CRYPTO_secure_malloc_init() fails without error message

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

CRYPTO_secure_malloc_init() fails without error message

Clay Shields

Hi,

I am working on some server code that uses openssl libcrypto for AES encryption of files. Perhaps I am doing the wrong thing or the right thing the wrong way, but I am trying to use the OpenSSL secure heap for key storage. I created a small program that follow what I was trying to do, below, but the gist of it is that the CRYPTO_secure_malloc_init call returns 0 on my system, which means it has failed according to the man page at:

https://www.openssl.org/docs/man1.1.1/man3/CRYPTO_secure_malloc_init.html 

I tried to get an error message out to see why, but apparently one is not set. The output of the program is:

"failed to init openssl secure heap the error may be (null)"

I am using a Fedora linux system that is running as a VM under VMWare Fusion on Mac OS.

Any clues as to why it might be failing? Am I doing the wrong thing by trying to use the secure heap for key storage? Any help is appreciated.

Thanks,

Clay

--------------------

#include <openssl/crypto.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>

#define OPENSSL_MIN_HEAP_SIZE 65536

int main(){

 SSL_load_error_strings();
 SSL_library_init ();
 OpenSSL_add_all_algorithms ();
 
 // Initialize the OPENSSL secure heap space for key storage
 int ret = CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, OPENSSL_MIN_HEAP_SIZE);

 if (ret == 0){
   printf("failed to init openssl secure heap the error may be %s\n", ERR_reason_error_string(ERR_get_error()));
 }

}
Reply | Threaded
Open this post in threaded view
|

Re: CRYPTO_secure_malloc_init() fails without error message

OpenSSL - User mailing list
Are you running as root?  If not, that's likely to be the problem.

Reply | Threaded
Open this post in threaded view
|

Re: CRYPTO_secure_malloc_init() fails without error message

Clay Shields
Unfortunately that didn’t seem to be it. Updating my code to verify that I am root and running it:

Output:

The effective user id is  0
The real user id is  0
failed to init openssl secure heap the error may be (null)

Code:

#include <openssl/crypto.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>

#define OPENSSL_MIN_HEAP_SIZE 65536


int main(){

  SSL_load_error_strings();
  SSL_library_init ();
  OpenSSL_add_all_algorithms ();

  uid_t uid, euid;
  uid = getuid();
  euid = geteuid();
  printf("The effective user id is  %d\n", (int) geteuid());
  printf("The real user id is  %d\n", (int) getuid());
 
  // Initialize the OPENSSL secure heap space for key storage
  int ret = CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, OPENSSL_MIN_HEAP_SIZE);
 
  if (ret == 0){
    printf("failed to init openssl secure heap the error may be %s\n", ERR_reason_error_string(ERR_get_error()));
  }

}


> On Feb 20, 2020, at 6:31 PM, Salz, Rich <[hidden email]> wrote:
>
> Are you running as root?  If not, that's likely to be the problem.
>

Reply | Threaded
Open this post in threaded view
|

Re: CRYPTO_secure_malloc_init() fails without error message

Dr Paul Dale
> CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, OPENSSL_MIN_HEAP_SIZE);

I’d strongly suggest not passing the same value in the second position.  This parameter sets the minimum block size that can be allocated in the secure heap.  The init call returns an error in this situation.  Do this instead: CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, 16);



Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




On 21 Feb 2020, at 8:33 pm, Clay Shields <[hidden email]> wrote:

Unfortunately that didn’t seem to be it. Updating my code to verify that I am root and running it:

Output:

The effective user id is  0
The real user id is  0
failed to init openssl secure heap the error may be (null)

Code:

#include <openssl/crypto.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>

#define OPENSSL_MIN_HEAP_SIZE 65536


int main(){

 SSL_load_error_strings();
 SSL_library_init ();
 OpenSSL_add_all_algorithms ();

 uid_t uid, euid;
 uid = getuid();
 euid = geteuid();
 printf("The effective user id is  %d\n", (int) geteuid());
 printf("The real user id is  %d\n", (int) getuid());

 // Initialize the OPENSSL secure heap space for key storage
 int ret = CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, OPENSSL_MIN_HEAP_SIZE);

 if (ret == 0){
   printf("failed to init openssl secure heap the error may be %s\n", ERR_reason_error_string(ERR_get_error()));
 }

}


On Feb 20, 2020, at 6:31 PM, Salz, Rich <[hidden email]> wrote:

Are you running as root?  If not, that's likely to be the problem.