bugzilla-daemon at mindrot.org
2021-Nov-18 09:52 UTC
[Bug 3364] New: Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364
Bug ID: 3364
Summary: Using "ssh-keygen -D pkcs11" with HSM fails due to
"xmalloc: zero size"
Product: Portable OpenSSH
Version: 8.8p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: ietxezarreta at ikerlan.es
When using the cryptochip ATECC608B, from Microchip, with the provided
cryptolibrary "cryptoauthlib", the pkcs11 related operations fail due
to "xmalloc: zero size".
Steps to reproduce:
1.- Compile and install Microchip cryptoauthlib library.
2.- Modify this library to handle unset Mutexes (in functions
pkcs11_lock_context and pkcs11_unlock_context change rv = CKR_CANT_LOCK
for rv = CKR_OK)
3.- execute command ssh-keygen -D /usr/lib/libcryptoauth.so
Actual result:
xmalloc: zero size
Expected output:
C_GetAttributeValue failed: 7
failed to fetch key
ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPmKkZ2M7DeVdwOpCW8XSnLYUbPx5RIk8OF8B0F0OwmRWexpsZONwft41YRI76gxZ/cN7wt4wO765ULvXQhxFCQdevice
This issue was solved by protecting the allocation of "k11->keyid"
in
line 614 of file "ssh-pkcs11.c", for example like:
++ if(k11->keyid_len)
++ {
k11->keyid = xmalloc(k11->keyid_len);
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
++ }
Would it be possible to include this fix or something similar to solve
the problem?
Thank you very much!
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-18 21:14 UTC
[Bug 3364] Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Blocks| |3339
Resolution|--- |FIXED
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This will be fixed in OpenSSH 8.9p1:
commit 97f9b6e61316c97a32dad94b7a37daa9b5f6b836 (HEAD -> master,
origin/master, origin/HEAD)
Author: djm at openbsd.org <djm at openbsd.org>
Date: Thu Nov 18 21:11:01 2021 +0000
upstream: avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we
already did this for RSA keys). Avoids fatal errors for PKCS#11
libraries
that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib";
bz#3364
OpenBSD-Commit-ID: 054d4dc1d6a99a2e6f8eebc48207b534057c154d
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3339
[Bug 3339] Tracking bug for openssh-8.8
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-18 21:28 UTC
[Bug 3364] Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|3339 |3353
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3339
[Bug 3339] Tracking bug for openssh-8.8
https://bugzilla.mindrot.org/show_bug.cgi?id=3353
[Bug 3353] Tracking bug for openssh-8.9
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2022-Feb-25 02:56 UTC
[Bug 3364] Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
https://bugzilla.mindrot.org/show_bug.cgi?id=3364
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
closing bugs resolved before openssh-8.9
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.