[openssl-dev] STORE (was: [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl)
Richard Levitte
levitte at openssl.org
Wed Nov 23 15:27:59 UTC 2016
[subject change]
In message <3d837eb338bb47a68938676967ed1092 at usma1ex-dag1mb1.msg.corp.akamai.com> on Wed, 23 Nov 2016 14:41:14 +0000, "Salz, Rich" <rsalz at akamai.com> said:
rsalz>
rsalz> > Essentially, you're suggesting that we split out the matching part of the d2i
rsalz> > functions and put that to good use. Or do you have some other idea, along
rsalz> > the lines if magic?
rsalz>
rsalz> NO. I am suggesting add one new routine that tries varies
rsalz> "convert to native" and returns which conversion worked. And
rsalz> then another new routine that takes that return value and calls
rsalz> that conversion routine directly. The cost of doing this is
rsalz> one extra d2i. By the application. And that first routine
rsalz> should ideally return a bitmask of all functions that succeeded
rsalz> so that handling ambiguities are built-in to the API.
Ok, I hear you, and this can be done. However, since this is in STORE
terms, it will have to be a STORE API thing. Not all URIs will give
you a DER blob to fiddle with at your heart's content, some of them
will just give you a key referense (which is best stored in a
EVP_PKEY). Engine keys stored in the engine device are the prime
example.
rsalz> > rsalz> Security libraries *should not guess.*
rsalz> >
rsalz> > Isn't telling the application "we think it's a FOO" guessing? What's the
rsalz> > application going to do, go "naaaah, methinks it's a BAR" and try to decode
rsalz> > the blob as that (and most probably fail) rather than FOO?
rsalz>
rsalz> It might. Or it might throw up its hands and give up. Or it
rsalz> might check to see if the file is ambiguous and do something.
rsalz> The point is, it is not openssl that is doing that.
Speaking of ambiguity, I was thinking of having my 'file' scheme
loader try all d2i's and having it "throw up its hands" if it found
more than one matching. STOREerr(..., STORE_R_MABIGUOUS_CONTENT) type
of thing... The application or users would be left to give some extra
information in the URI.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list