Hi Vitaly, On Fri, 2021-08-13 at 00:46 +0300, Vitaly Chikunov wrote: > Hi, > > On Fri, Aug 13, 2021 at 12:21:43AM +0300, Vitaly Chikunov wrote: > > After CRYPTO_secure_malloc_init OpenSSL will store private keys in > > secure heap. This facility is only available since OpenSSL_1_1_0-pre1 > > and enabled for 'ima_sign', 'sign', 'sign_hash', and 'hmac'. >From the manpage: CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful, and 2 if successful but the heap could not be protected by memory mapping. Not sure what we would do on failure ( 0, 2), but we should at least check the return code. > > > setvbuf(3) _IONBF is used to hopefully avoid private key and password > > being stored inside of stdio buffers. > > I should note that usefulness of this method (of avoiding buffering) is > not proven. I don't find other implementations doing it. So, I'm open to > suggestion of removing it. > Probably would be better to split the patch. > > > > > Unfortunately, secure heap is not used for the passwords (`-p') due to > > absence of its support in the older OpenSSL where ima-evem-utils still > > should work, thus simple cleansing of password memory is used where > > possible to shorten its lifespan. > > > > Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx> > > --- > > Perhaps, it will conflict with Bruno's patch, we should decide which > > one goes first if this will be accepted. FYI, I was able to apply this patch (--3way) with the proposed changes to Bruno's patch. Mimi
