Whenever a tpm private key is loaded, the function tpm_engine_load_key() in e_tpm.c is called. Following an extract of the last lines of code in this method:
678: /* create the new objects to return */
679: if ((pkey = EVP_PKEY_new()) == NULL) {
680: Tspi_Context_CloseObject(hContext, hKey);
681: TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
682: return NULL;
683: }
684: pkey->type = EVP_PKEY_RSA;
685:
686: if ((rsa = RSA_new()) == NULL) {
687: EVP_PKEY_free(pkey);
688: Tspi_Context_CloseObject(hContext, hKey);
689: TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
690: return NULL;
691: }
692: rsa->meth = &tpm_rsa;
693: /* call our local init function here */
694: rsa->meth->init(rsa);
695: pkey->pkey.rsa = rsa;
696:
697: if (!fill_out_rsa_object(rsa, hKey)) {
698: EVP_PKEY_free(pkey);
699: RSA_free(rsa);
700: Tspi_Context_CloseObject(hContext, hKey);
701: TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
702: return NULL;
703: }
704:
705: EVP_PKEY_assign_RSA(pkey, rsa);
706:
707: return pkey;
In line 692 the RSA object containing the loaded private key will be assigned
to the EVP_PKEY structure. The EVP_PKEY structure now points to the rsa object.
So far, everything's okay. In line 705 the rsa object is assigned once again to
the pkey.
In Openssl 0.9.8y (haven't looked at 1.0.0), EVP_PKEY_assign_RSA free's the
memory of an previously assigned RSA pointer to EVP_PKEY:
Callchain: EVP_PKEY_assign_RSA -> EVP_PKEY_assign
(openssl-0.9.8y/crypto/evp/p_lib.c):
331: int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
332: {
333: if (pkey == NULL) return(0);
334: if (pkey->pkey.ptr != NULL)
335: EVP_PKEY_free_it(pkey);
336: pkey->type=EVP_PKEY_type(type);
337: pkey->save_type=type;
338: pkey->pkey.ptr=key;
339: return(key != NULL);
340: }
As pkey->pkey.ptr is set (pkey->pkey is a union of ptr, rsa, ...),
EVP_PKEY_free_it will be called which finally calls RSA_free(x->pkey.rsa)
(where x is our EVP_PKEY). In our case in EVP_KEY_assign:338 the just freed
rsa-pointer will be assigned again. This will lead to a memory access violation
if the private key is beeing accessed in pkey.
In my case this resulted in a segmentation fault when creating a certificate
request using openssl cli:
openssl req -new -key auth.key -keyform engine -engine tpm -out auth.csr
The key was created using the command create_tpm_key.
Attached you can find a patch which should solve the problem. As I said, I have
not been looking at Openssl 1.0.0.
Could somebody verify/confirm my observations? Thanks in advance!
Thomas
---------------------------------------------------------------------------------------------------------
This e-mail is confidential and may contain privileged information. It is
intended only for the addressees. If you have received this e-mail in error,
kindly notify us immediately by telephone or e-mail and delete the message from
your system.
---------------------------------------------------------------------------------------------------------
rsa-access-violation.patch
Description: rsa-access-violation.patch
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
