Re: CRYPTO_secure_malloc_init() fails without error message
> CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, OPENSSL_MIN_HEAP_SIZE);
I’d strongly suggest not passing the same value in the second position. This
parameter sets the minimum block size that can be allocated in the secure heap.
The init call returns an error in this situation. Do this instead:
CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, 16);
Pauli
--
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
Phone +61 7 3031 7217
Oracle Australia
> On 21 Feb 2020, at 8:33 pm, Clay Shields wrote:
>
> Unfortunately that didn’t seem to be it. Updating my code to verify that I am
> root and running it:
>
> Output:
>
> The effective user id is 0
> The real user id is 0
> failed to init openssl secure heap the error may be (null)
>
> Code:
>
> #include
> #include
> #include
> #include
> #include
> #include
> #include
> #include
>
> #define OPENSSL_MIN_HEAP_SIZE 65536
>
>
> int main(){
>
> SSL_load_error_strings();
> SSL_library_init ();
> OpenSSL_add_all_algorithms ();
>
> uid_t uid, euid;
> uid = getuid();
> euid = geteuid();
> printf("The effective user id is %d\n", (int) geteuid());
> printf("The real user id is %d\n", (int) getuid());
>
> // Initialize the OPENSSL secure heap space for key storage
> int ret = CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE,
> OPENSSL_MIN_HEAP_SIZE);
>
> if (ret == 0){
>printf("failed to init openssl secure heap the error may be %s\n",
> ERR_reason_error_string(ERR_get_error()));
> }
>
> }
>
>
>> On Feb 20, 2020, at 6:31 PM, Salz, Rich wrote:
>>
>> Are you running as root? If not, that's likely to be the problem.
>>
>
Re: CRYPTO_secure_malloc_init() fails without error message
Unfortunately that didn’t seem to be it. Updating my code to verify that I am
root and running it:
Output:
The effective user id is 0
The real user id is 0
failed to init openssl secure heap the error may be (null)
Code:
#include
#include
#include
#include
#include
#include
#include
#include
#define OPENSSL_MIN_HEAP_SIZE 65536
int main(){
SSL_load_error_strings();
SSL_library_init ();
OpenSSL_add_all_algorithms ();
uid_t uid, euid;
uid = getuid();
euid = geteuid();
printf("The effective user id is %d\n", (int) geteuid());
printf("The real user id is %d\n", (int) getuid());
// Initialize the OPENSSL secure heap space for key storage
int ret = CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE,
OPENSSL_MIN_HEAP_SIZE);
if (ret == 0){
printf("failed to init openssl secure heap the error may be %s\n",
ERR_reason_error_string(ERR_get_error()));
}
}
> On Feb 20, 2020, at 6:31 PM, Salz, Rich wrote:
>
> Are you running as root? If not, that's likely to be the problem.
>
Re: CRYPTO_secure_malloc_init() fails without error message
Are you running as root? If not, that's likely to be the problem.
CRYPTO_secure_malloc_init() fails without error message
Hi,
I am working on some server code that uses openssl libcrypto for AES encryption
of files. Perhaps I am doing the wrong thing or the right thing the wrong way,
but I am trying to use the OpenSSL secure heap for key storage. I created a
small program that follow what I was trying to do, below, but the gist of it is
that the CRYPTO_secure_malloc_init call returns 0 on my system, which means it
has failed according to the man page at:
https://www.openssl.org/docs/man1.1.1/man3/CRYPTO_secure_malloc_init.html
I tried to get an error message out to see why, but apparently one is not set.
The output of the program is:
"failed to init openssl secure heap the error may be (null)"
I am using a Fedora linux system that is running as a VM under VMWare Fusion on
Mac OS.
Any clues as to why it might be failing? Am I doing the wrong thing by trying
to use the secure heap for key storage? Any help is appreciated.
Thanks,
Clay
#include
#include
#include
#include
#include
#define OPENSSL_MIN_HEAP_SIZE 65536
int main(){
SSL_load_error_strings();
SSL_library_init ();
OpenSSL_add_all_algorithms ();
// Initialize the OPENSSL secure heap space for key storage
int ret = CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE,
OPENSSL_MIN_HEAP_SIZE);
if (ret == 0){
printf("failed to init openssl secure heap the error may be %s\n",
ERR_reason_error_string(ERR_get_error()));
}
}
