[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

David Woodhouse dwmw2 at infradead.org
Tue Nov 22 19:37:55 UTC 2016 

On Tue, 2016-11-22 at 18:29 +0000, Salz, Rich wrote:
> > That's not the proposal.  The proposal is to use PEM form because we can
> > make it uniquely self describing using the guard tags which obviates the
> > problem above.
> 
> Well that's what you want.  David wants more than that :)

S'true :)

> > On the larger issue of non-self describing formats like ASN.1: if your theory
> > that there's a security hole by allowing opportunistic format detection is
> > correct, simply making the user specify is palming our bug off on to the user
> > and abdicating responsibility because now when they're tricked into an
> > exploit they can be blamed not openssl.  If such a bug exists, doing
> > opportunistic format detection the better guarantor of overall system
> > security because if such a bug is found, it would have to be fixed within
> > openssl to everyone's benefit.
> 
> We differ.

We do. I think James put it well though, when he talked of "palming our
bug off onto the user and abdicating responsibility". The library
doesn't get to sit in its ivory tower of perfection; you are
responsible for the API you inflict on users and how they actually
*use* it.

And besides, even if we force applications to iterate over the possible
formats for themselves, they aren't going to have a bug *there*. Any
bug will be in our parser for one specific format or another. We didn't
even *save* our reputation by forcing the application authors to jump
through hoops.

And more to the point, you already *do* this, in d2i_AutoPrivateKey().
It's just that you only handle *some* of the known key formats, so the
application has to explicitly try the others. What's being proposed
here is merely that we fix that up to have full coverage — not a
radical new approach at all.

Oh, and that we automatically distinguish between PEM and DER forms,
but *that* much is fairly trivial and safe.

And the locale / character set issue is not relevant here. ASN.1 is
binary, PEM is ASCII.

When we come to talk about passwords, *sure* we can look at character
sets. But that is a somewhat orthogonal issue.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161122/c516dcda/attachment.bin>

More information about the openssl-dev mailing list