[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] libevent-2.0 and openssl filter



Wed, 4 Nov 2009 14:26:58 -0500, Nick Mathewson <nickm@xxxxxxxxxxxxx>
wrote :

> Before we get too far into this ... are you sure this is really what
> you want?  With the scheme you describe below, there is no way to
> prevent man-in-the-middle attacks, there is no data authentication,
> you may be vulnerable to replay and truncation attacks, and you need
> to roll your own key negotiation (which is notoriously difficult).
> Using SSL/TLS means that all of these cryptography problems will get
> solved for you.  Trying to solve them yourself -- or leaving them
> unaddressed -- is (IMO) asking for trouble.
> 
> That aside, let's figure out how you would do this, if it were a good
> idea.
I now about these security issues ;)
The fact is: I wanted a generic I/O events handler: thanks to
libevent, made life far easier!
Next step would be to have a generic ciphering entry point on the I/O
buffers, and not only a SSL based authentification/ciphering method. 
So here is my point with such generic BIO bufferevent.

> > /*We assum fd is a socket fd, base is an already set up struct
> > event_base etc...*/
> > struct bufferevent *bev;
> > if (do_we_want_ciphering())
> > {
> > 	/*We initiate the BIO we want*/
> > 	BIO *bio = BIO_new(BIO_s_socket());
> > 
> > 	EVP_CIPHER = /*we set up our cipher, with its required
> > 	parameters ...*/
> > 
> > 	BIO_set_cipher(/*the cipher we want*/)
> > 	BIO_set_fd(bio, fd ....);
> 
> I don't think this would work; BIO_set_cipher only behaves correctly
> for a BIO created with the BIO_f_cipher() filtering method.  So you'd
> have to say something like
I am not fully aware of how OpenSSL works which explains these
unconsistancies, my mistake.

> > 	/*Here we "inject" our BIO into a bufferevent so we will
> > 	almost never deal again with BIO API itself. I.e.: while
> > 	getting/setting buffer content from bufferevent, it will be
> > 	decrypted/encrypted automtically.*/
> > 
> > 	bev = bufferevent_BIO_new(base, bio, ...);
> 
> Ah!  No, we don't support that right now.  I wouldn't be opposed to
> adding patch that did it, if somebody writes a good well-tested one,
> but the code in bufferevent_openssl.c is written (for performance) to
> use an SSL rather than an arbitrary BIO.
> 
> It wouldn't be _too_ hard to implement a variant that took a BIO.  I
> spend 30 mintues hacking together an untested proof-of-concept
> version, and uploaded it to the tracker at
> https://sourceforge.net/tracker/?func=detail&aid=2892126&group_id=50884&atid=461324
> , but it needs more TLC before it's ready for prime-time.  Somebody
> (not me) should take the time to get it ready and cleaned up if they
> care.
It's far from being sure that I would have time/skills to do such
patch. If I really need the previously described method, let's see.

It might happen I will just drop-off my bufferevent-based code to get
back to the libevent standard usage. Implementing ssl, openpgp support
using gnutls on a side, symmetric ciphering with libcrypt (or openssl)
on another and last one: dtls with openssl. 

Anyway, thanks for your clarifications!

TB
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.