Well, maybe this is a blessing. While it's open source, maybe multiple eye's need to look at it for final validation.
No it's a curse. I have input fuzzing, unit tests, code coverage profiling and Valgrind memory tests. Such a bug wouldn't have slipped past me with both eyes shut -- no seriously! If I fuck up accidentally like this THE COMPUTER TELLS ME SO without ever having to do anything but make the mistake and type make test all. I test every line of code on every side of my #ifdef options, in all my projects. If you're implementing ENCRYPTION AND/OR SECURITY SOFTWARE then I expect such practices as the absolute minimum effort -- I mean, that's what I do, even when it's just me coding on dinky indie games as a hobby. I don't want to be known as the guy who's game was used to compromise users' credentials or data, that would be game over for me.
These ass-hats have just shown the world that they can't be trusted to use the fucking tools we wrote that would have prevented this shit if they'd have just ran them. It's really not acceptable. It's hard to comprehend the degree of unacceptable this is. It reeks of intentional disaster masquerading as coy "accidental" screw up, "silly me, I just didn't do anything you're supposed to do when you're developing industry standard security software". No. Just, no. An ancient optimization that was made default even though it only mattered on SOME slower platforms? Yeah, OK, that's fucking dumb, I can buy it as an accident. However, NOT TESTING BOTH BRANCHES for that option? What the actual fuck? I could see someone missing an edge case in their unit test, but not even using input fuzzing at all? It's not hard, shit, I have a script that generates the basic unit fuzzing code from the function signatures in .H files, you know, so you don't miss a stub...
"Never attribute to malice what can be adequately explained by stupidity." -- The level of stupidity required is unexplainable. How the fuck are they this inept and in charge of THIS project? THAT'S the real issue. This isn't even the fist time OpenSSL shit the bed so bad. In <- this linked example, it was Debian maintainers and not the OpenSSL maintainers fault (directly): Instead of adding an exception to the Valgrind ignore list (which you most frequently must have in any moderately sized project, esp one that handles its own memory management) they instead commented out the source of entropy, making all the SSL connections and keys generated by OpenSSL easily exploitable since it gutted the entropy of the random number generator (which is a known prime target for breakage that's very hard to get right even if you're not evil, so any change thereto needs to be extremely well vetted). Last time the OpenSSL maintainers brazenly commented they "would have fallen about laughing, and once we had got our breath back, told them what a terrible idea this was." -- Except that they silently stopped paying attention to to the public bug tracker / questions and quietly moved to another dev area, making it nearly impossible to contact them to ask them about anything (a big no-no in Open Source dev), but it gives you a better idea about the sort of maintainers these fuck-tards are.
We don't know absolutely for sure, but we're pretty damn close to absolutely certain that OpenSSL and other security products (see: RSA's BSafe) are being targeted for anti-sec by damn near all the powers that be. So, now we find out OpenSSL has an obsolete optimization -- a custom memory pool (red flag goes up right away if you see memory reuse in a security product, that shit MUST be even more throughly checked than entropy-pools, since it can cause remote code execution, memory leaks, and internal state exposure... you don't say?). We find that optimization would have been caught by basic fuzz test with Valgrind, which apparently folks have been using previously according to the comments in the prior SNAFUBAR. Even if unit-test missed the out of bounds edge-case values on the alternate codepath, the alternate codepath NEVER was tested for YEARS? That's inexcusable, almost as bad as developers of a popular open source security entering silent-running mode... It's pretty clear why: If that branch was compiled in it would reveal this bug that was splaying OpenSSL wide open. Now get this: They use the excuse that the codepath hadn't been tested in so long to KEEP USING THE BUGGY CUSTOM MEMORY MANAGER?! Look, if I was writing a memory manager for a security product, guess what my #1 reason for doing so would be? To memset freed memory to zeros automatically and PREVENT this type of data leak.
If I did something like this I would fire myself, I'm being perfectly honest. I would demote myself from executive software architect all the way down to build-script code-monkey. I'd stop everything, slap myself upside the head, contact my customers and apologize for the delay, offer a refund if they can't wait and need to go with another solution, I'd cancel my vacation to make up for the money I won't have, and get my ass in gear putting together a proper built, test, deploy framework and I wouldn't accept a single new feature until everything was checking out, had unit tests for edge cases and fuzzing for all functions, and I had 100% code coverage on these tests. This is a security product for fuck's sake, so in that case, If I messed up this bad I'd have myself neutered on top of all that so as to spare the gene pool any chance of my brain-damaged contribution.
This is a curse because in a post-Snowden world OpenSSL should be dead to us now, but it won't be, it's entrenched -- Like a grandma zombie it will lumber on without anyone having the guts to bash its brains in because it looks like something we were deeply connected to just a moment ago. The thing is though, that zombie is not our granny anymore, it's infected. There is absolutely no telling how many more glaring fuckups that exist, readily compromising the security of the entire stack and which have oh-so-convenient plausible deniability if ever discovered. OpenSSL needs a full and complete security audit, and the maintainers should be banned from any open source security software that wants to be seen as credible. If I were them I'd be apologizing and stepping down, asking the community to appoint a new maintainer. The code is now cursed, and so are its maintainers, just as some of its contributors, and all of its users are.
Fortunately for me, from the first time I looked at the design of the TLS/SSL PKI CA system and vomited at the stupidity of it all, I have been operating under the assumption that the entire thing is purpose built to be a complex security theater that offers no security whatsoever. It really is a collection of single points of failure: Any CA can create certs for any domain, so you have to trust ALL of them to never be compromised or the whole thing falls apart, not to mention all the bad-actors listed as trusted roots by default in all browsers ensuring that you can not trust all of the CAs ever. If the implementations could be trusted you could use trusted self-signed certs to secure endpoints for your internal business domain, but I really don't see how any CA can prove that it is trustworthy given government gag-orders exist, and I haven't yet seen an implementation of SSL that I feel I can trust.
Look: It sucks, but if you want it done right you really are going to have to do it yourself, or find a trustworthy bloke to do it for you. It's the keys to the kingdom people, that's what's called a single point of failure. It's guaranteed to be 100% screwed if its widespread and an unrelated 3rd party or committee is in charge, count on it. Damn near every government on the planet employs a building full of people who's job it is to make this so. The only blessing in disguise is that this is yet another nail in the coffin, not just for OpenSSL, but for the Public Key Infrastructure in general. More and more folks are jumping ship and looking for better solutions, realizing that no CAs can be trusted at all, and trusting hundreds of them is pure stupidity.
It's a real shame no one invented a trust graph system where multiple intermediaries can vouch for identities like in PGP, oh, wait... Huh, why does TLS even exist then? Right, to make sure your shit is very exploitable.