Re: [PATCH ima-evm-utils v3] Use secure heap for private keys and passwords

[Mimi Zohar <zohar@linux.ibm.com>]

On Wed, 2021-08-25 at 21:41 +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Wed, Aug 25, 2021 at 07:39:30AM -0400, Mimi Zohar wrote:
> > Hi Vitaly,
> > 
> > On Sun, 2021-08-22 at 03:10 +0300, Vitaly Chikunov wrote:
> > > After CRYPTO_secure_malloc_init OpenSSL will store private keys 
> > 
> > ^and passwords
> 
> No, it meant openssl automatically will handle private keys (and other
> internal private data) in secure heap.
> 
> Handling of passwords in openssl's secure heap we do ourselves. I can
> extend commit message about this.

Ah, nice!   Please expand the patch description, adding what you said
here.

Also, you might want to include that since OPENSSL_secure_malloc_init()
is called from evmctl.c, any application linking with libimaevm would
not be using secure heap.

> 
> > > in
> > > secure heap. This facility is only available since OpenSSL_1_1_0-pre1.
> > > 
> > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > 
> > Initially we started out discussing ways of protecting passwords, which
> > this patch does.  Thank you!  I'm not sure, however, it is protecting
> > the private keys.  Does read_priv_pkey()  also use the secure heap or
> > is PEM_read_PrivateKey() already safe?
> 
> After CRYPTO_secure_malloc_init call all openssl API functions that
> handle private keys and passwords should use secure heap. So, in that
> regard we don't need to add anything.

Ok

> > 
> > > ---
> > >  src/evmctl.c | 148 +++++++++++++++++++++++++++++++++++++++++----------
> > >  1 file changed, 121 insertions(+), 27 deletions(-)
> > > 
> > > diff --git a/src/evmctl.c b/src/evmctl.c
> > > 
> > > @@ -188,7 +207,9 @@ static int bin2file(const char *file, const char *ext, const unsigned char *data
> > >  	return err;
> > >  }
> > > 
> > > -static unsigned char *file2bin(const char *file, const char *ext, int *size)
> > > +/* Return data in OpenSSL secure heap if 'secure' is true. */
> > > +static unsigned char *file2bin(const char *file, const char *ext, int *size,
> > > +			       int secure)
> > >  {
> > 
> > The only caller of file2bin() that sets "secure" is evm_calc_hmac(),
> > but evm_calc_hmac() is a debugging tool, not meant for setting the real
> > security.evm xattr.
> 
> I can undo file2bin change if you wish, but for uniformity I would have
> it changed. We can add comment that it is handling only test & debugging
> data, thus not using security measures. May also output some warning at
> runtime.

Either way is fine, but somehow please document it.

thanks,

Mimi