From: Mimi Zohar <zohar@linux.ibm.com>
To: Vitaly Chikunov <vt@altlinux.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH ima-evm-utils v3] Use secure heap for private keys and passwords
Date: Wed, 25 Aug 2021 07:39:30 -0400 [thread overview]
Message-ID: <0c5c0851cd07f861ebf79bc0ac90e57d71317985.camel@linux.ibm.com> (raw)
In-Reply-To: <20210822001055.1772873-1-vt@altlinux.org>
Hi Vitaly,
On Sun, 2021-08-22 at 03:10 +0300, Vitaly Chikunov wrote:
> After CRYPTO_secure_malloc_init OpenSSL will store private keys
^and passwords
> in
> secure heap. This facility is only available since OpenSSL_1_1_0-pre1.
>
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Initially we started out discussing ways of protecting passwords, which
this patch does. Thank you! I'm not sure, however, it is protecting
the private keys. Does read_priv_pkey() also use the secure heap or
is PEM_read_PrivateKey() already safe?
> ---
> src/evmctl.c | 148 +++++++++++++++++++++++++++++++++++++++++----------
> 1 file changed, 121 insertions(+), 27 deletions(-)
>
> diff --git a/src/evmctl.c b/src/evmctl.c
>
> @@ -188,7 +207,9 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
> return err;
> }
>
> -static unsigned char *file2bin(const char *file, const char *ext, int *size)
> +/* Return data in OpenSSL secure heap if 'secure' is true. */
> +static unsigned char *file2bin(const char *file, const char *ext, int *size,
> + int secure)
> {
The only caller of file2bin() that sets "secure" is evm_calc_hmac(),
but evm_calc_hmac() is a debugging tool, not meant for setting the real
security.evm xattr.
The kernel EVM HMAC key is an "encrypted" key type, which should be
based on a "trusted" key. Neither of which are exposed to userspace
unencrypted.
Enabling DEBUG by default was suppose to be temporary. At this point,
should it be disabled? As evm_calc_hmac() is only meant for debugging,
do we really care whether evm_calc_hmac() uses a secure heap or stack
for private keys or passwords?
thanks,
Mimi
> FILE *fp;
> size_t len;
next prev parent reply other threads:[~2021-08-25 11:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-22 0:10 [PATCH ima-evm-utils v3] Use secure heap for private keys and passwords Vitaly Chikunov
2021-08-23 13:22 ` Bruno Meneguele
2021-08-23 16:59 ` Vitaly Chikunov
2021-08-23 18:09 ` Bruno Meneguele
2021-08-25 11:39 ` Mimi Zohar [this message]
2021-08-25 18:41 ` Vitaly Chikunov
2021-08-25 20:44 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0c5c0851cd07f861ebf79bc0ac90e57d71317985.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=vt@altlinux.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox