Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Workaround for incorrect CKA_EC_POINT format
Workaround for broken PKCS#11 modules not returning CKA_EC_POINT in the ASN1_OCTET_STRING format. Closes #79.
- Loading branch information
Showing
2 changed files
with
10 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In answer to your comment:
Pleased to hear.
How about returning NULL if
pubkey
is non-NULL but the point data could not be read and parsed successfully? In any such cases I suggest:Otherwise, when an EC public key is present and gets referenced in an application, this will crash because the assumed point data is not present.
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Were you able to demonstrate the crash? Were exactly does it crash?
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An EC public key without a point would be pointless ;-)
Indeed, I just reproduced this for two cases:
When registering the public key for TLS client authentication:
When inserting the public key in a CSR:
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thus propose the following revision.
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think 80c5a94 implements the proper solution: it always attempts to retrieve the params and the point, but it only requires them for public keys.
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice that the new code also lincludes strictness on the EC params of public keys.
For curiosity, I tested the above mentioned use cases on EC pubkeys having a point but no params:
The first one also crashes, while the latter returns the following neat OpenSSL error:
I just came across a related problem where points and params are expected also for EC private keys, but that's worth a new issue. (Update: see #83)
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dengert, as mentioned in my other recent posts, I use the CardOS module (cardos11.dll) version 5.3 (build 7 and 8) which is crucial for accessing CardOS 5.0 cards. Yet what we've been discussing in this thread is independent of the module and card, and therefore I see no need to include any lower-level debug trace here.
The issue here was which information (namely, the EC parameters and the curve point) an application can expect to be present in the EC variant of the EVP_PKEY data structure when it asked engine_pkcs11.dll (und thus libp11.dll) for an EC public key, and thus whether libp11 should flag the non-existence of such data items as a error to avoid application crashes like the ones I provided above when simulating (regardless of the module and card) their non-existence. This error-handling issue has been solved with the last commit mentioned above.
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
874154b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dengert, your last two responses must be due to a misunderstanding. This thread (unlike its parent #79) is not about observed misbehavior of the CardOS module, but about strictness of libp11 in case any module did not return useful EC parameters or points.
In order to demonstrate to @mtrojnar that missing error checking can lead to application crashes, as mentioned I simulated that such data was missing from the module. Thus I cannot provide spy output showing this. Indeed, the CardOS module does give correct EC parameter responses for public key objects.