-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 3: Enabling pkcs11 engine makes EC operations fail #456
Comments
This seems to be a duplicate of #455 |
Yes looks #455 is the same problem. So can both of you try modifying the instructions found in README.md to use the engine-3 directory rather then the engine directory. @ch-f test of "openssl req -x509 -new" works for me. |
Please disregard previous comment, I an still looking at it. |
I can reproduce the problem.
https://www.openssl.org/docs/man3.0/man7/migration_guide.html warns of problems with engines vs providers. It looks like OpenSSL is assuming it can use the pkcs11 engine for all its operations, where in past versions it would be specific. |
Fixes:OpenSC#456 bind_helper in eng_font.c is split into bind_helper and bind_helper2 The calls to ENGINE_set_RSA, ENGINE_set_EC, ENGINE_set_ECDH and ENGINE_set_pkey_meths are moved to bind_helper2. bind_helper2 is called from load_pubkey and load_privkey. This in effect gets around the problem OpenSSL 3.0.x has when it loads the pkcs11 engine from openssl.cnf, and then tries to use it as a default provider even when no engine was specified on the command line. On branch deffer_init_crypto Changes to be committed: modified: eng_front.c
Thanks, here this patch is fixing the issue. |
Thanks, fixed with the patch for me. |
Fixes:#456 bind_helper in eng_font.c is split into bind_helper and bind_helper2 The calls to ENGINE_set_RSA, ENGINE_set_EC, ENGINE_set_ECDH and ENGINE_set_pkey_meths are moved to bind_helper2. bind_helper2 is called from load_pubkey and load_privkey. This in effect gets around the problem OpenSSL 3.0.x has when it loads the pkcs11 engine from openssl.cnf, and then tries to use it as a default provider even when no engine was specified on the command line. On branch deffer_init_crypto Changes to be committed: modified: eng_front.c
Fixes:#456 bind_helper in eng_font.c is split into bind_helper and bind_helper2 The calls to ENGINE_set_RSA, ENGINE_set_EC, ENGINE_set_ECDH and ENGINE_set_pkey_meths are moved to bind_helper2. bind_helper2 is called from load_pubkey and load_privkey. This in effect gets around the problem OpenSSL 3.0.x has when it loads the pkcs11 engine from openssl.cnf, and then tries to use it as a default provider even when no engine was specified on the command line. On branch deffer_init_crypto Changes to be committed: modified: eng_front.c
Fixes:OpenSC#456 bind_helper in eng_font.c is split into bind_helper and bind_helper2 The calls to ENGINE_set_RSA, ENGINE_set_EC, ENGINE_set_ECDH and ENGINE_set_pkey_meths are moved to bind_helper2. bind_helper2 is called from load_pubkey and load_privkey. This in effect gets around the problem OpenSSL 3.0.x has when it loads the pkcs11 engine from openssl.cnf, and then tries to use it as a default provider even when no engine was specified on the command line. On branch deffer_init_crypto Changes to be committed: modified: eng_front.c
@mtrojnar Why is this ticket closed? On master there's still the revert and therefore the issue is not fixed atm. (at least in my local repro). BTW: The change in https://github.com/dengert/libp11/tree/deffer_init_crypto3 fixes the original problem in my local repro. |
@mtrojnar Oh stop, I was confused by the second revert. But I have still errors with the current master because of a following commit. Namely feb22a6: Here I again get "SSL handshake" errors (as before @dengert's fixes). Note that the previous commit 5ab3c0d (including @dengert's fixes) still works fine. |
And what exactly do you mean by "works fine"? Is it "works in my particular configuration", "passes the implemented CI tests on GitHub Actions", or something else? Feel free to submit a fix as a PR. If you think that our testing suite is incomplete then please add an additional test as a PR. |
Should we re-open this issue as soon as the test in #465 is not green? |
Hmmm ... Yes, this PR didn't test a use-case via the PKCS#11 interface. But it still proved that the ECC initialization gets mangled by commit feb22a6. After reverting the mentioned commit both this test and my internal repro (where I have interrupted TLS handshakes with ECDHE cipher suites) run again (with OpenSSL 3). Therefore I though this test should be enough to regression test this issue. BTW: The PR tests also what this issue was originally about (running Atm. I don't know which other test I should provide to have a contained sample. In my case the PKCS#11 runs an HTTPS request to a service with an ECDHE cipher suite. Writing such a test would be veeery involved. |
I see. As |
Okay, I now understand why using Still I have issues with my ECDHE HTTPS connections (inside of a libp11 called PKCS#11 module) probably because of feb22a6. Do you have an idea how to regression test this without using |
IMHO HTTPS is irrelevant. All we need is TLS. So, maybe something like: echo "test" | openssl s_server -engine pkcs11 &
sleep 1 # give s_server a second to bind the port
openssl s_client
wait The goal is to make sure that OpenSSL does not use the engine for ECDHE in TLS, right? |
D'accord that it's just about TLS not HTTPS. It's about an TLS connection (with an ECDHE cipher suite) within a PKCS#11 call, specifically Probably it's enough to trigger any ECC operation after the engine has been loaded, but unfortunately at the moment, I have no idea how to provide a repro sample without using |
I'm not giving you the solution, only an idea to investigate. Unless you hire me, don't expect me to do all the work for you. |
I have a concern over the call to @ulrichb has been complaining about this commit too. The call to |
Let me point out that feb22a6 in effect reverses all of #457 Because it is called while the engine is being loaded. Why was feb22a6 added? I and OpenSSL had talked about OpenSSL mixing up engines and providers. This is how that can happens. In OpenSSL ./apps all the apps call
gitk shows:
The "methods" is set to -1, to setup all methods supported by the engine. with breakpoint
With a build without feb22a6:
In other words, the pkca11 engine is ignored when looking for defaults for rsa, ec or pkey. But when a key is explicitly loaded by the engine, these methods are set to be used as needed. But feb22a6 caused the methods to be added too early and should be reverted. |
FYI: The issue I mentioned above, #456 (comment), where TLS calls w/ EC ciphers failed in combination w/ libp11 is fixed until OpenSSL >= 3.0.9. Probably because of the fix of openssl/openssl#20161. |
I built the libp11 and openssl master branches last night, and it seems that the presence of the pkcs11 engine causes problems with various operations on EC keys. Note that the issue occurs if the engine is just present in the configuration, even if it's not being used.
Steps to reproduce:
openssl.cnf
from OpenSSL sources, insert relevantengine_section
andpkcs11_section
bits from README withdynamic_path
pointing to freshly-builtpkcs11.so
.openssl ecparam -name brainpoolP256r1 -genkey -out t1.key
. Note that it fails with error80A26D89627F0000:error:078C0102:common libcrypto routines:get_string_internal:passed a null parameter:crypto/params.c:1258:
. Comment outpkcs11 = pkcs11_section
, try again and the key is generated.openssl req -subj /CN=ectest -new -x509 -key t1.key -out t1.crt
. Error80B2C6CB5A7F0000:error:03000093:digital envelope routines:default_check:command not supported:crypto/evp/ctrl_params_translate.c:329:
occurs. Disabling the engine allows creating the cert.openssl cms -encrypt t1.crt
wheret1.crt
is an EC cert also fail with a similar error:801234265C7F0000:error:03000093:digital envelope routines:evp_pkey_ctx_ctrl_int:command not supported:crypto/evp/pmeth_lib.c:1321:
Though the messages are different, this may be related to issue #455. RSA operations work fine, including ones that use a smartcard through the pkcs11 engine.
The text was updated successfully, but these errors were encountered: