[Bug 3364] New: Using "ssh-keygen -D pkcs11" with HSM fails due to "xmalloc: zero size"
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Nov 18 20:52:56 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3364
Bug ID: 3364
Summary: Using "ssh-keygen -D pkcs11" with HSM fails due to
"xmalloc: zero size"
Product: Portable OpenSSH
Version: 8.8p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: ietxezarreta at ikerlan.es
When using the cryptochip ATECC608B, from Microchip, with the provided
cryptolibrary "cryptoauthlib", the pkcs11 related operations fail due
to "xmalloc: zero size".
Steps to reproduce:
1.- Compile and install Microchip cryptoauthlib library.
2.- Modify this library to handle unset Mutexes (in functions
pkcs11_lock_context and pkcs11_unlock_context change rv = CKR_CANT_LOCK
for rv = CKR_OK)
3.- execute command ssh-keygen -D /usr/lib/libcryptoauth.so
Actual result:
xmalloc: zero size
Expected output:
C_GetAttributeValue failed: 7
failed to fetch key
ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPmKkZ2M7DeVdwOpCW8XSnLYUbPx5RIk8OF8B0F0OwmRWexpsZONwft41YRI76gxZ/cN7wt4wO765ULvXQhxFCQ=
device
This issue was solved by protecting the allocation of "k11->keyid" in
line 614 of file "ssh-pkcs11.c", for example like:
++ if(k11->keyid_len)
++ {
k11->keyid = xmalloc(k11->keyid_len);
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
++ }
Would it be possible to include this fix or something similar to solve
the problem?
Thank you very much!
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list