in this case, openssl initially rejects the notion that the openssl code could have a strict aliasing violation, and instead blames clang.

meanwhile, libressl and boringssl correctly fix the bug, e.g.

the openssl fix, however, is entirely wrong from an ISO C point of view, and only fixes the immediate problem:

if Clang starts applying this specific (and valid) optimization at the block level, then the code breaks again as it still invokes UB.

furthermore, this issue should have been assigned a CVE because it resulted in incorrect elliptic curve behavior in builds where assembly code was not used

the reason the FOSS world is stuck with OpenSSL has nothing to do with there not being capable forks to replace it, but with the fact that OpenSSL is FIPS certified, and therefore can be "white label FIPS certified".

an example of this being:

vendors such as redhat and canonical do these "white label" FIPS certifications which cost much less than doing a new FIPS certification from scratch.

they then charge for FIPS as a separate SKU, and make a lot of money. that money does not improve OpenSSL, however.

meanwhile we are forced to code our applications against OpenSSL explicitly, presumably because nobody has bothered to even *try* to certify an alternative implementation.

and so we keep getting the same heartbleed-esque upstream behavior again and again and again.

the gist of where i am going with this is that somebody taking BoringSSL or LibreSSL and getting it FIPS certified (which the other vendors can then whitelabel certify) would be one of the biggest and easiest wins we could achieve for FOSS security as it stands today.

now, the LibreSSL guys rightly have a massive hatred of FIPS.

in general, it imposes policy which gives you suboptimal crypto, because standards always lag behind the state of the art.

but we desperately need to replace OpenSSL with a FIPS-certified replacement upstream.

but in this case a FIPS-certified OpenSSL fork is the lesser of two evils.

if we have such a thing, then OpenSSL no longer has any actual justification to exist at all, as the last bit of "market competitiveness" is gone.

@ariadne I think you mean "a FIPS-certified LibreSSL fork is the lesser of two evils" here ?

@dcbaok no, i mean, literally just take LibreSSL and FIPS certify it alongside an openssl.cnf that simulates FIPS mode.

@ariadne ahh, libressl is the openssl fork.

thanks for the clarification

Sign in to participate in the conversation
Treehouse Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!