From owner-freebsd-security@freebsd.org Sun Oct 29 00:20:55 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 367BCE51E2E for ; Sun, 29 Oct 2017 00:20:55 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 077DB1BA0; Sun, 29 Oct 2017 00:20:55 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 881061766; Sun, 29 Oct 2017 00:20:54 +0000 (UTC) Subject: Re: Crypto overhaul To: Jules Gilbert , Poul-Henning Kamp , Nathan Whitehorn , "freebsd-security@freebsd.org security" , Ben Laurie , pg@eth1.com, Jeremiasfeliz References: <13959.1509132270@critter.freebsd.dk> From: Eric McCorkle Message-ID: <2ec1f3bc-cb6d-0073-9a6e-704a2cf1b3c4@metricspace.net> Date: Sat, 28 Oct 2017 20:20:54 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 00:20:55 -0000 On 10/27/2017 19:17, Jules Gilbert wrote: > These days no one talks about how wonderful CPM was, we used it because > at one time, it was the only OS available. > > So what is our excuse for using SSL?, because I'm fairly certain the NSA > and just about everyone else in the neighborhood has hacked it. > > Question for the group...  Does anyone believe that factoring is > actually hard.  It was once, I know.  But today? > > I'm not a crypto person, but even I wrote a simple factoring program.  > In C, using MAPM.  I produce a few of the left-most bits for a,b, where: > > c = a*b; > > where a is:  3 .. sqrt(c) > > and (of course,) b must be: greater than sqrt(c) > > from this I bisect the space of 3 .. sqrt(c) and begin the recursive > descent.  The program does about 5,000 prime pairs an hour and this > using MAPM!! > > I gave away the source code, let me know if you didn't get a copy.  > You'll need g++ and MAPM This isn't the place for discussions of number theory, but I don't see what you could possibly use for a binary search here. More generally, discovering a polynomial-time prime factorization algorithm would likely win you a fields medal, given that it's one of the oldest open problems in mathematics. So it's extremely unlikely that a solution exists. From owner-freebsd-security@freebsd.org Sun Oct 29 00:36:02 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24D1CE52640; Sun, 29 Oct 2017 00:36:02 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id EE25822B0; Sun, 29 Oct 2017 00:36:01 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 6CDA0176E; Sun, 29 Oct 2017 00:36:01 +0000 (UTC) Subject: Re: Crypto overhaul To: Poul-Henning Kamp , Benjamin Kaduk Cc: Ben Laurie , "freebsd-security@freebsd.org security" , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> From: Eric McCorkle Message-ID: Date: Sat, 28 Oct 2017 20:36:01 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <24228.1509196559@critter.freebsd.dk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 00:36:02 -0000 On 10/28/2017 09:15, Poul-Henning Kamp wrote: > -------- > In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk writes: > >> I would say that the 1.1.x series is less bad, especially on the last count, >> but don't know how much you've looked at the differences in the new branch. > > While "less bad" is certainly a laudable goal for OpenSSL, I hope > FreeBSD has higher ambitions. > I'm curious about your thoughts on LibreSSL as a possible option. From owner-freebsd-security@freebsd.org Sun Oct 29 07:05:35 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F03FEE5BA8D; Sun, 29 Oct 2017 07:05:35 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id B3B106E993; Sun, 29 Oct 2017 07:05:35 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id 7F819273A4; Sun, 29 Oct 2017 07:05:28 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTP id v9T75QhH028040; Sun, 29 Oct 2017 07:05:26 GMT (envelope-from phk@phk.freebsd.dk) To: Eric McCorkle cc: Benjamin Kaduk , Ben Laurie , "freebsd-security@freebsd.org security" , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" Subject: Re: Crypto overhaul In-reply-to: From: "Poul-Henning Kamp" References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <28038.1509260726.1@critter.freebsd.dk> Content-Transfer-Encoding: quoted-printable Date: Sun, 29 Oct 2017 07:05:26 +0000 Message-ID: <28039.1509260726@critter.freebsd.dk> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 07:05:36 -0000 -------- In message , Eric Mc= Corkl e writes: >On 10/28/2017 09:15, Poul-Henning Kamp wrote: >> -------- >> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk wri= tes: >> = >>> I would say that the 1.1.x series is less bad, especially on the last = count, >>> but don't know how much you've looked at the differences in the new br= anch. >> = >> While "less bad" is certainly a laudable goal for OpenSSL, I hope >> FreeBSD has higher ambitions. >> = > >I'm curious about your thoughts on LibreSSL as a possible option. It retains the horrible APIs, so the potential improvement is finite. -- = Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe = Never attribute to malice what can adequately be explained by incompetence= . From owner-freebsd-security@freebsd.org Sun Oct 29 13:46:35 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4851AE63B4D; Sun, 29 Oct 2017 13:46:35 +0000 (UTC) (envelope-from bf1783@gmail.com) Received: from mail-ua0-x22b.google.com (mail-ua0-x22b.google.com [IPv6:2607:f8b0:400c:c08::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 058327E4E6; Sun, 29 Oct 2017 13:46:34 +0000 (UTC) (envelope-from bf1783@gmail.com) Received: by mail-ua0-x22b.google.com with SMTP id n22so7792673uaj.13; Sun, 29 Oct 2017 06:46:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=G4UHpup1LKcJW4HHj7KPsqUTIe18RGjnzQxd9Ph3rXU=; b=SudsWfA8VD6TE1AjNJxb8guApfUhtJ0XiCzE/0Kaj3ci6xsMAVk8V8UeOefyw6eFn4 ZaSWGZThOyGowjD/H8FcpraUHOOFQ6WhbqVj8Y+yP/RJahdNQan+wmQKcKu6UUbrIquv llhG+pLvJf4RVqAWMG1m2SAGk0d3THKaZ3i4sVOQZ9kfczICW06CXGOo28R6BCoV9gLN CKDTtxmVDfKKFteJ0WO1+xQ1hEDbDWUmASPsyn+80DIG9URGoOtkgpf4v2LHsmuPKdO0 YEkL093P2EgzVgQMVIqhsUjnSi8pX1AyHTLK/dq21s7T09LclrE69437WnKONRKr05GJ DPIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=G4UHpup1LKcJW4HHj7KPsqUTIe18RGjnzQxd9Ph3rXU=; b=CQ7wBuILzPdK4XsoJfgmv6waMKkavmN2ih64XenNVMmusrNt5aTnnqttCSWFD+7Iu+ aJvsKsASwkw6xFR2/gUsGWmnAMFiNPE2bXXhqdhAFSVEn1JKiK3rR2ev+giVaIoY4h51 VyLd7W2KbZtGBrP/cz2lVVjDVau4FxVxSuyKQHPPFeoN8G2NtKhcL/GULEK4ba2OtBve jjrQfVgTayVwAPiMr4suR/jVk2C+pKuXpm7JdgjBDg0gQ81k/f2xuUk2UOWUpVKOnO9f Zi9BHDg6LU/+mCLcGXOcnZ2k/RhAzsijsLRAIpiPflTDo3Epjzok2CDwcE0g5/nSw8Ta md8g== X-Gm-Message-State: AMCzsaX6GkW+xpxY8Vv1Aw9Rn4Y253qTDDvQko57naasmKJnU8smQtbn YsK/gKfFDB5pbirDCA0hZMKel6nDnkkfxYRASxU= X-Google-Smtp-Source: ABhQp+SqMUXHwYgKpGF6enWQxc3auR2/uOGU+VmWxHOuqNUTDYYP3+nUugIr2yAYeD2Lp8l+pjKzyWTqKdxstSk2yoc= X-Received: by 10.176.83.206 with SMTP id l14mr5789821uaa.167.1509284793938; Sun, 29 Oct 2017 06:46:33 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.143.142 with HTTP; Sun, 29 Oct 2017 06:46:33 -0700 (PDT) Reply-To: bf1783@gmail.com In-Reply-To: <28039.1509260726@critter.freebsd.dk> References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <28039.1509260726@critter.freebsd.dk> From: bf Date: Sun, 29 Oct 2017 13:46:33 +0000 Message-ID: Subject: Re: Crypto overhaul To: Poul-Henning Kamp Cc: Eric McCorkle , Benjamin Kaduk , "freebsd-arch@freebsd.org" , Ben Laurie , "freebsd-hackers@freebsd.org" , "freebsd-security@freebsd.org security" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 13:46:35 -0000 On 10/29/17, Poul-Henning Kamp wrote: > -------- > In message , Eric > McCorkl > e writes: >>On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>> -------- >>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk >>> writes: >>> >>>> I would say that the 1.1.x series is less bad, especially on the last >>>> count, >>>> but don't know how much you've looked at the differences in the new >>>> branch. >>> >>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>> FreeBSD has higher ambitions. >>> >> >>I'm curious about your thoughts on LibreSSL as a possible option. > > It retains the horrible APIs, so the potential improvement is finite. > OpenBSD started the task of making OpenSSL easier to use by adding things like libtls (see https://man.openbsd.org/tls_init ) on top of their backwards-compatible libssl. There are similar efforts in other libraries like NaCl and its forks, such as libsodium ( cf. https://nacl.cr.yp.to/features.html and https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these the kind of changes you are suggesting? Regards, b.f. From owner-freebsd-security@freebsd.org Sun Oct 29 15:18:00 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CE3AE40E8F; Sun, 29 Oct 2017 15:18:00 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 00BC6810D6; Sun, 29 Oct 2017 15:17:59 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 4A18018C4; Sun, 29 Oct 2017 15:17:59 +0000 (UTC) Subject: Re: Crypto overhaul To: bf1783@gmail.com, Poul-Henning Kamp Cc: Benjamin Kaduk , "freebsd-arch@freebsd.org" , Ben Laurie , "freebsd-hackers@freebsd.org" , "freebsd-security@freebsd.org security" References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <28039.1509260726@critter.freebsd.dk> From: Eric McCorkle Message-ID: <61210249-105c-974c-1dae-1837e5969054@metricspace.net> Date: Sun, 29 Oct 2017 11:17:58 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 15:18:00 -0000 On 10/29/2017 09:46, bf wrote: > On 10/29/17, Poul-Henning Kamp wrote: >> -------- >> In message , Eric >> McCorkl >> e writes: >>> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>>> -------- >>>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk >>>> writes: >>>> >>>>> I would say that the 1.1.x series is less bad, especially on the last >>>>> count, >>>>> but don't know how much you've looked at the differences in the new >>>>> branch. >>>> >>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>>> FreeBSD has higher ambitions. >>>> >>> >>> I'm curious about your thoughts on LibreSSL as a possible option. >> >> It retains the horrible APIs, so the potential improvement is finite. >> > > OpenBSD started the task of making OpenSSL easier to use by adding > things like libtls > > (see https://man.openbsd.org/tls_init ) > > on top of their backwards-compatible libssl. There are similar > efforts in other libraries like NaCl and its forks, such as libsodium > ( cf. https://nacl.cr.yp.to/features.html and > https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these > the kind of changes you are suggesting? I know the LibreSSL roadmap includes more plans to improve the API design to make it more usable. Overall, I think LibreSSL is the best option, though there needs to be some investigation into how easily it can be used for kernel and boot-loader purposes. Things like libsodium are too narrow in their focus, and BearSSL is too new. Plus the fact that LibreSSL originates from one of the BSDs and has its backing is a significant advantage, I think. From owner-freebsd-security@freebsd.org Sun Oct 29 16:32:55 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE0C3E46241; Sun, 29 Oct 2017 16:32:55 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0104.outbound.protection.outlook.com [104.47.36.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A65383D50; Sun, 29 Oct 2017 16:32:54 +0000 (UTC) (envelope-from sjg@juniper.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CzDh1clqxHoUZ9hYUWmhxj3MAg1XOBuapGYdsOQC0po=; b=D7DcmpAN+MNU1spcqjpRQSyWAmfO3/QMfmwcGLMrwkaU6Qlly7gclY4dP3A2sH+5mId7x6JNgaEO+nsVY3tYi1wyCnWbb/XSmfL0Ge+xxsFFioDBSz5Nx9zbrEkQaMvQw77+q5cZgioI7VzkKA0dSZjDqjVdcbHZrOGo0UJciWc= Received: from DM5PR05CA0053.namprd05.prod.outlook.com (10.174.188.170) by MWHPR05MB3613.namprd05.prod.outlook.com (10.174.251.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.4; Sun, 29 Oct 2017 16:32:52 +0000 Received: from DM3NAM05FT038.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::200) by DM5PR05CA0053.outlook.office365.com (2603:10b6:4:39::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.197.4 via Frontend Transport; Sun, 29 Oct 2017 16:32:52 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT038.mail.protection.outlook.com (10.152.98.151) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256) id 15.20.197.9 via Frontend Transport; Sun, 29 Oct 2017 16:32:51 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sun, 29 Oct 2017 09:32:44 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v9TGWh4b021885; Sun, 29 Oct 2017 09:32:43 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 89C53385567; Sun, 29 Oct 2017 09:32:43 -0700 (PDT) To: Eric McCorkle CC: , Poul-Henning Kamp , "freebsd-security@freebsd.org security" , Benjamin Kaduk , Ben Laurie , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" , Subject: Re: Crypto overhaul In-Reply-To: <61210249-105c-974c-1dae-1837e5969054@metricspace.net> References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <28039.1509260726@critter.freebsd.dk> <61210249-105c-974c-1dae-1837e5969054@metricspace.net> Comments: In-reply-to: Eric McCorkle message dated "Sun, 29 Oct 2017 11:17:58 -0400." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <95043.1509294763.1@kaos.jnpr.net> Date: Sun, 29 Oct 2017 09:32:43 -0700 Message-ID: <95044.1509294763@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(346002)(376002)(2980300002)(199003)(24454002)(189002)(69596002)(39060400002)(107886003)(47776003)(2950100002)(305945005)(4326008)(221733001)(6916009)(356003)(6266002)(6246003)(50466002)(9686003)(68736007)(55016002)(7696004)(2906002)(5660300001)(77096006)(7116003)(229853002)(53936002)(97756001)(8676002)(54906003)(8936002)(316002)(46406003)(7126002)(76176999)(23726003)(16586007)(2810700001)(50986999)(105596002)(81156014)(81166006)(53416004)(97876018)(189998001)(106466001)(76506005)(50226002)(478600001)(117636001)(97736004)(3480700004)(86362001)(93886005)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR05MB3613; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT038; 1:BmGzebx+tizseAkHeIUGxoAM0qcDGcBNsP0dVSHjW5KkdAQKkM2nquWsDn0NXv1tg85I7aG/nKbYrHr55A+Ollsk/Fjxup/v4xxCbPcAQXBPfa7wWWEebH4JoNdVxpcU X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b3a3bb25-7021-4aaa-e928-08d51eeab339 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(2017052603199); SRVR:MWHPR05MB3613; X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3613; 3:bLgK3bY0Shy1Q/Hv2FK1t9xbCh/b+ttzpHj+NhFT7Yn02y8ojIngZ13LXCGLvyGOXwj72YwlTE1PvYYj4HX1gO/noz2U87ApukbhsC+0mzh0HDTZWsxPyjGyN4udnddLA0B89avgdGYLQoBTybM+FwMawPYpBkWekjTTPBAbTH42O9LADPyomOe9YXosCKvzd3YeL/HSMUBPLcqrCrM7FAslbUopLfu8te+FTFoBoDrF5BZtxZmW19Snc8yRBls2VI97wM4ZyAbsp4XXL+HPjCBH2hfFl4EWLNfSaf+jZGVSiLl+wOhwTl6KlMxCzVgzW/6eeQ/gNRSyCugEXVVoSxeOxxlvJ6RPPilAOXQ4QD8=; 25:2R5Pb5Jo9W3vsog9iH7gbfWorcUPPbHMjtUsFLtQai6mo9zr7HW5UJ5otTTxTt55HDLwHiDaQA2D3OxHCBMi7hqELIg2/yTGepAI/ra/8BUVYwfc3iZm2maKz8dWMtqGFKhLX/omD69t2J6r+a7nfcnjfT0RpUI69wo+JsUxy/rifdFeqJYa/HUbwf4eyzxFlXhPJzUQsgJUL394iTZ6IM6gF2Hg3ZDWxRqAiwKudHE6djRswtMgC149XApow5Rj60724BhRDdcL37kvCohkFezsKDpTvls8Iv9XsdoHyYZfhv2Cl18WIWJEF2PuMPC7hZHEKnnN2oKNX25gH7Qxyw== X-MS-TrafficTypeDiagnostic: MWHPR05MB3613: X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3613; 31:wm2gF+if/HESKjQCwHUx2Je7xDBuMh0CGBmoqQ2oEirHDi1c+48oAdN2tShfdNLQzCrNofqi7e9WLZ9pEsTjcntkYxJYb1z3X3iSuBGeVI68wHZmCFQqFrnbk9JXjGi+MKhz0uYfnZQ/pQLKxhxNL4Qx0mKRUrQVNWyGO73QuwtgP88HsomsNspN++rPSIsJ7U296M7FXKEeGnyGfq7JxPxU2UNAay/62AUGm4xmrmg=; 20:++bdJFmfX7xZp7hW1j2a/Quntk6FENa0En+4r/f65xkl5P2YYYyQgbRG1vrb1e/B9w6wpSV0PLd7ZcIfuJVbTdPLMtF96ED4Ccyke3hOrUi9F9OlD/xYiTmNyDiAfW3hCahrC1mXIo+fb+I1OihycTyr80xo+Ey3FytH+ikLCBOiEAVN+Nhiq29LOfAz2BnM5bNSXFi7aQMugZEMQjx4iOIuMiqjc81SGWDv75AWMuon4MSaTOIk13wTmd+xC08Whf/f9rL61J0Qvt0ml//jj4lBzAodn8HfNnCQheFzMDCXBegQWmosFuhB477iiQ9Q+OIiCUr1IurfqN0V4vNOnfAbYyI+Wqe5DSWdLxSmeV09HBiktMzJAjMjJxrUmZfSgeaSSpG941x8ym4QlcK5pDt1/UN8GAWVPqAPgc/fmpLe29d7KJmnqteVh/sVmqyGZjDTSBU0eOeKki9JJ3xUev/6BMEu0m3ECJL2gRwywR5lh9fm/UpLu3TmPA2og8i9 X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3002001)(93006095)(93003095)(3231020)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(20161123558100)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR05MB3613; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR05MB3613; X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3613; 4:uMOiNQsnJluh2Re5B6oAxIZRBuHYj6qENT0fgc1zMLz10rGIOj007CDYXwum8HIj5zA+cytVGDoaTwvjpubDK6hNUlYUMqdrSCUYANBdb3sJOaLOB0xTm7nk4UHTuo5mxyWBOEv14lFL+1CFPtSdnKP5g39pql7x+DFzFdy1CVz1n+MoyOXuU+P6GiUTkYNUmZvqb7CH+zRzcEikExV+x9tRYA3xbjGtNz/IMsUqhGh6oklqRsRf5AzaTFp9dBRGDlnVUiF6vywLpuCd93U/wQ== X-Forefront-PRVS: 0475418F50 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MWHPR05MB3613; 23:yCpu+/LqPxjKLASkkkfQyloL41PBjBlKaEJjRrpMI?= =?us-ascii?Q?saCXbMo5Ypd1RpmkqhPTT0pPiqryj2J3JKqVUSDj3rZJKeSe4sh/O9BkUTez?= =?us-ascii?Q?Wju196Zf8fv4O5pUR6xt3yAEJZbnIL26eyqPD7a8P+puYH6zypprtIZSxutn?= =?us-ascii?Q?73g7z+xSGi999JIJUxordVQ3SI73jTvkcj5gCceSc79g9/6N4n+pFzZlAsjv?= =?us-ascii?Q?pViIPXLoc7gPDk3GicShVDAI9lpDiIyCvn/ReaHy5UXAdJ7YZ4Py1tMfzeh1?= =?us-ascii?Q?loOCIny69lsCQX7v8Fbcaa0L9mF1T0j3d0h2Ihtq6TkBBSTbxcpfI0pfb7Gz?= =?us-ascii?Q?a6Z446KyWMwRvhjPfsNZesYZCxCvuDOwzXQEB2JBS7/lbzgFMMYtEdfkIiHT?= =?us-ascii?Q?W3yc4r+FyywR53lhhGR66kqB9NSmYxsf+uXpRMPZ3Yj4ciopZnL7NJxSl0n2?= =?us-ascii?Q?MDJokJ6MNsnnftNPqv8jmFeL7+DvQn56lE/mcCI6xWxjFs2Gk0ggdLBbFKOT?= =?us-ascii?Q?0PJrr+0BKI4CqqOrXSAgPR/BvNEETp0DZVcezjYc3ag+rSN25RTFmywqkMzF?= =?us-ascii?Q?vce1pobcc2DA/cMWH57+CM/zMbHpOlhN7bqkbHxQcKfqafBcalJsVUYwZ9Xa?= =?us-ascii?Q?xfm6NVusgybrYjm6uF5tb0f+eig7d+N1ic01L9rWtCOl3YB6s+zqYoTqXIY5?= =?us-ascii?Q?3hr6KNVibdrKkCpZT3lz8OT60Ky+q3nml+R39mxbucTnA2ISkPnOeNtwB4kj?= =?us-ascii?Q?sOpXPnWb44LpVY/ml/MoUV5b1nKbvHNCOZtJPLDNoYWxUM6Yk1UkRMM8sEVJ?= =?us-ascii?Q?tIj1k+0aOenxW9UpUdsmsr5F77NgQXfC7R0uBd6gdLyKMSLu/YG54Fv4dYtE?= =?us-ascii?Q?/S/rEK+HG4OxUIMoa9MefL/6PMA4Vf8BUnkRBIBnsyn4NrzRRBt/0itp0tiX?= =?us-ascii?Q?zr/HXV+RMVbdHe2lo5mLkJZStIGKqY+5WerD7WbVcYIBugWCECvrNmmASLgE?= =?us-ascii?Q?kSXkz/GNov5TngDKO3jnWMcjRQL8H8W3Ypa7Rv5UjslFVrIR/7veR+7C2CUU?= =?us-ascii?Q?Wsjg7FNeJO+x4fu+Ba5je5YfEubeOMsYa8LzTyFMIswabIJMbAR17WP3lPBP?= =?us-ascii?Q?k9PzKW9Ltwf3Z8X7QfNkduJe2dfXhObsT1qV09b/8BVEEZ/TFVzZzCrH8Y5o?= =?us-ascii?Q?kNmQaBtTdz6KYJXraT5qfNmcyQyUvTrHEzcxMn4G8WbGGuH0D/wWGInSc72Z?= =?us-ascii?Q?jFe/G0NFY9UvHGBJ3YGS39S/HdibSBjOq5oyuQFsd750V7D/urA2vUPVnlfY?= =?us-ascii?Q?TE+ob63WvmaCbooBFea2pZ28wBq4A8yYm3N9lNUKgx7?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3613; 6:eEHU3pjfCt7i6ArWSmL8OXvD24uOJ/SNM+ujZmFjuQMrsvs8bTzExu94Kwvu6N9PKKqFI3p2Z27JYYILVdSXPuo5N0oUzjT600w8P4+jU7g1N9hzk9bgeh+Gc9MaJWrfeCMcEFOUv0wCqWHdjAKIskmB53S+OouECtSB4NX67ayIHeWIF1aszffB71HS5RAn/TUbwEbeMguSNyfz/jA7T9sY17NCS4djW+4BbmKCn7G9tAW3FOV5vC9XTy10gFZMepUwFifNxuYTI7k1Vr0/azYT2XKjp2GemOk4eRQFMTNxHE7fyXJExw7Gpf12rbXdlhPt/f10kDCmaGX8va/8dVW1ZLMWyq0eqo/neDwGZY4=; 5:dLz/hTJ/rTR4iF3Fnsbdw1SkYWIGaxp4sotHPbniD7pFTig9iMqbdk79DEPxtd5E69Y8J98yB/AuTXfy7/IgklRdtKvX853M+YPgfATzo04HQu6XGSTqN6CQM++ZfxfSOjuP9DpxE1wPnkeeSqE/C8qXkD1ycBuZOtFjaDqqMPA=; 24:gcjPSsI4fkdMikhRUzntLi3d5mmfyvfM2esZafz0KaQGSU8WYdi+nd0QSnbgXZfVQZlH0XqpgfTxbV2/zBZLRZ8BzCYd9AhfMj7NwRr/vz0=; 7:oaLcwtnT9773JR4cUa39WOVAC6CVfZJONndCmL9Sz6NTeYQToJrAf7FJb6hX7b/hbSzl+PfzwrNMxieCiEUVysByLL9HWZObHiFrJbnRl5YcWH55q4DCVR4ZSBfa+LQlNR+uNxtNWdR3AutImcANAXKs32IxJrHL6/1AtrmVUA4XQGfnYGXdzlbwjv87eIL6joXpbcLtDCN94mlU/5sVlryFEw/d8as3LC2p1qr1Desxw9MG3K/P66hDWypbCLDm SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Oct 2017 16:32:51.5103 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b3a3bb25-7021-4aaa-e928-08d51eeab339 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3613 X-Mailman-Approved-At: Sun, 29 Oct 2017 17:17:44 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 16:32:55 -0000 Eric McCorkle wrote: > Overall, I think LibreSSL is the best option, though there needs to be > some investigation into how easily it can be used for kernel and > boot-loader purposes. Things like libsodium are too narrow in their > focus, and BearSSL is too new. Our userland veriexec binary uses a libverify which is mostly just OpenSSL (originally structured that way for export reasons ;-) is 3.6M - at least 90% of that is just OpenSSL. I tried paring that library down to just the bits needed for loader. But had to give up at 3M. Which was when I encounterd BearSSL. Out of the box, it could verify our ECDSA cert chains as well as various RSA ones which was a pleasant surprise. libbearssl is < 1M and my loader is 347K with verifcation vs 237K without, so the entire verifcation implementation is only 110K --sjg From owner-freebsd-security@freebsd.org Sun Oct 29 17:15:15 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E0CCBE475D7; Sun, 29 Oct 2017 17:15:15 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-qk0-x243.google.com (mail-qk0-x243.google.com [IPv6:2607:f8b0:400d:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9465D3D4; Sun, 29 Oct 2017 17:15:15 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: by mail-qk0-x243.google.com with SMTP id x82so13545215qkb.12; Sun, 29 Oct 2017 10:15:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=KbBIk4wF/ij5htrJk8qDFgL2DO374EEvnIRSz+M4u14=; b=bjSZ1Y5IhkazDMzTcfW2GEKDpV9cpLSj73QkxfldZqtTNn6kyVO6B8JVtaBRWM+N9U 7Wq02fQsjosLL7Jv9fX2ONrakCnz/1IB2nJOKyLjgIbn/zovHvMSs5yVqKrla/IJ7SL4 lxQqIL29Ay+Xn9EI/ERl0Ram6ZpPByr6Jz2UBeGKrXqdyZsavjsuynW1nQp6uFolIU7Q QEHZydTVU9K24bZMmE5NyUMn5Sg3y072y3LXX5HP5qQ5jRsuHaKf6PrtySfL6dHexY/d KJJJQTfoRot9mLAvqu3vZoFxFQiO99Y2OmNrw8U1zujWhZGGOL4uA/0O+tONJ+sbr1r4 u84w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=KbBIk4wF/ij5htrJk8qDFgL2DO374EEvnIRSz+M4u14=; b=ktaoKyARD/rwJdWMtd8IdWIgveryEkf/iXs7jAkYCVv7Rf8mR0uf3nr8iJEuw263dO 8DMnXRxFz0UfbyVYrt0EjTR+aF5x1cTJJ3fcbEHNQQSw3RspPwS9YZwsQLdg5Rlcl7Dn GzQLOW/rNBw+dFiygTyffCJ7/UlzsSu22hzNxPS0QCEOuQcef6Wcmgg/BfI8rXe4jDOa uY1RHWKLJ7Y/Ua1cKlzcFf3RRyC3tqPZleRqeAQxVnEAO2ah/zG9eMWhKc4uXlN1OXCR aYmIxd257HCtG5Vdb2eOTIjyapQPK5xB76h998k3g0KHKT+gs63YhqofRHEwXkyA1i1H U21A== X-Gm-Message-State: AMCzsaWaSG83MkoKTbep5LstQ16Y/xfjDSUJtVfCflHTqqFhsuPS/hWI dZw8fXhePgrDK8uknLJQqJemDcB1iCz1qNSbJUs= X-Google-Smtp-Source: ABhQp+SHLAgMCXgjFKe2WMS89jNcGetcVG7fne3MoLNveq0lAcg97BCgjl7cLYIPXQbZ377mzsJi5JCKQmyA7tvKe/k= X-Received: by 10.55.197.20 with SMTP id p20mr9680636qki.229.1509297314773; Sun, 29 Oct 2017 10:15:14 -0700 (PDT) MIME-Version: 1.0 Sender: benlaurie@gmail.com Received: by 10.200.22.174 with HTTP; Sun, 29 Oct 2017 10:15:14 -0700 (PDT) In-Reply-To: <61210249-105c-974c-1dae-1837e5969054@metricspace.net> References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <28039.1509260726@critter.freebsd.dk> <61210249-105c-974c-1dae-1837e5969054@metricspace.net> From: Ben Laurie Date: Sun, 29 Oct 2017 17:15:14 +0000 X-Google-Sender-Auth: YL3p4S4Fawfv-h3A9jWw9YR424Y Message-ID: Subject: Re: Crypto overhaul To: Eric McCorkle Cc: bf1783@gmail.com, Poul-Henning Kamp , Benjamin Kaduk , "freebsd-arch@freebsd.org" , "freebsd-hackers@freebsd.org" , "freebsd-security@freebsd.org security" Content-Type: text/plain; charset="UTF-8" X-Mailman-Approved-At: Sun, 29 Oct 2017 18:31:47 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 17:15:16 -0000 On 29 October 2017 at 15:17, Eric McCorkle wrote: > On 10/29/2017 09:46, bf wrote: >> On 10/29/17, Poul-Henning Kamp wrote: >>> -------- >>> In message , Eric >>> McCorkl >>> e writes: >>>> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>>>> -------- >>>>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk >>>>> writes: >>>>> >>>>>> I would say that the 1.1.x series is less bad, especially on the last >>>>>> count, >>>>>> but don't know how much you've looked at the differences in the new >>>>>> branch. >>>>> >>>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>>>> FreeBSD has higher ambitions. >>>>> >>>> >>>> I'm curious about your thoughts on LibreSSL as a possible option. >>> >>> It retains the horrible APIs, so the potential improvement is finite. >>> >> >> OpenBSD started the task of making OpenSSL easier to use by adding >> things like libtls >> >> (see https://man.openbsd.org/tls_init ) >> >> on top of their backwards-compatible libssl. There are similar >> efforts in other libraries like NaCl and its forks, such as libsodium >> ( cf. https://nacl.cr.yp.to/features.html and >> https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these >> the kind of changes you are suggesting? > > I know the LibreSSL roadmap includes more plans to improve the API > design to make it more usable. > > Overall, I think LibreSSL is the best option, though there needs to be > some investigation into how easily it can be used for kernel and > boot-loader purposes. Things like libsodium are too narrow in their > focus, and BearSSL is too new. > > Plus the fact that LibreSSL originates from one of the BSDs and has its > backing is a significant advantage, I think. Mostly it originates from OpenSSL. :-) From owner-freebsd-security@freebsd.org Sun Oct 29 19:13:19 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35D10E4A150; Sun, 29 Oct 2017 19:13:19 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 62F6E635CB; Sun, 29 Oct 2017 19:13:17 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074424-135ff7000000649f-9a-59f6271477b6 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 99.E9.25759.41726F95; Sun, 29 Oct 2017 15:08:05 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v9TJ82R1009557; Sun, 29 Oct 2017 15:08:03 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v9TJ7wQN022191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 29 Oct 2017 15:08:01 -0400 Date: Sun, 29 Oct 2017 14:07:58 -0500 From: Benjamin Kaduk To: Eric McCorkle Cc: Poul-Henning Kamp , "freebsd-security@freebsd.org security" , "freebsd-arch@freebsd.org" , Ben Laurie , "freebsd-hackers@freebsd.org" Subject: Re: Crypto overhaul Message-ID: <20171029190758.GE26855@kduck.kaduk.org> References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprJKsWRmVeSWpSXmKPExsUixCmqrSuq/i3SYOFfFotFszktvk0HMmZP n8ZksX3zP0aLnk1P2Cw+fON3YPOY8Wk+i8fmpjlsHvd2TGDy+LR/MlsASxSXTUpqTmZZapG+ XQJXxrZV71kK2tgqfrz+y97A+JKli5GTQ0LAROLo66OMXYxcHEICi5kkpnz9yQrhbGSUeNNx jhnCucok0Xj6EVCGg4NFQFXi0rFUkG42ATWJx3ubwcIiAhoS83cLgpQzCyxjkrjy9QwjSI2w gIzEwbOXmEBsXqBtJ/fsg5p5nVniVM8VqISgxMmZT8BOYhbQkrjx7yUTyFBmAWmJ5f84QMKc As4S686cZwOxRQWUJfb2HWKfwCgwC0n3LCTdsxC6FzAyr2KUTcmt0s1NzMwpTk3WLU5OzMtL LdI118vNLNFLTSndxAgKb3YXlR2M3T3ehxgFOBiVeHgFNL5GCrEmlhVX5h5ilORgUhLl3Xf+ U6QQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEd4vct8ihXhTEiurUovyYVLSHCxK4rzbgnZFCgmk J5akZqemFqQWwWRlODiUJHi11IAaBYtS01Mr0jJzShDSTBycIMN5gIYHgtTwFhck5hZnpkPk TzEac9x4eP0PE8ezma8bmIVY8vLzUqXEeTtBSgVASjNK8+CmgVKURPb+mleM4kDPCfMqglTx ANMb3LxXQKuYgFZpSH4BWVWSiJCSamBcpZXbovTy1ttNh0v+G16/2yvz5tLy2/YHd840VcgV +N39cUZh2eucqx8O9zTsC2DRfD/d4eN2H+2jghLvAvXEbq/ecfZxxDEB0elXjU8fYJK9KvX8 KpuRbdFkhqu8tXfU0zTnz3+gsv4ad5HuS4UTt/JfrV3Wy54d7NKVy17EfrrAbVNyn4usEktx RqKhFnNRcSIAXZPVuiwDAAA= X-Mailman-Approved-At: Sun, 29 Oct 2017 23:39:24 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2017 19:13:19 -0000 On Sat, Oct 28, 2017 at 08:36:01PM -0400, Eric McCorkle wrote: > On 10/28/2017 09:15, Poul-Henning Kamp wrote: > > -------- > > In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk writes: > > > >> I would say that the 1.1.x series is less bad, especially on the last count, > >> but don't know how much you've looked at the differences in the new branch. > > > > While "less bad" is certainly a laudable goal for OpenSSL, I hope > > FreeBSD has higher ambitions. > > > > I'm curious about your thoughts on LibreSSL as a possible option. I haven't been following LibreSSL enough to have an informed opinion, but my uninformed opinion was that OpenSSL proper has been proceeding with modernization at a faster pace than LibreSSL. -Ben From owner-freebsd-security@freebsd.org Mon Oct 30 08:06:13 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25381E56F0D; Mon, 30 Oct 2017 08:06:13 +0000 (UTC) (envelope-from julian@elischer.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E8B317CBC4; Mon, 30 Oct 2017 08:06:12 +0000 (UTC) (envelope-from julian@elischer.org) Received: from Julian-MBP3.local (124-148-77-206.dyn.iinet.net.au [124.148.77.206]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id v9U85v2c088182 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 30 Oct 2017 01:06:03 -0700 (PDT) (envelope-from julian@elischer.org) Subject: Re: Crypto overhaul To: Eric McCorkle , Poul-Henning Kamp , Benjamin Kaduk Cc: "freebsd-security@freebsd.org security" , "freebsd-arch@freebsd.org" , Ben Laurie , "freebsd-hackers@freebsd.org" References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> From: Julian Elischer Message-ID: Date: Mon, 30 Oct 2017 16:05:50 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Mailman-Approved-At: Mon, 30 Oct 2017 10:38:08 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Oct 2017 08:06:13 -0000 On 29/10/17 8:36 am, Eric McCorkle wrote: > On 10/28/2017 09:15, Poul-Henning Kamp wrote: >> -------- >> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk writes: >> >>> I would say that the 1.1.x series is less bad, especially on the last count, >>> but don't know how much you've looked at the differences in the new branch. >> While "less bad" is certainly a laudable goal for OpenSSL, I hope >> FreeBSD has higher ambitions. >> > I'm curious about your thoughts on LibreSSL as a possible option. what gives any evidence as to it being any better? > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@freebsd.org Tue Oct 31 11:48:41 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A517CE56992; Tue, 31 Oct 2017 11:48:41 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 792AB71232; Tue, 31 Oct 2017 11:48:41 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 123DA1DDD; Tue, 31 Oct 2017 11:48:41 +0000 (UTC) Subject: Re: Crypto overhaul To: Julian Elischer , Poul-Henning Kamp , Benjamin Kaduk Cc: "freebsd-security@freebsd.org security" , "freebsd-arch@freebsd.org" , Ben Laurie , "freebsd-hackers@freebsd.org" References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> From: Eric McCorkle Message-ID: Date: Tue, 31 Oct 2017 07:48:40 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2017 11:48:41 -0000 On 10/30/2017 04:05, Julian Elischer wrote: > On 29/10/17 8:36 am, Eric McCorkle wrote: >> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>> -------- >>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk >>> writes: >>> >>>> I would say that the 1.1.x series is less bad, especially on the >>>> last count, >>>> but don't know how much you've looked at the differences in the new >>>> branch. >>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>> FreeBSD has higher ambitions. >>> >> I'm curious about your thoughts on LibreSSL as a possible option. > > what gives any evidence as to it being any better? At least as about its first year and a half, LibreSSL had a markedly better track record than OpenSSL (zero high-severity CVEs vs 5 from OpenSSL, about half as many mid- and low-security CVEs). From owner-freebsd-security@freebsd.org Tue Oct 31 12:09:45 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15F16E5800F; Tue, 31 Oct 2017 12:09:45 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BD0DC72793; Tue, 31 Oct 2017 12:09:44 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: by mail-qk0-x230.google.com with SMTP id o187so20084086qke.7; Tue, 31 Oct 2017 05:09:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=wpRNTOTDupguLPkaIn3o1twQ9MjBa86KKEqmRsmt7js=; b=cKcPV2Asr7MwWu9I+hxbTE1NOr7BGHsM/n+mIykg+K4xW12obc9mwkuS3R9YCXHmo7 DXfiKTWgteC1a1a3hVXLznmUW4HZtK4mQWyf5TAGFgag8ks/EEd+aczFAdv3tgMZ9lG3 xTH+Pm7XvBH8uRAHAcW/yTilB3Hx4pt17TTUa1OWYgOE3Rulr5+SelM0izpbjS41mxEO 71+MhjPcBy/xpwIYDsZkoe4iwrJS7VwELB8dCC84dPCCB471qiatkijyjawV5YjLo7M6 VPBRbzhOb/wEqX2ww5FvFB+OTtgI7TSVy14mXgUV75dBS9MY8axTHqeQXaqUXUeuMo3w I5xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=wpRNTOTDupguLPkaIn3o1twQ9MjBa86KKEqmRsmt7js=; b=gYaIFxRu3fYMiaNyeGFboOgI8HAas6XN1tF8VmYCeecamwT/h94WH+JEjvvlrwhD0f NpvPfrIFhissZW9fHDD1sgys7XZOYcwoenP2C7OKimyaMG6HWdlIKSRfI9p3LUSq5b6E pSbO/SklqIlODKFw5Zpmcsu4x5GzK2VfaZMq9HHOCNBpkK/Xqho6AD4DcP4T9nIakQzQ Iug+vNEkPBrO/NyEJpIXcFb0SG9zuBPmt/lDNodAKbniTeq0pvFeHVadDsCMPIc0ByuH kvX9k3UhIC8PXUm1Kh6lxTt04wWbP7Y6WM64bdWrYEeZzQt5pk7bVfjAWxWg0mSjQKG7 PW/A== X-Gm-Message-State: AMCzsaXct582tlfHKXWHAkm3b6RBgqwOdilGh1wDX7JKGK+AVKlF1zbK ljQCnf2wj2uZN/R1gWrRKTo2h6R9JO/cr4uNbJB08yGD X-Google-Smtp-Source: ABhQp+S/TDvaQXKiQvwlsgaEFRMjMkBunKHz2I5lieLwYWeDPn0UOyoyqZnA9EYCZc+7/pl6ik0NrAK22N/gfYyEuyo= X-Received: by 10.55.39.145 with SMTP id n139mr2379578qkn.70.1509451783826; Tue, 31 Oct 2017 05:09:43 -0700 (PDT) MIME-Version: 1.0 Sender: benlaurie@gmail.com Received: by 10.200.22.174 with HTTP; Tue, 31 Oct 2017 05:09:43 -0700 (PDT) In-Reply-To: References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> From: Ben Laurie Date: Tue, 31 Oct 2017 12:09:43 +0000 X-Google-Sender-Auth: OojgfRKA5KJ3YvZD77rXtAuGFCc Message-ID: Subject: Re: Crypto overhaul To: Eric McCorkle Cc: Julian Elischer , Poul-Henning Kamp , Benjamin Kaduk , "freebsd-security@freebsd.org security" , "freebsd-arch@freebsd.org" , "freebsd-hackers@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Mailman-Approved-At: Tue, 31 Oct 2017 12:35:19 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2017 12:09:45 -0000 On 31 October 2017 at 11:48, Eric McCorkle wrote: > On 10/30/2017 04:05, Julian Elischer wrote: >> On 29/10/17 8:36 am, Eric McCorkle wrote: >>> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>>> -------- >>>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk >>>> writes: >>>> >>>>> I would say that the 1.1.x series is less bad, especially on the >>>>> last count, >>>>> but don't know how much you've looked at the differences in the new >>>>> branch. >>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>>> FreeBSD has higher ambitions. >>>> >>> I'm curious about your thoughts on LibreSSL as a possible option. >> >> what gives any evidence as to it being any better? > > At least as about its first year and a half, LibreSSL had a markedly > better track record than OpenSSL (zero high-severity CVEs vs 5 from > OpenSSL, about half as many mid- and low-security CVEs). Not getting CVEs doesn't mean not having the issues: https://marc.info/?l=openbsd-announce&m=140752800525709. From owner-freebsd-security@freebsd.org Tue Oct 31 12:24:34 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4BB3BE58809; Tue, 31 Oct 2017 12:24:34 +0000 (UTC) (envelope-from swall@redcom.com) Received: from smtp1.redcom.com (smtp1.redcom.com [192.86.3.143]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB6C734D3; Tue, 31 Oct 2017 12:24:33 +0000 (UTC) (envelope-from swall@redcom.com) Received: from localhost (localhost [127.0.0.1]) by smtp1.redcom.com (Postfix) with ESMTP id E42CCA043; Tue, 31 Oct 2017 08:24:26 -0400 (EDT) X-Virus-Scanned: amavisd-new at redcom.com Received: from smtp1.redcom.com ([127.0.0.1]) by localhost (smtp1.redcom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmeTgvPpBMCa; Tue, 31 Oct 2017 08:24:25 -0400 (EDT) Received: from pie.redcom.com (pie [192.168.33.15]) by smtp1.redcom.com (Postfix) with ESMTP id 4B5DFA02A; Tue, 31 Oct 2017 08:24:25 -0400 (EDT) Received: from exch-02.redcom.com (exch-02.redcom.com [192.168.32.9]) by pie.redcom.com (8.11.7p1+Sun/8.10.2) with ESMTP id v9VCO0l29495; Tue, 31 Oct 2017 08:24:25 -0400 (EDT) Received: from exch-02.redcom.com (fd00::ccaa:c259:22f8:6f4b) by exch-02.redcom.com (fd00::ccaa:c259:22f8:6f4b) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 31 Oct 2017 08:24:00 -0400 Received: from exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b]) by exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b%12]) with mapi id 15.00.1178.000; Tue, 31 Oct 2017 08:24:00 -0400 From: "Wall, Stephen" To: "freebsd-security@freebsd.org security" , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" Subject: RE: Crypto overhaul Thread-Topic: Crypto overhaul Thread-Index: AQHTT1k1W13dziFDt0aDYDljK8GQJKL4ZliAgABmMICAAF5RAIAASuEAgAAMbICAAL3/gIACEAMAgAHQlwD//8TWEA== Date: Tue, 31 Oct 2017 12:23:59 +0000 Message-ID: References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.168.84.20] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 31 Oct 2017 12:47:22 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2017 12:24:34 -0000 > At least as about its first year and a half, LibreSSL had a markedly > better track record than OpenSSL (zero high-severity CVEs vs 5 from > OpenSSL, about half as many mid- and low-security CVEs). Are any of these relevant to the crypto module? Or are they all only appli= cable to the SSL protocol? As I understand the discussion so far, the goal is to unify all the dispara= te crypto pieces in the base system. That could certainly be done using Op= enSSLs libcrypto, and let users select their SSL provider from the ports tr= ee. -spw From owner-freebsd-security@freebsd.org Tue Oct 31 23:34:27 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE0B0E4434C; Tue, 31 Oct 2017 23:34:27 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id 0638B6927C; Tue, 31 Oct 2017 23:34:26 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 772BB1FBA; Tue, 31 Oct 2017 23:34:26 +0000 (UTC) Subject: Re: Crypto overhaul To: freebsd-arch@freebsd.org, "freebsd-hackers@freebsd.org" , "freebsd-security@freebsd.org security" References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> From: Eric McCorkle Message-ID: <1adbe576-2610-573b-f555-3b1a537f25e0@metricspace.net> Date: Tue, 31 Oct 2017 19:34:26 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2017 23:34:28 -0000 On 10/31/2017 08:23, Wall, Stephen wrote: >> At least as about its first year and a half, LibreSSL had a markedly >> better track record than OpenSSL (zero high-severity CVEs vs 5 from >> OpenSSL, about half as many mid- and low-security CVEs). > > Are any of these relevant to the crypto module? Or are they all only applicable to the SSL protocol? > > As I understand the discussion so far, the goal is to unify all the disparate crypto pieces in the base system. That could certainly be done using OpenSSLs libcrypto, and let users select their SSL provider from the ports tree. That's already how things work, but it doesn't provide a viable solution for kernel and boot loader APIs. There's apparently been at least one attempt to embed OpenSSL into the kernel, to no avail. From owner-freebsd-security@freebsd.org Wed Nov 1 07:31:51 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5E676E65436 for ; Wed, 1 Nov 2017 07:31:51 +0000 (UTC) (envelope-from repeatable_compression@yahoo.com) Received: from sonic307-10.consmr.mail.ne1.yahoo.com (sonic307-10.consmr.mail.ne1.yahoo.com [66.163.190.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 26C0B1961 for ; Wed, 1 Nov 2017 07:31:50 +0000 (UTC) (envelope-from repeatable_compression@yahoo.com) X-YMail-OSG: aR_jXNMVM1mZuxbNNHy61RICA_RI4hgErdqCFsUi67V9vbOd4HamBAkd6fc9L13 42q7sOSxrxSKJdZZlzAlnGKePDVJp0MULUg4Xfz0ScFjNtWpiEF0OmNFixxFWEFBUHOxBdM.tZjw c0SoAYz6hB5ZUNHudQOaq8iRO9TuijAJQL3z1nASu38HQZMJFsfKgG.Kp7zWtRGqPEAyCtQwKYuq n8.iGZnCXBPrFS4tdtxBjTKBou7prHl18PMnULbxMlXs3.5MBdPYuSH5du8TJF7_h0cRUGWu1LWi q5SqSb4N.5vRbnqj51fevZ8.lxYF9Gef5JJvYiDfnO7ysnBjbTUoSfhFa._Z_q.wAM5V1S4qNVZo 3BncInmOqxRz0GP3S24FbxSzphImzY3YIcU4RMC8egOs4VOAW0J4r.Kts0Rojo4rP3HyjAI8impR YVCuqJuCH4isDsSpO5z9selkVeT9nSJWr9rdNCunY8jMNSLSR8gkv2KuVqLT9y9MfenXEQBTs26J LqjozRTNgrqHP5mnd94c- Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Wed, 1 Nov 2017 07:31:43 +0000 Received: from [127.0.0.1] by smtp112.mail.ne1.yahoo.com with NNFMP; 01 Nov 2017 07:31:42 -0000 X-Yahoo-Newman-Id: 261437.14638.bm@smtp112.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: aR_jXNMVM1mZuxbNNHy61RICA_RI4hgErdqCFsUi67V9vbO d4HamBAkd6fc9L1342q7sOSxrxSKJdZZlzAlnGKePDVJp0MULUg4Xfz0ScFj NtWpiEF0OmNFixxFWEFBUHOxBdM.tZjwc0SoAYz6hB5ZUNHudQOaq8iRO9Tu ijAJQL3z1nASu38HQZMJFsfKgG.Kp7zWtRGqPEAyCtQwKYuqn8.iGZnCXBPr FS4tdtxBjTKBou7prHl18PMnULbxMlXs3.5MBdPYuSH5du8TJF7_h0cRUGWu 1LWiq5SqSb4N.5vRbnqj51fevZ8.lxYF9Gef5JJvYiDfnO7ysnBjbTUoSfhF a._Z_q.wAM5V1S4qNVZo3BncInmOqxRz0GP3S24FbxSzphImzY3YIcU4RMC8 egOs4VOAW0J4r.Kts0Rojo4rP3HyjAI8impRYVCuqJuCH4isDsSpO5z9selk VeT9nSJWr9rdNCunY8jMNSLSR8gkv2KuVqLT9y9MfenXEQBTs26JLqjozRTN grqHP5mnd94c- X-Yahoo-SMTP: KDkTLsqswBBCmUTAOzBaZ_hLyVQzFsoqgrhYGNK2rJDiXlA- Subject: Re: Crypto overhaul To: freebsd-security@freebsd.org References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <1adbe576-2610-573b-f555-3b1a537f25e0@metricspace.net> From: Jules Gilbert Message-ID: <7c024488-cb11-4ee9-a077-1a7ad14ab7b4@yahoo.com> Date: Wed, 1 Nov 2017 03:31:39 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <1adbe576-2610-573b-f555-3b1a537f25e0@metricspace.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Nov 2017 07:31:51 -0000 I've been trying to encourage this group to take a look at whether it's a good idea to continue to depend on factoring as the basis for secret message passing. I read the notes of the work discussed here for relaxation.  I'm not a contributor.  Or rather, my warning was my small contribution, people yawned.  Which is how things work... If you're interested in predicting data bytes contained in unseen files, here's a copy of my first demo system.  It's been out for nearly three years, enjoy it. I have a new system, another demo of this type, actually two separate C programs, one which runs on the SEND-side of a non-existent channel, the other, the RCVE-side.  The program transfers data from the first machine to the second, even if the two machines are never on at the same time and of course!, are not connected in any way;  The only 'connection' being synchronized random number streams, nothing else.  I'm not sure whether this is obvious:  The RCVE machine can read the SEND-side message before it exists.  How?, messages (now short, though the random streams are lengthy,) are encoded and decoded based on the random number stream. I don't have proof, but when I look at the available facts, to me it looks like messages based on factoring are not secure.  And not because of holes in the architecture of SSL, rather because factoring has become easy. // Copyright Jules Gilbert, 2015.  All rights reserved. #include #include #include #include #include #include #include ///////////////////////////////////////////////////////////////////////////// #define mask(n)         ((1<>  7) & mask(n)) #define rdm8()          ((random() >> 20) & 255) #define INPUT_FILE      "compressed file to be used as example input" ///////////////////////////////////////////////////////////////////////////// typedef      char         *stx; typedef  unsigned char     cnu; typedef    signed char     cns; typedef  unsigned int      inu; typedef    signed int      ins; typedef    cns            *csx; typedef    cnu            *cnx; typedef    int            *inx; ///////////////////////////////////////////////////////////////////////////// FILE *iFILE; int nCHAR, iDSN; char DSN[4][99]; int raw, newSR, oldSD, oldSRoldSD, newSRoldSD; ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// int mimicGE() {  // this predicts whether the next byte  // in a file containing previously  // compressed data, meets:  //  //            r >= d  //  // where 'r' is the value 'raw', an 8-bit random  // number, and 'd' is the next value in a vector  // from a previously compressed data vector.  //  // This does something very simple, it predicts  // the "r >= d" relationship with better than 75%  // accuracy, without ever seeing the actual data.  //  // Not any portion of the 'd' data vector is read.  // Here, for the purpose of proving this demo, the  // data is examined to establish the merit of the  // prediction process.  This demo is complete,  // this code doesn't make hidden system calls, in  // fact it's very simple code.  //  //  // Given p = r >= d;  // Where 'p' isn't based on (r >= d), but on this  // routine, one can:  //  // int new_d = p ? (r-d) : (d-r);  //  // With 75% reliability,'new_d' will be a smaller value,  // eg., closer to zero.  //   if ((raw <= 119)) return 0;   if ((raw <= 128) && (newSR >= 106)) return 0;   if ((raw <= 128) && (raw >= 124) && (oldSD >= -35))       return 0;   if ((raw <= 134) && (oldSRoldSD >= -29) && (newSRoldSD <= 100))       return 0;   if ((raw <= 143) && (newSRoldSD >= 108) && (newSR <= 88) &&       (newSR >= 83) && (oldSRoldSD >= 8)) return 0;   return 1; } ///////////////////////////////////////////////////////////////////////////// long sizeofFILE( FILE *f) {   long  current, filesize;   current = ftell(f);   fseek(f, 0L, SEEK_END);   filesize = ftell(f);   fseek(f, current, SEEK_SET);   rewind(f);   return filesize; } ///////////////////////////////////////////////////////////////////////////// void Predict_Unseen_Byte_Values() {  int i, count=0;  int sr = 0;  int sd = 0;   // just examples of how to open a file in C.   iFILE = fopen(INPUT_FILE, "rb");   // iFILE = fopen("thunderbird-31.3.0.source.tar.bz2", "rb");   nCHAR = sizeofFILE(iFILE);   for(i=0;i= dat;           oldSD = sd;  oldSRoldSD = sr - sd;           sr += raw;   newSRoldSD = sr - sd;           newSR = sr;           prdFLAG = mimicGE();           // printf("%d%d\n",actFLAG,prdFLAG);           if (actFLAG == prdFLAG) ++count;           sd += jnk;  // no reference to client 'dat'           sr /= -2;           sd /= -2;        }   fclose(iFILE);   // show single-pass merit, typically about 75%.   printf("File to be processed is: \'%s\'\n",INPUT_FILE);   fflush(stdout);   printf("%6.3f%%  %d bytes.\n" , (100. * count) / nCHAR , nCHAR);   // show single-pass merit, typically about 75%. } ///////////////////////////////////////////////////////////////////////////// void main() {   printf("Copyright Jules Gilbert, 2015.  All rights reserved.\n");   Predict_Unseen_Byte_Values(); } /////////////////////////////////////////////////////////////////////////////