-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problems using OpenSSL 1.1.1 "CRYPTO_secure_*" routines #1515
Comments
Thanks! Do you know a way to monitor the usage of the secure heap for approximating a good size? In any case, please make a PR. |
CRYPTO_secure_malloc_init.html defines all the routines. It also says: "If a secure heap is used, then private key BIGNUM values are stored there." It is also not known at this time what other internal OpenSSL routines may use this or how other libraries or how the application may also use it. So If I were to submit a PR, it would remove lines 835 to 840 and replace with a comment saying it will be used if already initialized. But this may be complicated by linker options, the OS and how modules are loaded. It might be possible to have the pkcs11 module be self contained so the it has its own OpenSSL library and data separate from the calling application which would have its own OpenSSL library and data. In this case each would have its own secure heap. Think about complicated programs like web servers or any program using PAM. Or any programs using libp11 and p11-kit. OpenSSL is used in many of these. A more complicated PR could make initializing the secure heap an option in opensc.conf with a size. Any OpenSC programmers out here that would like follow up on this? |
... and set it for builds where we're linking OpenSSL statically (i.e. Windows and macOS) fixes OpenSC#1515
... and set it for builds where we're linking OpenSSL statically (i.e. Windows and macOS) fixes OpenSC#1515
... and set it for builds where we're linking OpenSSL statically (i.e. Windows and macOS) fixes OpenSC#1515
... and set it for builds where we're linking OpenSSL statically (i.e. Windows and macOS) fixes OpenSC#1515
IMHO OpenSC should not be calling There can only be one secure heap and once created it is not expandable. Any changes to make it expandable would need to be done in OpenSSL. If other libraries start calling The problem should be fixed by removing lines 835 - 840 from ctx.c. Leave its use up to the application |
Almost... see #1525 for a fix |
Yes I had looked at it. And will make further comments on #1525 |
... and set it for builds where we're linking OpenSSL statically (i.e. Windows and macOS) fixes OpenSC#1515
... and set it for builds where we're linking OpenSSL statically (i.e. Windows and macOS) fixes #1515
Problem Description
pkcs11-tool --test --login
fails the Decryption tests when it tried to encrypt:Commit ea6f7cf added these lines to ctx.c:
As best I can tell from the OpenSSL man pages, once the secure heap is created its size is fixed.
and is used by internally by OpenSSL. For example in RAND_DRBG
Debugging the problem by adding
ERR_print_errors_fp(stdout)
topkcs11-tool.c
shows:gdb shows where it is about to return NULL:
Note that RSA_padding_add_PKCS1_type_2 is requesting random numbers for the padding.
The RAND_DRBG_ routines are then setting up their pools, and requesting a 4096 byte block
from CRYPTO_secure_malloc is called to get 4096 bytes from the secure heap.
The routine is about to return NULL because there is no space in the heap.
Proposed Resolution
The question: "What's a reasonable amount of secure heap?" is not easily answered.
To use this feature, it appears
CRYPTO_secure_malloc_init
should be called at the application level,not within OpenSC when called via PKCS#11.
The real problem is OpenSSL does not allow the heap to grow or seperate heaps for each library.
If OpenSC is going to use this feature, 4096 is too small.
838 CRYPTO_secure_malloc_init(65536, 32);
gets around the problem for now.
Steps to reproduce
Use OpenSSL 1.1.1 (built from github) with pkcs11-tool --test --login
The text was updated successfully, but these errors were encountered: