It's a Presidential Mandate, Feds use it. How come you are not using FDE?

Victor Duchovni Victor.Duchovni at MorganStanley.com
Thu Jan 18 20:39:24 EST 2007 

On Thu, Jan 18, 2007 at 03:57:46PM -0800, Saqib Ali wrote:

> When is the last time you checked the code for the open source app
> that you "use", to make sure that it is written properly?
> 

Yesterday, in the case of OpenSSL, though I was only looking at how
ASN.1 strings that store the subject CN and subjectAltName deal with
the various possible supported encodings, embedded NUL octets, ...

It took reading the code to determine the following:

    - ASN.1 Strings extracted from X.509v3 certs are not validated for
    conformance with the declared character syntax. Strings of type
    PrintableString or IA5String may hold non-printable or non-ASCII
    data.

    - Rather in OpenSSL all the ASN.1 string types are opaque TLV byte
    arrays, with a manifest type and arbitrary content that may or
    not be consisten with the type, and may hold embedded NUL bytes
    which require some care in C applications, but at least it *is*
    possible if is careful, to check that:
    
    	ASN_STRING_length(s) == strlen(ASN1_STRING_DATA(s))

    - Conversion to UTF8 is implemented correctly, without prematurely
    stopping on internal NUL octets. This also checks that BMPString and
    UniversalStrings have encoded lengths that are even or divisible by
    4 respectively, and that UTF8 input is valid and "minimal".

This means that as a user of the library, I must (and fortunately can):

	- Convert the raw ASN.1 encoded data if BMPString or
	UniversalString to UTF8.

	- Check CommonNames and DNS subjectAltNames for internal NULs,
	because I can't rely on no CA to ever mess up and sign a cert for
	"alice.com\0.eve.com". This check is not found in most sample
	applications that (cargo-cult programming rampant in other
	problem spaces is also common with SSL).

	- Check CommonNames and DNS subjectAltNames for unexpected
	non-printable or non-printable characters as appropriate.

This is not the same as a full code review, but having access to the source
means that I can make sure that my code is a correct use of the interface,
that I am not making unfounded assumptions, and there are no obvious bugs
in the part of the library that I am reviewing.

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list