SlideShare a Scribd company logo

SSL Failing, Sharing, and Scheduling

Download as PPTX, PDF
David Evans
David Evans

The document discusses the SSL/TLS handshake protocol, detailing the process involved in securing a channel and verifying server identities, as well as the potential implementation challenges. It also explores memory sharing in Rust programming through examples of unsafe code and threading, demonstrating how shared mutable state can lead to data races. Additionally, the document reflects on scheduling issues and includes various programming insights and thoughts on computer science concepts.

Education
1 of 44
Downloaded 22 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Goto Failing, Sharing, and Scheduling Try this now: rust-class.org/ssl.html
Plan for Today Apple’s SSL Bug Sharing Memory Scheduling 1
Try this now: rust-class.org/ssl.html 2
3
SSL/TLS Handshake Protocol Client Verify Certificate using KUCA Hello Server KRCA[Server Identity, KUS] Check identity matches URL Generate random K EKUS (K) Secure channel using K Decrypt using KRS 4
SSL/TLS Handshake Protocol Client Verify Certificate using KUCA Check identity matches URL Generate random K Hello Server KRCA[Server Identity, KUS] How did client get KUCA? EKUS (K) Secure channel using K Decrypt using KRS 5
6
SSL/TLS Handshake Protocol Client Verify Certificate using KUCA Hello Server KRCA[Server Identity, KUS] Check identity matches URL Generate random K EKUS (K) Secure channel using K Decrypt using KRS 7
static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { OSStatus err; SSLBuffer hashOut, hashCtx, clientRandom, serverRandom; uint8_t hashes[SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN]; SSLBuffer signedHashes; uint8_t *dataToSign; size_t dataToSignLen; signedHashes.data = 0; hashCtx.data = 0; Apple’s Implementation clientRandom.data = ctx->clientRandom; clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; serverRandom.data = ctx->serverRandom; serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; … hashOut.data = hashes + SSL_MD5_DIGEST_LEN; hashOut.length = SSL_SHA1_DIGEST_LEN; if ((err = SSLFreeBuffer(&hashCtx)) != 0) goto fail; [Link] 8
static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { … if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; Apple’s Implementation (cleaned up and excerpted) err = sslRawVerify(ctx, ctx->peerPubKey, dataToSign, dataToSignLen, signature, signatureLen); if(err) { sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify returned %dn", (int)err); goto fail; } fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; } 9
… if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; err = sslRawVerify(ctx, ctx->peerPubKey, dataToSign, dataToSignLen, signature, signatureLen); if(err) { sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify returned %dn", (int)err); goto fail; } fail: SSLFreeBuffer(&signedHashes); Apple’s Implementation SSLFreeBuffer(&hashCtx); (cleaned up and excerpted) return err; } 10
… if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; How should these kinds of mistakes be prevented? err = sslRawVerify(ctx, ctx->peerPubKey, dataToSign, dataToSignLen, signature, signatureLen); if(err) { sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify returned %dn", (int)err); goto fail; } fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; } 11
12
Theory Excursion How hard is it for a compiler to provide unreachable code warnings? 13
Unreachable is Undecidable 14
Unreachable is Undecidable fn halts(program: &str) { execute(program); println!(“Am I unreachable?”); } Compilers shouldn’t be constrained by theory! Goal is to help programmers Okay for warnings to be unsound and incomplete (even okay for errors!) 15
My New Theory of Computation Book! 16
plug book A Tragicomic Tale of Combinatorics and Computability for Curious Children of All Ages Illustrations by Kim Dylla
Sharing Memory in Tasks 18
Tasks Class 7: fn spawn(f: proc ()) spawn( proc() { println(“Get to work!”); }); Thread Own PC Own stack, registers Safely shared immutable memory Safely independent own memory Task = Thread – unsafe memory sharing or Task = Process + safe memory sharing – cost of OS process 19
static mut count: uint = 0; fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { for _ in range(0u, 1000) { update_count(); } } println!("Count: {:}", unsafe { count }); } 20
static mut count: uint = 0; fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { for _ in range(0u, 1000) { update_count(); } } println!("Count: {:}", unsafe { count }); } > rustc unsafe1.rs > ./unsafe1 Count: 10000 > ./unsafe1 Count: 10000 > ./unsafe1 Count: 10000 21
static mut count: uint = 0; fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(); } }); } println!("Count: {:}", unsafe { count }); } > rustc unsafe2.rs > ./unsafe2 Count: 6955 > ./unsafe2 Count: 6473 > ./unsafe2 Count: 6367 > ./unsafe2 Count: 7557 22
static mut count: uint = 0; fn update_count(id: uint) { unsafe { println!("Before update from {:}: {:}", id, count); count += 1; println!("After update from {:}: {:}", id, count); } } fn main() { for id in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(id); } }); } println!("Count: {:}", unsafe { count }); } 23
static mut count: uint = 0; > ./unsafe3 Before fn update_count(id: uint) { update from 0: 0 unsafe { Before update from 1: 0 println!("Before updateupdate from 0: 1 After from {:}: {:}", id, count); count += 1; Before update from 0: 1 println!("After update from {:}: {:}", id, count); After update from 0: 2 } } … After update from 2: 81 fn main() { Before update from 0: 81 for id in range(0u, 10) { spawn(proc() { After update from 3: 83 for _ in range(0u, 1000) update from 2: After update from 5: 83 Before { update_count(id); 83 } Before update from 3: 84 }); Before update from 6: 22 } println!("Count: {:}", unsafe { count from 0: 84 After update }); } … 24
static mut count: uint = 0; fn update_count(id: uint) { unsafe { println!("Before update from {:}: {:}", id, count); count += 1; println!("After update from {:}: {:}", id, count); } } fn main() { for id in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(id); } }); } println!("Count: {:}", unsafe { count }); } … Before update from 5: 6977 Before updCount: 6849 After update from 0: 6867 ate from 7: 6977 After update from 8: 6958 … After update from 1: 9716 Before update from 1: 9716 After update from 1: 9717 Before update from 1: 9717 After update from 1: 9718 > 25
fn update_count() { unsafe { count += 1; } } How atomic is count += 1? 26
unsafe2.s __ZN12update_count19h86817af0b0797e96al4v0.0E: .cfi_startproc cmpq %gs:816, %rsp ja LBB0_0 rustc -S unsafe2.rs movabsq $16, %r10 movabsq $0, %r11 callq ___morestack ret LBB0_0: pushq %rbp Ltmp2: .cfi_def_cfa_offset 16 Ltmp3: .cfi_offset %rbp, -16 movq %rsp, %rbp Ltmp4: … 27
unsafe2.s Ltmp4: .cfi_def_cfa_register %rbp pushq %rax movq __ZN5count19hc6afed277fb1b6c3ah4v0.0E(%rip), %rax addq $1, %rax movq %rax, __ZN5count19hc6afed277fb1b6c3ah4v0.0E(%rip) movq %rdi, -8(%rbp) addq $8, %rsp popq %rbp ret .cfi_endproc 28
rustc -O fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(); } }); } println!("Count: {:}", …); __ZN4main4anon7expr_fn2agE: .cfi_startproc … pushq %rbp Ltmp15: .cfi_def_cfa_offset 16 Ltmp16: .cfi_offset %rbp, -16 movq %rsp, %rbp } Ltmp17: .cfi_def_cfa_register %rbp addq $1000, __ZN5count19hc6afed277v0.0E(%rip) popq %rbp ret .cfi_endproc > rustc unsafe2.rs > ./unsafe2 Count: 7628 > ./unsafe2 Count: 6672 > rustc -O unsafe2.rs > ./unsafe2 Count: 10000 > ./unsafe2 Count: 10000 > ./unsafe2 Count: 10000 > ./unsafe2 Count: 10000 > ./unsafe2 Count: 9000 29
ARCs Automatically Reference Counted extra::arc provides: Arc wrapper for shared immutable state MutexArc mutable shared state protected by mutual exclusion RWArc mutable shared state protected by reader-writer lock 30
Creating an RWArc let counter: RWArc<int> = RWArc::new(0); 31
RWArc write 32
33
|count: &mut int| fn update_count(counter: RWArc<int>) { counter.write(|count| { *count += 1; }); } 34
extern mod extra; use extra::arc::RWArc; fn update_count(counter: RWArc<int>) { counter.write(|count| { *count += 1; }); } fn main() { let counter: RWArc<int> = RWArc::new(0); for _ in range(0, 10) { let ccounter = counter.clone(); spawn(proc() { for _ in range(0, 1000) { update_count(ccounter.clone()); } }); } counter.read(|count| { println!("Count: {:d}", *count); }); } 35
extern mod extra; use extra::arc::RWArc; What is the value printed for Count? fn update_count(counter: RWArc<int>) { counter.write(|count| { *count += 1; }); } fn main() { let counter: RWArc<int> = RWArc::new(0); for _ in range(0, 10) { let ccounter = counter.clone(); spawn(proc() { for _ in range(0, 1000) { update_count(ccounter.clone()); } }); } > ./rwarc1 Count: 1139 > ./rwarc1 Count: 1146 > ./rwarc1 Count: 1158 counter.read(|count| { println!("Count: {:d}", *count); }); } 36
fn main() { let counter: RWArc<int> = RWArc::new(0); let running: RWArc<int> = RWArc::new(0); for _ in range(0, 10) { let ccounter = counter.clone(); running.write(|n| { *n += 1; }); let crunning = running.clone(); spawn(proc() { for _ in range(0, 100) { update_count(ccounter.clone()); } crunning.write(|n| { *n -= 1; }); }); } while running.read(|n| { *n }) > 0 { ; } counter.read(|count| { println!("Count: {:d}", *count); }); } 37
Scheduling 38
Remember from Class 4: 1. How should the supervisor decide which program to run? 2. How long should the alarm clock be set for? 39
Scheduler Desiderata Go placidly amid the noise and haste, and remember what peace there may be in silence. As far as possible without surrender be on good terms with all persons. Speak your truth quietly and clearly; and listen to others, even the dull and the ignorant; they too have their story. Avoid loud and aggressive persons, they are vexations to the spirit. … Exercise caution in your business affairs; for the world is full of trickery. …And whether or not it is clear to you, no doubt the universe is unfolding as it should…whatever your labors and aspirations, in the noisy confusion of life keep peace with your soul. With all its sham, drudgery, and broken dreams, it is still a beautiful world. Be cheerful. Strive to be happy. Max Ehrmann, “Desiderata” (1927) 40
How well do traffic lights do? 41
How well do traffic lights do? 42
dori-mic.org “If only I had this book when I was a young student, I might have done something useful with my life like discover a new complexity class instead of dropping out and wasting my life flipping pancakes, playing with basic blocks, and eradicating polo.” Gill Bates, Founder of Mic-Soft Corporation MiniLEGO [FJNNO 2013]

More Related Content

What's hot (20)

PPTX
Storage
David Evans
 
PDF
Kernel Recipes 2019 - Formal modeling made easy
Anne Nicolas
 
PDF
Migrating KSM page causes the VM lock up as the KSM page merging list is too ...
Gavin Guo
 
PPTX
Crossing into Kernel Space
David Evans
 
PPTX
Making a Process
David Evans
 
PPTX
Putting a Fork in Fork (Linux Process and Memory Management)
David Evans
 
PDF
Kernel Recipes 2019 - RCU in 2019 - Joel Fernandes
Anne Nicolas
 
PDF
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
Code Engn
 
PDF
Debugging Ruby
Aman Gupta
 
PDF
Debugging Ruby Systems
Engine Yard
 
PPTX
Virtual Memory (Making a Process)
David Evans
 
PDF
Specializing the Data Path - Hooking into the Linux Network Stack
Kernel TLV
 
PDF
How to use KASAN to debug memory corruption in OpenStack environment- (2)
Gavin Guo
 
PPTX
Scheduling
David Evans
 
PDF
Performance tweaks and tools for Linux (Joe Damato)
Ontico
 
PDF
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
CanSecWest
 
PDF
Kernel Recipes 2015: Introduction to Kernel Power Management
Anne Nicolas
 
PDF
Meltdown & spectre
Sergio Shevchenko
 
PDF
Pepe Vila - Cache and Syphilis [rooted2019]
RootedCON
 
PDF
Preparation for mit ose lab4
Benux Wei
 
Storage
David Evans
 
Kernel Recipes 2019 - Formal modeling made easy
Anne Nicolas
 
Migrating KSM page causes the VM lock up as the KSM page merging list is too ...
Gavin Guo
 
Crossing into Kernel Space
David Evans
 
Making a Process
David Evans
 
Putting a Fork in Fork (Linux Process and Memory Management)
David Evans
 
Kernel Recipes 2019 - RCU in 2019 - Joel Fernandes
Anne Nicolas
 
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
Code Engn
 
Debugging Ruby
Aman Gupta
 
Debugging Ruby Systems
Engine Yard
 
Virtual Memory (Making a Process)
David Evans
 
Specializing the Data Path - Hooking into the Linux Network Stack
Kernel TLV
 
How to use KASAN to debug memory corruption in OpenStack environment- (2)
Gavin Guo
 
Scheduling
David Evans
 
Performance tweaks and tools for Linux (Joe Damato)
Ontico
 
Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket
CanSecWest
 
Kernel Recipes 2015: Introduction to Kernel Power Management
Anne Nicolas
 
Meltdown & spectre
Sergio Shevchenko
 
Pepe Vila - Cache and Syphilis [rooted2019]
RootedCON
 
Preparation for mit ose lab4
Benux Wei
 

Viewers also liked (13)

PPTX
Invent the Future (Operating Systems in 2029)
David Evans
 
PPTX
Smarter Scheduling (Priorities, Preemptive Priority Scheduling, Lottery and S...
David Evans
 
PPTX
Once Upon a Process
David Evans
 
PPTX
Inventing the Future
David Evans
 
PPTX
Managing Memory
David Evans
 
PPTX
Kernel-Level Programming: Entering Ring Naught
David Evans
 
PDF
Class 1: What is an Operating System?
David Evans
 
PPTX
Microkernels and Beyond
David Evans
 
PPTX
Gash Has No Privileges
David Evans
 
PPTX
Flash! (Modern File Systems)
David Evans
 
PPTX
Zero to a Billion in 4.86 Years (A Whirlwind History of Operating Systems)
David Evans
 
PDF
Operating Systems 1 (7/12) - Threads
Peter Tröger
 
PPT
Operating System-Threads-Galvin
Sonali Chauhan
 
Invent the Future (Operating Systems in 2029)
David Evans
 
Smarter Scheduling (Priorities, Preemptive Priority Scheduling, Lottery and S...
David Evans
 
Once Upon a Process
David Evans
 
Inventing the Future
David Evans
 
Managing Memory
David Evans
 
Kernel-Level Programming: Entering Ring Naught
David Evans
 
Class 1: What is an Operating System?
David Evans
 
Microkernels and Beyond
David Evans
 
Gash Has No Privileges
David Evans
 
Flash! (Modern File Systems)
David Evans
 
Zero to a Billion in 4.86 Years (A Whirlwind History of Operating Systems)
David Evans
 
Operating Systems 1 (7/12) - Threads
Peter Tröger
 
Operating System-Threads-Galvin
Sonali Chauhan
 
Ad

Similar to SSL Failing, Sharing, and Scheduling (20)

PDF
What C and C++ Can Do and When Do You Need Assembly? by Alexander Krizhanovsky
ScyllaDB
 
PDF
Hello, Is That FreeSWITCH? Then We're Coming to Check You!
PVS-Studio
 
PPT
Expert JavaScript tricks of the masters
Ara Pehlivanian
 
PPTX
Static analysis and writing C/C++ of high quality code for embedded systems
Andrey Karpov
 
PDF
Aaron Bedra - Effective Software Security Teams
centralohioissa
 
PDF
Pycon - Python for ethical hackers
Mohammad Reza Kamalifard
 
PPT
Networking Core Concept
Rays Technologies
 
PDF
Information security programming in ruby
Hiroshi Nakamura
 
PDF
MongoDB World 2019: Life In Stitch-es
MongoDB
 
PPTX
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 
PPTX
Azure SQL Database - Connectivity Best Practices
Jose Manuel Jurado Diaz
 
PDF
maxbox starter72 multilanguage coding
Max Kleiner
 
PDF
Sigfox + Arduino MKRFOX Workshop
Nicolas Lesconnec
 
PPTX
Managing State in React Apps with RxJS by James Wright at FrontCon 2019
DevClub_lv
 
PDF
Marat-Slides
Marat Vyshegorodtsev
 
PDF
3
Marat Vyshegorodtsev
 
PDF
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
 
PDF
Bonnes pratiques de développement avec Node js
Francois Zaninotto
 
PDF
Insecure coding in C (and C++)
Olve Maudal
 
PDF
The Ring programming language version 1.10 book - Part 10 of 212
Mahmoud Samir Fayed
 
What C and C++ Can Do and When Do You Need Assembly? by Alexander Krizhanovsky
ScyllaDB
 
Hello, Is That FreeSWITCH? Then We're Coming to Check You!
PVS-Studio
 
Expert JavaScript tricks of the masters
Ara Pehlivanian
 
Static analysis and writing C/C++ of high quality code for embedded systems
Andrey Karpov
 
Aaron Bedra - Effective Software Security Teams
centralohioissa
 
Pycon - Python for ethical hackers
Mohammad Reza Kamalifard
 
Networking Core Concept
Rays Technologies
 
Information security programming in ruby
Hiroshi Nakamura
 
MongoDB World 2019: Life In Stitch-es
MongoDB
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 
Azure SQL Database - Connectivity Best Practices
Jose Manuel Jurado Diaz
 
maxbox starter72 multilanguage coding
Max Kleiner
 
Sigfox + Arduino MKRFOX Workshop
Nicolas Lesconnec
 
Managing State in React Apps with RxJS by James Wright at FrontCon 2019
DevClub_lv
 
Marat-Slides
Marat Vyshegorodtsev
 
3
Marat Vyshegorodtsev
 
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
 
Bonnes pratiques de développement avec Node js
Francois Zaninotto
 
Insecure coding in C (and C++)
Olve Maudal
 
The Ring programming language version 1.10 book - Part 10 of 212
Mahmoud Samir Fayed
 
Ad

More from David Evans (20)

PPTX
Cryptocurrency Jeopardy!
David Evans
 
PPTX
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
David Evans
 
PPTX
Hidden Services, Zero Knowledge
David Evans
 
PPTX
Anonymity in Bitcoin
David Evans
 
PPTX
Midterm Confirmations
David Evans
 
PPTX
Scripting Transactions
David Evans
 
PPTX
How to Live in Paradise
David Evans
 
PPTX
Bitcoin Script
David Evans
 
PPTX
Mining Economics
David Evans
 
PPTX
Mining
David Evans
 
PPTX
The Blockchain
David Evans
 
PPTX
Becoming More Paranoid
David Evans
 
PPTX
Asymmetric Key Signatures
David Evans
 
PPTX
Introduction to Cryptography
David Evans
 
PPTX
Class 1: What is Money?
David Evans
 
PPTX
Multi-Party Computation for the Masses
David Evans
 
PPTX
Proof of Reserve
David Evans
 
PPTX
Silk Road
David Evans
 
PPTX
Blooming Sidechains!
David Evans
 
PPTX
Useful Proofs of Work, Permacoin
David Evans
 
Cryptocurrency Jeopardy!
David Evans
 
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
David Evans
 
Hidden Services, Zero Knowledge
David Evans
 
Anonymity in Bitcoin
David Evans
 
Midterm Confirmations
David Evans
 
Scripting Transactions
David Evans
 
How to Live in Paradise
David Evans
 
Bitcoin Script
David Evans
 
Mining Economics
David Evans
 
Mining
David Evans
 
The Blockchain
David Evans
 
Becoming More Paranoid
David Evans
 
Asymmetric Key Signatures
David Evans
 
Introduction to Cryptography
David Evans
 
Class 1: What is Money?
David Evans
 
Multi-Party Computation for the Masses
David Evans
 
Proof of Reserve
David Evans
 
Silk Road
David Evans
 
Blooming Sidechains!
David Evans
 
Useful Proofs of Work, Permacoin
David Evans
 

Recently uploaded (20)

PPTX
How to Set Up Tags in Odoo 18 - Odoo Slides
Celine George
 
PPTX
Cultivation practice of Litchi in Nepal.pptx
UmeshTimilsina1
 
PDF
Exploring the Different Types of Experimental Research
Thelma Villaflores
 
PDF
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
PDF
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
PPTX
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
PDF
The dynastic history of the Chahmana.pdf
PrachiSontakke5
 
PDF
The Different Types of Non-Experimental Research
Thelma Villaflores
 
PDF
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
PPT
Talk on Critical Theory, Part II, Philosophy of Social Sciences
Soraj Hongladarom
 
PPTX
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
PPTX
I AM MALALA The Girl Who Stood Up for Education and was Shot by the Taliban...
Beena E S
 
PDF
LAW OF CONTRACT (5 YEAR LLB & UNITARY LLB )- MODULE - 1.& 2 - LEARN THROUGH P...
APARNA T SHAIL KUMAR
 
PDF
Dimensions of Societal Planning in Commonism
StefanMz
 
PDF
LAW OF CONTRACT ( 5 YEAR LLB & UNITARY LLB)- MODULE-3 - LEARN THROUGH PICTURE
APARNA T SHAIL KUMAR
 
PPTX
2025 Winter SWAYAM NPTEL & A Student.pptx
Utsav Yagnik
 
PDF
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
PDF
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
PPTX
Universal immunization Programme (UIP).pptx
Vishal Chanalia
 
PDF
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - GLOBAL SUCCESS - CẢ NĂM - NĂM 2024 (VOCABULARY, ...
Nguyen Thanh Tu Collection
 
How to Set Up Tags in Odoo 18 - Odoo Slides
Celine George
 
Cultivation practice of Litchi in Nepal.pptx
UmeshTimilsina1
 
Exploring the Different Types of Experimental Research
Thelma Villaflores
 
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
The dynastic history of the Chahmana.pdf
PrachiSontakke5
 
The Different Types of Non-Experimental Research
Thelma Villaflores
 
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
Talk on Critical Theory, Part II, Philosophy of Social Sciences
Soraj Hongladarom
 
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
I AM MALALA The Girl Who Stood Up for Education and was Shot by the Taliban...
Beena E S
 
LAW OF CONTRACT (5 YEAR LLB & UNITARY LLB )- MODULE - 1.& 2 - LEARN THROUGH P...
APARNA T SHAIL KUMAR
 
Dimensions of Societal Planning in Commonism
StefanMz
 
LAW OF CONTRACT ( 5 YEAR LLB & UNITARY LLB)- MODULE-3 - LEARN THROUGH PICTURE
APARNA T SHAIL KUMAR
 
2025 Winter SWAYAM NPTEL & A Student.pptx
Utsav Yagnik
 
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
Universal immunization Programme (UIP).pptx
Vishal Chanalia
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - GLOBAL SUCCESS - CẢ NĂM - NĂM 2024 (VOCABULARY, ...
Nguyen Thanh Tu Collection
 

SSL Failing, Sharing, and Scheduling

  • 1. Goto Failing, Sharing, and Scheduling Try this now: rust-class.org/ssl.html
  • 2. Plan for Today Apple’s SSL Bug Sharing Memory Scheduling 1
  • 3. Try this now: rust-class.org/ssl.html 2
  • 4. 3
  • 5. SSL/TLS Handshake Protocol Client Verify Certificate using KUCA Hello Server KRCA[Server Identity, KUS] Check identity matches URL Generate random K EKUS (K) Secure channel using K Decrypt using KRS 4
  • 6. SSL/TLS Handshake Protocol Client Verify Certificate using KUCA Check identity matches URL Generate random K Hello Server KRCA[Server Identity, KUS] How did client get KUCA? EKUS (K) Secure channel using K Decrypt using KRS 5
  • 7. 6
  • 8. SSL/TLS Handshake Protocol Client Verify Certificate using KUCA Hello Server KRCA[Server Identity, KUS] Check identity matches URL Generate random K EKUS (K) Secure channel using K Decrypt using KRS 7
  • 9. static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { OSStatus err; SSLBuffer hashOut, hashCtx, clientRandom, serverRandom; uint8_t hashes[SSL_SHA1_DIGEST_LEN + SSL_MD5_DIGEST_LEN]; SSLBuffer signedHashes; uint8_t *dataToSign; size_t dataToSignLen; signedHashes.data = 0; hashCtx.data = 0; Apple’s Implementation clientRandom.data = ctx->clientRandom; clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; serverRandom.data = ctx->serverRandom; serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE; … hashOut.data = hashes + SSL_MD5_DIGEST_LEN; hashOut.length = SSL_SHA1_DIGEST_LEN; if ((err = SSLFreeBuffer(&hashCtx)) != 0) goto fail; [Link] 8
  • 10. static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { … if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; Apple’s Implementation (cleaned up and excerpted) err = sslRawVerify(ctx, ctx->peerPubKey, dataToSign, dataToSignLen, signature, signatureLen); if(err) { sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify returned %dn", (int)err); goto fail; } fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; } 9
  • 11. … if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; err = sslRawVerify(ctx, ctx->peerPubKey, dataToSign, dataToSignLen, signature, signatureLen); if(err) { sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify returned %dn", (int)err); goto fail; } fail: SSLFreeBuffer(&signedHashes); Apple’s Implementation SSLFreeBuffer(&hashCtx); (cleaned up and excerpted) return err; } 10
  • 12. … if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; How should these kinds of mistakes be prevented? err = sslRawVerify(ctx, ctx->peerPubKey, dataToSign, dataToSignLen, signature, signatureLen); if(err) { sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify returned %dn", (int)err); goto fail; } fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; } 11
  • 13. 12
  • 14. Theory Excursion How hard is it for a compiler to provide unreachable code warnings? 13
  • 16. Unreachable is Undecidable fn halts(program: &str) { execute(program); println!(“Am I unreachable?”); } Compilers shouldn’t be constrained by theory! Goal is to help programmers Okay for warnings to be unsound and incomplete (even okay for errors!) 15
  • 17. My New Theory of Computation Book! 16
  • 18. plug book A Tragicomic Tale of Combinatorics and Computability for Curious Children of All Ages Illustrations by Kim Dylla
  • 20. Tasks Class 7: fn spawn(f: proc ()) spawn( proc() { println(“Get to work!”); }); Thread Own PC Own stack, registers Safely shared immutable memory Safely independent own memory Task = Thread – unsafe memory sharing or Task = Process + safe memory sharing – cost of OS process 19
  • 21. static mut count: uint = 0; fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { for _ in range(0u, 1000) { update_count(); } } println!("Count: {:}", unsafe { count }); } 20
  • 22. static mut count: uint = 0; fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { for _ in range(0u, 1000) { update_count(); } } println!("Count: {:}", unsafe { count }); } > rustc unsafe1.rs > ./unsafe1 Count: 10000 > ./unsafe1 Count: 10000 > ./unsafe1 Count: 10000 21
  • 23. static mut count: uint = 0; fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(); } }); } println!("Count: {:}", unsafe { count }); } > rustc unsafe2.rs > ./unsafe2 Count: 6955 > ./unsafe2 Count: 6473 > ./unsafe2 Count: 6367 > ./unsafe2 Count: 7557 22
  • 24. static mut count: uint = 0; fn update_count(id: uint) { unsafe { println!("Before update from {:}: {:}", id, count); count += 1; println!("After update from {:}: {:}", id, count); } } fn main() { for id in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(id); } }); } println!("Count: {:}", unsafe { count }); } 23
  • 25. static mut count: uint = 0; > ./unsafe3 Before fn update_count(id: uint) { update from 0: 0 unsafe { Before update from 1: 0 println!("Before updateupdate from 0: 1 After from {:}: {:}", id, count); count += 1; Before update from 0: 1 println!("After update from {:}: {:}", id, count); After update from 0: 2 } } … After update from 2: 81 fn main() { Before update from 0: 81 for id in range(0u, 10) { spawn(proc() { After update from 3: 83 for _ in range(0u, 1000) update from 2: After update from 5: 83 Before { update_count(id); 83 } Before update from 3: 84 }); Before update from 6: 22 } println!("Count: {:}", unsafe { count from 0: 84 After update }); } … 24
  • 26. static mut count: uint = 0; fn update_count(id: uint) { unsafe { println!("Before update from {:}: {:}", id, count); count += 1; println!("After update from {:}: {:}", id, count); } } fn main() { for id in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(id); } }); } println!("Count: {:}", unsafe { count }); } … Before update from 5: 6977 Before updCount: 6849 After update from 0: 6867 ate from 7: 6977 After update from 8: 6958 … After update from 1: 9716 Before update from 1: 9716 After update from 1: 9717 Before update from 1: 9717 After update from 1: 9718 > 25
  • 27. fn update_count() { unsafe { count += 1; } } How atomic is count += 1? 26
  • 28. unsafe2.s __ZN12update_count19h86817af0b0797e96al4v0.0E: .cfi_startproc cmpq %gs:816, %rsp ja LBB0_0 rustc -S unsafe2.rs movabsq $16, %r10 movabsq $0, %r11 callq ___morestack ret LBB0_0: pushq %rbp Ltmp2: .cfi_def_cfa_offset 16 Ltmp3: .cfi_offset %rbp, -16 movq %rsp, %rbp Ltmp4: … 27
  • 29. unsafe2.s Ltmp4: .cfi_def_cfa_register %rbp pushq %rax movq __ZN5count19hc6afed277fb1b6c3ah4v0.0E(%rip), %rax addq $1, %rax movq %rax, __ZN5count19hc6afed277fb1b6c3ah4v0.0E(%rip) movq %rdi, -8(%rbp) addq $8, %rsp popq %rbp ret .cfi_endproc 28
  • 30. rustc -O fn update_count() { unsafe { count += 1; } } fn main() { for _ in range(0u, 10) { spawn(proc() { for _ in range(0u, 1000) { update_count(); } }); } println!("Count: {:}", …); __ZN4main4anon7expr_fn2agE: .cfi_startproc … pushq %rbp Ltmp15: .cfi_def_cfa_offset 16 Ltmp16: .cfi_offset %rbp, -16 movq %rsp, %rbp } Ltmp17: .cfi_def_cfa_register %rbp addq $1000, __ZN5count19hc6afed277v0.0E(%rip) popq %rbp ret .cfi_endproc > rustc unsafe2.rs > ./unsafe2 Count: 7628 > ./unsafe2 Count: 6672 > rustc -O unsafe2.rs > ./unsafe2 Count: 10000 > ./unsafe2 Count: 10000 > ./unsafe2 Count: 10000 > ./unsafe2 Count: 10000 > ./unsafe2 Count: 9000 29
  • 31. ARCs Automatically Reference Counted extra::arc provides: Arc wrapper for shared immutable state MutexArc mutable shared state protected by mutual exclusion RWArc mutable shared state protected by reader-writer lock 30
  • 32. Creating an RWArc let counter: RWArc<int> = RWArc::new(0); 31
  • 34. 33
  • 35. |count: &mut int| fn update_count(counter: RWArc<int>) { counter.write(|count| { *count += 1; }); } 34
  • 36. extern mod extra; use extra::arc::RWArc; fn update_count(counter: RWArc<int>) { counter.write(|count| { *count += 1; }); } fn main() { let counter: RWArc<int> = RWArc::new(0); for _ in range(0, 10) { let ccounter = counter.clone(); spawn(proc() { for _ in range(0, 1000) { update_count(ccounter.clone()); } }); } counter.read(|count| { println!("Count: {:d}", *count); }); } 35
  • 37. extern mod extra; use extra::arc::RWArc; What is the value printed for Count? fn update_count(counter: RWArc<int>) { counter.write(|count| { *count += 1; }); } fn main() { let counter: RWArc<int> = RWArc::new(0); for _ in range(0, 10) { let ccounter = counter.clone(); spawn(proc() { for _ in range(0, 1000) { update_count(ccounter.clone()); } }); } > ./rwarc1 Count: 1139 > ./rwarc1 Count: 1146 > ./rwarc1 Count: 1158 counter.read(|count| { println!("Count: {:d}", *count); }); } 36
  • 38. fn main() { let counter: RWArc<int> = RWArc::new(0); let running: RWArc<int> = RWArc::new(0); for _ in range(0, 10) { let ccounter = counter.clone(); running.write(|n| { *n += 1; }); let crunning = running.clone(); spawn(proc() { for _ in range(0, 100) { update_count(ccounter.clone()); } crunning.write(|n| { *n -= 1; }); }); } while running.read(|n| { *n }) > 0 { ; } counter.read(|count| { println!("Count: {:d}", *count); }); } 37
  • 40. Remember from Class 4: 1. How should the supervisor decide which program to run? 2. How long should the alarm clock be set for? 39
  • 41. Scheduler Desiderata Go placidly amid the noise and haste, and remember what peace there may be in silence. As far as possible without surrender be on good terms with all persons. Speak your truth quietly and clearly; and listen to others, even the dull and the ignorant; they too have their story. Avoid loud and aggressive persons, they are vexations to the spirit. … Exercise caution in your business affairs; for the world is full of trickery. …And whether or not it is clear to you, no doubt the universe is unfolding as it should…whatever your labors and aspirations, in the noisy confusion of life keep peace with your soul. With all its sham, drudgery, and broken dreams, it is still a beautiful world. Be cheerful. Strive to be happy. Max Ehrmann, “Desiderata” (1927) 40
  • 42. How well do traffic lights do? 41
  • 43. How well do traffic lights do? 42
  • 44. dori-mic.org “If only I had this book when I was a young student, I might have done something useful with my life like discover a new complexity class instead of dropping out and wasting my life flipping pancakes, playing with basic blocks, and eradicating polo.” Gill Bates, Founder of Mic-Soft Corporation MiniLEGO [FJNNO 2013]