bugzilla-daemon at mindrot.org
2021-Nov-18 09:52 UTC
[Bug 3364] New: Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364 Bug ID: 3364 Summary: Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size" Product: Portable OpenSSH Version: 8.8p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at mindrot.org Reporter: ietxezarreta at ikerlan.es When using the cryptochip ATECC608B, from Microchip, with the provided cryptolibrary "cryptoauthlib", the pkcs11 related operations fail due to "xmalloc: zero size". Steps to reproduce: 1.- Compile and install Microchip cryptoauthlib library. 2.- Modify this library to handle unset Mutexes (in functions pkcs11_lock_context and pkcs11_unlock_context change rv = CKR_CANT_LOCK for rv = CKR_OK) 3.- execute command ssh-keygen -D /usr/lib/libcryptoauth.so Actual result: xmalloc: zero size Expected output: C_GetAttributeValue failed: 7 failed to fetch key ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPmKkZ2M7DeVdwOpCW8XSnLYUbPx5RIk8OF8B0F0OwmRWexpsZONwft41YRI76gxZ/cN7wt4wO765ULvXQhxFCQdevice This issue was solved by protecting the allocation of "k11->keyid" in line 614 of file "ssh-pkcs11.c", for example like: ++ if(k11->keyid_len) ++ { k11->keyid = xmalloc(k11->keyid_len); memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); ++ } Would it be possible to include this fix or something similar to solve the problem? Thank you very much! -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-18 21:14 UTC
[Bug 3364] Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|NEW |RESOLVED Blocks| |3339 Resolution|--- |FIXED --- Comment #1 from Damien Miller <djm at mindrot.org> --- This will be fixed in OpenSSH 8.9p1: commit 97f9b6e61316c97a32dad94b7a37daa9b5f6b836 (HEAD -> master, origin/master, origin/HEAD) Author: djm at openbsd.org <djm at openbsd.org> Date: Thu Nov 18 21:11:01 2021 +0000 upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364 OpenBSD-Commit-ID: 054d4dc1d6a99a2e6f8eebc48207b534057c154d Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3339 [Bug 3339] Tracking bug for openssh-8.8 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-18 21:28 UTC
[Bug 3364] Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|3339 |3353 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3339 [Bug 3339] Tracking bug for openssh-8.8 https://bugzilla.mindrot.org/show_bug.cgi?id=3353 [Bug 3353] Tracking bug for openssh-8.9 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2022-Feb-25 02:56 UTC
[Bug 3364] Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- closing bugs resolved before openssh-8.9 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.