It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Thu Jan 18 20:39:24 EST 2007
On Thu, Jan 18, 2007 at 03:57:46PM -0800, Saqib Ali wrote:
> When is the last time you checked the code for the open source app
> that you "use", to make sure that it is written properly?
>
Yesterday, in the case of OpenSSL, though I was only looking at how
ASN.1 strings that store the subject CN and subjectAltName deal with
the various possible supported encodings, embedded NUL octets, ...
It took reading the code to determine the following:
- ASN.1 Strings extracted from X.509v3 certs are not validated for
conformance with the declared character syntax. Strings of type
PrintableString or IA5String may hold non-printable or non-ASCII
data.
- Rather in OpenSSL all the ASN.1 string types are opaque TLV byte
arrays, with a manifest type and arbitrary content that may or
not be consisten with the type, and may hold embedded NUL bytes
which require some care in C applications, but at least it *is*
possible if is careful, to check that:
ASN_STRING_length(s) == strlen(ASN1_STRING_DATA(s))
- Conversion to UTF8 is implemented correctly, without prematurely
stopping on internal NUL octets. This also checks that BMPString and
UniversalStrings have encoded lengths that are even or divisible by
4 respectively, and that UTF8 input is valid and "minimal".
This means that as a user of the library, I must (and fortunately can):
- Convert the raw ASN.1 encoded data if BMPString or
UniversalString to UTF8.
- Check CommonNames and DNS subjectAltNames for internal NULs,
because I can't rely on no CA to ever mess up and sign a cert for
"alice.com\0.eve.com". This check is not found in most sample
applications that (cargo-cult programming rampant in other
problem spaces is also common with SSL).
- Check CommonNames and DNS subjectAltNames for unexpected
non-printable or non-printable characters as appropriate.
This is not the same as a full code review, but having access to the source
means that I can make sure that my code is a correct use of the interface,
that I am not making unfounded assumptions, and there are no obvious bugs
in the part of the library that I am reviewing.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list