.
Keep a list of useful getting-started points for people who're interested in doing this kind of work.
Flying off the tails of the suricata ssh-decoder that was just submitted, here's a pointer to a demo of how to do wireshark protocol-dissectors in Rust.
https://github.com/sevagh/wireshark-dissector-rs
This has been one of the most common ways to attack wireshark over the years. [Which usually runs with an unusual amount of network access, on a privileged machine, by a user who should know better than to run his process as root....]
Node ships with its own vendored OpenSSL in deps/openssl
. Still you can try to compile in your own with the --shared-openssl
, --shared-openssl-include
and --shared-openssl-libpath
flags. I tried compiling in mesalink in place of OpenSSL and got this error:
In file included from ../src/node.cc:45:
In file included from ../src/node_crypto.h:31:
In file included from ../src/crypto/crypto_aes.h:6:
In file included from ../src/crypto/crypto_cipher.h:6:
In file included from ../src/crypto/crypto_keys.h:6:
../src/crypto/crypto_util.h:17:10: fatal error: 'openssl/ec.h' file not found
#include <openssl/ec.h>
^~~~~~~~~~~~~~
1 error generated.
make[1]: *** [libnode.target.mk:467: /Users/kevin/src/github.com/nodejs/node/out/Release/obj.target/libnode/src/node.o] Error 1
rm ccd3dc533142c730cad81819404fde1dda793e8d.intermediate
make: *** [Makefile:104: node] Error 2
The interface to OpenSSL is contained entirely in src/crypto
which has this nice README: https://github.com/nodejs/node/tree/master/src/crypto#nodejs-srccrypto-documentation
There is a note in there about how the Electron distribution ships with BoringSSL so in terms of replacing OpenSSL that might be the first place to look, in terms of how they made in more portable.
This might be a good place to start in src/crypto/crypto_x509.cc
, trying to replace SSL_get_certificate
with a safer parser.
void X509Certificate::Verify(const FunctionCallbackInfo<Value>& args) {
X509Certificate* cert;
ASSIGN_OR_RETURN_UNWRAP(&cert, args.Holder());
CHECK(args[0]->IsObject());
KeyObjectHandle* key;
ASSIGN_OR_RETURN_UNWRAP(&key, args[0]);
CHECK_EQ(key->Data()->GetKeyType(), kKeyTypePublic);
args.GetReturnValue().Set(
X509_verify(
cert->get(),
key->Data()->GetAsymmetricKey().get()) > 0);
}
Hi,
Thanks for taking on this project, this is super valuable and I appreciate your efforts here. I saw this post this morning and got really excited about it: https://daniel.haxx.se/blog/2021/02/09/curl-supports-rustls/
I was starting to think about all of the other tools I use that use OpenSSL as the TLS backend by default (nginx, git, ruby, node come to mind) and how to go about porting those. It would be nice if there was a list of like, here are some popular projects that compile a C TLS library in by default, the maintainers are definitely open to this, the maintainers are not open to this at all. I figure instead of starting from scratch I could at least contact folks and ask about this.
Googling for "ruby custom TLS backend" did not really return any results. At the very least, a Github issue titled "Memory safe TLS backend for Ruby" might rank really highly and then you could explain the benefits and people interested in this issue would have a place they could coordinate with other folks interested in this issue.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.