compare with stunnel

[anarcat]

Hello!

Interesting project, I'm surprised that I didn't hear about it before! :) It would be great, for old graybeards like me, to see a comparison between spiped and stunnel. They both seem to serve similar purposes but I understand they differ in implementation (and maybe performance? or reliability?).

For someone used to deploying stunnel stuff everywhere, why would we switch to spiped?

[gperciva]

To quote another security researcher,

Not being stunnel is the entire point of spiped. The author doesn't trust TLS.

• tptacek, https://news.ycombinator.com/item?id=7542785

Given the history of OpenSSL security flaws, I'd say that not relying on it (which stunnel does) was a good decision!

[anarcat]

But from what I understand you do use OpenSSL for crypto, is that right? Are the concerns solely on TLS or X509 or what? :)

[cperciva]

We use some of the basic crypto primitives; none of the higher level routines. Most of the worst bugs in OpenSSL have been protocol or parsing issues.

That said, we should probably get some benchmarks done at some point.

[gperciva]

Only the AES code; no SSL. It's easy to see what's at risk:

$ git grep "#include <openssl"
BUILDING:  2. Has OpenSSL available via -lcrypto and #include <openssl/foo>, and
libcperciva/crypto/crypto_aes.c:#include <openssl/aes.h>
libcperciva/crypto/crypto_dh.c:#include <openssl/bn.h>
libcperciva/crypto/crypto_dh.c:#include <openssl/err.h>
$ 

Those files are relatively short:

$ wc -l libcperciva/crypto/crypto_dh.c 
297 libcperciva/crypto/crypto_dh.c
$ wc -l libcperciva/crypto/crypto_aes.c 
173 libcperciva/crypto/crypto_aes.c
$ 

so it's easy to check them. And they don't involve a lot of OpenSSL code.