On Fri, Aug 20, 2021 at 12:42:26AM +0300, Vitaly Chikunov wrote:
> On Thu, Aug 19, 2021 at 05:11:36AM +0300, Vitaly Chikunov wrote:
> > After CRYPTO_secure_malloc_init OpenSSL will store private keys in
> > secure heap. This facility is only available since OpenSSL_1_1_0-pre1.
> >
> > Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
> > ---
> > Change from v1:
> > - Do not use setfbuf to disable buffering as this is not proven to be
> > meaningful.
> > - Use secure heap for passwords too as suggested by Mimi Zohar.
> > - Fallback to OPENSSL_malloc for old OpenSSL as suggested by Mimi Zohar.
> > - Simplify logic of calling CRYPTO_secure_malloc_init (call it always on
> > OpenSSL init.)
> > - Should be applied after Bruno Meneguele's "evmctl: fix memory leak in
> > get_password" patch v2.
> >
> > src/evmctl.c | 143 ++++++++++++++++++++++++++++++++++++++++++---------
> > 1 file changed, 118 insertions(+), 25 deletions(-)
> >
> > @@ -2596,15 +2637,41 @@ static struct option opts[] = {
> >
> > };
> >
> > +/*
> > + * Copy password from optarg into secure heap, so it could be
> > + * freed in the same way as a result of get_password().
> > + */
> > +static char *optarg_password(char *optarg)
> > +{
> > + size_t len;
> > + char *keypass;
> > +
> > + if (!optarg)
> > + return NULL;
> > + len = strlen(optarg);
> > + keypass = OPENSSL_secure_malloc(len + 1);
> > + if (keypass)
> > + memcpy(keypass, optarg, len + 1);
> > + else
> > + perror("OPENSSL_secure_malloc");
>
> I also realized that OPENSSL_secure_malloc does not (intentionally)
> set errno, so using perror is perhaps wrong. Better method should be
> thanked out.
After some more thinking I think all this perror usage should be
replaced with log_err like in all other places. (perror is used only in
get_password). Log_err hypothetically could log to stdout or to syslog
depending on USE_FPRINTF(*), but perror will always log to stderr.
(*) Which is _always_ defined though. This is obscure.
Thanks,
