Quantcast

Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

Michael Reilly
Hi,

commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size
returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in
crypto/evp/pmeth_fn.c is != 0.

We are in the process of upgrading from 1.0.2j to 1.0.2k and discovered that the
if (pksize == 0) check added in 1.0.2k breaks some of our applications.

We use an engine for the RSA sign operation.  The applications do not know
anything about the keypair being used.  The keypair is kept private by the
engine so the application couldn't determine the attributes of the keypair if it
wanted to do so.

If this check is necessary is there a way to bypass it when the application does
not have the keypair but the engine being used is holding the keypair?

I know we can simply remove this line from our copy of the code but we like to
avoid modifying the openssl distributed code if at all possible.

Thanks,

michael

commit info:

commit 222333cf01e2fec4a20c107ac9e820694611a4db
Author: Richard Levitte <[hidden email]>
Date:   Tue Dec 20 12:56:14 2016 +0100

    M_check_autoarg: sanity check the key

    For now, checking that the size is non-zero will suffice.

    Reviewed-by: Rich Salz <[hidden email]>
    (Merged from https://github.com/openssl/openssl/pull/2120)
    (cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb)

--
---- ---- ----
Michael Reilly    [hidden email]
    Cisco Systems   Arizona
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

Dr. Stephen Henson
On Tue, Apr 11, 2017, Michael Reilly wrote:

> Hi,
>
> commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size
> returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in
> crypto/evp/pmeth_fn.c is != 0.
>
> We are in the process of upgrading from 1.0.2j to 1.0.2k and discovered that the
> if (pksize == 0) check added in 1.0.2k breaks some of our applications.
>
> We use an engine for the RSA sign operation.  The applications do not know
> anything about the keypair being used.  The keypair is kept private by the
> engine so the application couldn't determine the attributes of the keypair if it
> wanted to do so.
>
> If this check is necessary is there a way to bypass it when the application does
> not have the keypair but the engine being used is holding the keypair?
>
> I know we can simply remove this line from our copy of the code but we like to
> avoid modifying the openssl distributed code if at all possible.
>

Well the point of that code is so an application knows how large a buffer to
allocate for the signature. If it returns zero I can't see how applications
can do that.

Note that you don't have to return the *precise* length of the signature just
an upper bound is sufficient.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

Michael Reilly
Unfortunately the check breaks code which doesn't know nor need to know the
keysize.  The engine takes care of allocating buffers required.

Leaving it set to 0 has not broken anything yet.  I supposed we could try to
somehow set it to an arbitrary non-zero value to please the == 0 check.

michael

On 04/11/2017 03:47 PM, Dr. Stephen Henson wrote:

> On Tue, Apr 11, 2017, Michael Reilly wrote:
>
>> Hi,
>>
>> commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size
>> returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in
>> crypto/evp/pmeth_fn.c is != 0.
>>
>> We are in the process of upgrading from 1.0.2j to 1.0.2k and discovered that the
>> if (pksize == 0) check added in 1.0.2k breaks some of our applications.
>>
>> We use an engine for the RSA sign operation.  The applications do not know
>> anything about the keypair being used.  The keypair is kept private by the
>> engine so the application couldn't determine the attributes of the keypair if it
>> wanted to do so.
>>
>> If this check is necessary is there a way to bypass it when the application does
>> not have the keypair but the engine being used is holding the keypair?
>>
>> I know we can simply remove this line from our copy of the code but we like to
>> avoid modifying the openssl distributed code if at all possible.
>>
>
> Well the point of that code is so an application knows how large a buffer to
> allocate for the signature. If it returns zero I can't see how applications
> can do that.
>
> Note that you don't have to return the *precise* length of the signature just
> an upper bound is sufficient.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>

--
---- ---- ----
Michael Reilly    [hidden email]
    Cisco Systems   Arizona
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

OpenSSL - Dev mailing list
It seems like a more elegant option would be if there was some attribute of the engine that could be queried and override the check against zero.

-Ben

On 04/11/2017 06:20 PM, Michael Reilly wrote:
Unfortunately the check breaks code which doesn't know nor need to know the
keysize.  The engine takes care of allocating buffers required.

Leaving it set to 0 has not broken anything yet.  I supposed we could try to
somehow set it to an arbitrary non-zero value to please the == 0 check.

michael

On 04/11/2017 03:47 PM, Dr. Stephen Henson wrote:
On Tue, Apr 11, 2017, Michael Reilly wrote:

Hi,

commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size
returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in
crypto/evp/pmeth_fn.c is != 0.

We are in the process of upgrading from 1.0.2j to 1.0.2k and discovered that the
if (pksize == 0) check added in 1.0.2k breaks some of our applications.

We use an engine for the RSA sign operation.  The applications do not know
anything about the keypair being used.  The keypair is kept private by the
engine so the application couldn't determine the attributes of the keypair if it
wanted to do so.

If this check is necessary is there a way to bypass it when the application does
not have the keypair but the engine being used is holding the keypair?

I know we can simply remove this line from our copy of the code but we like to
avoid modifying the openssl distributed code if at all possible.

Well the point of that code is so an application knows how large a buffer to
allocate for the signature. If it returns zero I can't see how applications
can do that.

Note that you don't have to return the *precise* length of the signature just
an upper bound is sufficient.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


    


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about commit 222333cf01e2fec4a20c107ac9e820694611a4db

Matt Caswell-2
In reply to this post by Michael Reilly


On 12/04/17 00:20, Michael Reilly wrote:
> Unfortunately the check breaks code which doesn't know nor need to know the
> keysize.  The engine takes care of allocating buffers required.

So how does EVP_SignFinal() work with your engine? The "sig" parameter
is supposed to be allocated by the caller to be EVP_PKEY_size() bytes
long. I don't see how that API works if the engine allocates the buffers.

Matt


>
> Leaving it set to 0 has not broken anything yet.  I supposed we could try to
> somehow set it to an arbitrary non-zero value to please the == 0 check.
>
> michael
>
> On 04/11/2017 03:47 PM, Dr. Stephen Henson wrote:
>> On Tue, Apr 11, 2017, Michael Reilly wrote:
>>
>>> Hi,
>>>
>>> commit 222333cf01e2fec4a20c107ac9e820694611a4db added a check that the size
>>> returned by EVP_PKEY_size(ctx->pkey) in M_check_autoarg() in
>>> crypto/evp/pmeth_fn.c is != 0.
>>>
>>> We are in the process of upgrading from 1.0.2j to 1.0.2k and discovered that the
>>> if (pksize == 0) check added in 1.0.2k breaks some of our applications.
>>>
>>> We use an engine for the RSA sign operation.  The applications do not know
>>> anything about the keypair being used.  The keypair is kept private by the
>>> engine so the application couldn't determine the attributes of the keypair if it
>>> wanted to do so.
>>>
>>> If this check is necessary is there a way to bypass it when the application does
>>> not have the keypair but the engine being used is holding the keypair?
>>>
>>> I know we can simply remove this line from our copy of the code but we like to
>>> avoid modifying the openssl distributed code if at all possible.
>>>
>>
>> Well the point of that code is so an application knows how large a buffer to
>> allocate for the signature. If it returns zero I can't see how applications
>> can do that.
>>
>> Note that you don't have to return the *precise* length of the signature just
>> an upper bound is sufficient.
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>>
>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Loading...