X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-wr0-f194.google.com (mail-wr0-f194.google.com [209.85.128.194]) by lists.alpinelinux.org (Postfix) with ESMTP id 0F8AF5C4EAA for ; Mon, 12 Feb 2018 10:36:25 +0000 (GMT) Received: by mail-wr0-f194.google.com with SMTP id b52so14624052wrd.10 for ; Mon, 12 Feb 2018 02:36:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=0zeZsv5urMRLdC5givJvzKm+6fEE+b+oJEUjck1C+Qo=; b=lZ8zkaoz6sLGEa6JJfAk5P/lxoK9SWKB4Kw2hmQLiUiwJfuyJmcPr/zjhlYBw9EX0/ MwSp3Bi8iUoTiyohvBvmbzz2vuR4HcOtWo57Knterp1MjM2CXHlP1CO1WjR2VbGOxlh2 OM8nfiscxjOs8zA6DhPDo+MzftylbKptSlqcdLrhBXQ4djEc8aux5Rvz+hBa/hxwZDJx xjvym+ncOkiwbFDUr6DFH5Av4c4e5VxRu5KRv4eQFB1A0UYPSlY7rJwgvqyhrR7cXbOA 9ezC+c/YXv/a2MicwqQH+ac4WR5rQ3b73/0KfGfkP0lQtH1Dt2AyueMp1fuKaKutJKaV MUfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0zeZsv5urMRLdC5givJvzKm+6fEE+b+oJEUjck1C+Qo=; b=fV/zO6bYL59ghN8NbY19WQJMK8/UR3/aEA/R+P6KH6a58trfLcgonQ9S1DZoAtzegj FbScVe1fEKedaPeWAjKvFpGFrRlY5Is+Qqb/3WtfKBfvTXVVqWOI4geBlUpirqWtsK3Z B/BLIlN2jXBbpYdOrWs0h/FybffpiwZDYbq0WwaL0DwsSYfoQabsDveaqGmIBaFaC91J M7wNFvTIPZBPW8+z/csOJes7ceHUcn1FF+ZTAjK1Y7YrbAJekBh/BCdtmFbZwpIEivms jPm0VOK4ec+wHK2oLOPA0A0vcV5ZAJJUY5aVeigphdi42ZwCReB7lkQvJVMTc50qrUZf zdng== X-Gm-Message-State: APf1xPBHxu93AwqVgxe8JKtbJ3rtTLD/udT1way7wsXbinIgE5F3TfDu UV6pIdfEUoBkPVNSV4M3Aq1cDWY= X-Google-Smtp-Source: AH8x226+vQUZMgN2rWS2Ny2kGmH9oRMkzrYG27nPQTNmx7M20a7224fLrjO+buwI7ZWxB1RQcDORXQ== X-Received: by 10.223.164.23 with SMTP id d23mr9336130wra.72.1518431784120; Mon, 12 Feb 2018 02:36:24 -0800 (PST) Received: from mechanicum.chadwicks.me.uk (mail.oesys.co. [82.71.11.172]) by smtp.gmail.com with ESMTPSA id i75sm4277487wmg.41.2018.02.12.02.36.23 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 12 Feb 2018 02:36:23 -0800 (PST) Date: Mon, 12 Feb 2018 10:36:20 +0000 From: Kevin Chadwick To: alpine-dev Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation Message-ID: <20180212103620.5a55f6e3@mechanicum.chadwicks.me.uk> In-Reply-To: References: <20180209211237.19ab8fda@ncopa-macbook.copa.dup.pw> <20180210111715.144a571e@mechanicum.chadwicks.me.uk> <20180210141109.55695e19@mechanicum.chadwicks.me.uk> <20180210154513.66fa5b3a@mechanicum.chadwicks.me.uk> <7f5961a9-e09e-8e1c-12b4-23ae56fce034@adelielinux.org> <20180210190646.38ab746f@mechanicum.chadwicks.me.uk> X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sat, 10 Feb 2018 19:04:04 -0600 > > Then they changed it later to use the clamp mechanism which makes it > accept any time_t overflow as valid, which is a completely unsafe hack > done for RFC 5280 conformance on 32-bit systems. As it stands, I am > inclined to revert that hack in our libressl packages because it is > worse than simply failing to validate: it means somebody can make a > fake CA root certificate and gets some bytes to play with since your > system won't correctly validate it when you install it by mistake. > > What you do instead is what OpenSSL did: you convert the system time > into a format that is Y2038 safe and you do your validity checks in > that format. TAI64N being a safe format for this, for example.[2] > Why would you revert it before raising it with them. I haven't the time to write this mail or follow the code properly and didn't even find goto out, but it appears it may still fail for completely broken systems. IF there is a practical security issue then you have a DUTY to raise it no matter how few systems it affects! Perhaps it is only done for RFC compliance and this corner case is deemed as too much work where Linux should be doing things right but atleast you tried to upstream it. Perhaps these systems are seen as being dangeorous to deploy in any case for any important task and so supporting it is the wrong thing (aiding deployers) as their software could do unpredictable things with a broken OS. It would be better to know! > > > > Atleast you did enter some discussion and William might have learnt > > that passing imsgs can be more secure and protect the keys! > > I have been isolating TLS code for over a decade. I did not learn > anything from you, other than that you're an arrogant prat. > I guess you missed the point >> Alpine has been using privilege separation for years where possible >> regardless of using LibreSSL or not. Privilege separation would not >> have prevented Heartbleed, as the unprivileged process would still >> require a copy of the X509 objects in order to perform cryptographic >> operations. > Cool, glad to hear it. My faith in Alpine is restored somewhat :) > That depends on the design which is also why I said compilation > wouldn't cut it. > http://insanecoding.blogspot.co.uk/2014/05/protecting-private-keys.html > https://marc.info/?l=openbsd-cvs&m=139879883203226&w=2 The Imsgs used here are not passing keys or sensitive x509 objects! --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---