On 09/04/2017 10:19 PM, scsijon wrote: > >> Date: Sun, 3 Sep 2017 23:12:05 -0500 >> From: Rob Landley <[email protected]> >> To: toybox <[email protected]> >> Subject: [Toybox] [RFC] ktls is in 4.13. >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=utf-8 >> >> The kernel just merged "ssl renamed after thread local storage" support: >> >> vpaper: https://netdevconf.org/1.2/papers/ktls.pdf >> sample code: https://github.com/ktls/af_ktls >> >> It's basic https plumbing in the kernel, but doesn't do the handshake or >> renegotiation. What I'm wondering is would this be a better thing to try >> to plug into than the openssl command line utility? >> >> Worth bothering with? >> >> Rob > > And the security issues if it's within toybox rather than an external > via openssl, especially as a lot of us run as root so we can 'play'?
Well hopefully most of the plumbing is in the kernel and auditied by the kernel guys. That's what's interesting about this. I dunno how much plumbing is left for toybox to implement. (Sadly it seems like a nontrivial amount...) The actual math doesn't seem that much worse than stuff like sha1sum, but the security auditing is a blocking issue. I believe Android had boringssl professionally audited and doesn't want to mess with two codebases doing the same security-critical thing, and I can't blame 'em. I'm thinking "leverage kernel auditing" might help reduce that concern, but not if there's still significant security plumbing gratuitously left for userspace to get wrong? Haven't had a chance to do a deep dive into this yet, probably won't for a while... Part of my frustration is openssl and bearssl don't have quite the same command line syntax. There's no standard "stunnel blah" command line I can use that's implementation independent. Otherwise I'd just do the "pipe it through a child process" thing and be done with it. (Might still, it's just nontrivial.) > scsijon > ps do you prefer top-posts in-posts or bottom-posts for this sort of > thing please rob? I prefer bottom posts but I'm aware doubtlook goes out of its way to make that as hard as possible. (I've had to use it at a couple of small contracts and half my email time was manually inserting > stuff. Recent releases of Mozilla's Thunderbird copied the stupid even _closer_, but you can cut the blue reply sections and paste them back so they stop being magic and become normally editable again as a workaround...) I mostly tend to follow whichever style the previous poster did. Mixing them is worse than either, and fixing up a top post to not be a top post is time consuming. :) Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
