[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Richard Levitte
levitte at openssl.org
Tue Nov 22 23:07:32 UTC 2016
In message <1479839148.2376.31.camel at HansenPartnership.com> on Tue, 22 Nov 2016 10:25:48 -0800, James Bottomley <James.Bottomley at HansenPartnership.com> said:
James.Bottomley> On Tue, 2016-11-22 at 18:03 +0000, Salz, Rich wrote:
James.Bottomley> > > > It does this by trying to interpret the blob against known ASN.1
James.Bottomley> > > > definitions, and will only succeed when there's a complete match.
James.Bottomley> > > > I'm
James.Bottomley> > > > not terribly worried...
James.Bottomley> >
James.Bottomley> > I am. With locales and UTF8, the old simple days of text/binary are
James.Bottomley> > probably long gone. And if any ASN.1 definition has extensibility in
James.Bottomley> > it, then we have to be concerned about things being wrapped,
James.Bottomley> > something like prefix attacks, and so on.
James.Bottomley> >
James.Bottomley> > > And even if you were, you should be *more* worried about making
James.Bottomley> > > *applications* do it for themselves :)
James.Bottomley> >
James.Bottomley> > I cannot control what an application does, and I am not responsible
James.Bottomley> > for any other application's reputation. I do have a strongly vested
James.Bottomley> > stake in OpenSSL's.
James.Bottomley> >
James.Bottomley> > It is already possible to write a utility library that tries
James.Bottomley> > everything in turn, and returns an enumeration that says "seems to be
James.Bottomley> > an X509 certificate" etc. And then another routine that takes that
James.Bottomley> > enumeration and the blob and calls the right decoder. I would be
James.Bottomley> > okay with that, even if it were part of OpenSSL. I am opposed to
James.Bottomley> > guessing and parsing in one step, and would -1 any PR for that,
James.Bottomley> > forcing a team discussion.
James.Bottomley>
James.Bottomley> That's not the proposal. The proposal is to use PEM form because we
James.Bottomley> can make it uniquely self describing using the guard tags which
James.Bottomley> obviates the problem above.
This is a side thread that discusses the 'file' scheme loader in my
STORE effort. So, uhmmm, we're a bit away from just PEM here.
However, if we go back to the discussion about TSS KEY BLOBs, yeah,
I've only seen a PEM proposal, and that's a muuuuch easier case.
James.Bottomley> On the larger issue of non-self describing formats like ASN.1: if your
James.Bottomley> theory that there's a security hole by allowing opportunistic format
James.Bottomley> detection is correct, simply making the user specify is palming our bug
James.Bottomley> off on to the user and abdicating responsibility because now when
James.Bottomley> they're tricked into an exploit they can be blamed not openssl. If
James.Bottomley> such a bug exists, doing opportunistic format detection the better
James.Bottomley> guarantor of overall system security because if such a bug is found, it
James.Bottomley> would have to be fixed within openssl to everyone's benefit.
I agree with that sentiment.
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list