[Bug 1599550] Re: barbican + softhsm2 + libssl1.0.0: pkcs11:_generate_random() fails
OpenStack Infra
1599550 at bugs.launchpad.net
Thu Aug 4 14:04:40 UTC 2016
Reviewed: https://review.openstack.org/340437
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=fb086bd91f10bd45aecf70f6688d034b6f4b40a4
Submitter: Jenkins
Branch: master
commit fb086bd91f10bd45aecf70f6688d034b6f4b40a4
Author: Alex Kavanagh <alex at ajkavanagh.co.uk>
Date: Mon Jul 11 15:18:38 2016 +0000
Add seed random feature to seed HSM RNG
With the softhsm2 + openssl >= 0.9.5, barbican needs to initialise the random
seed of the random number generator (RNG). The PKCS11 interface provides an
API call for this (C_SeedRandom) so that the caller can seed the RNG.
opensll >= 0.9.5 fails if the RNG is not seeded prior to use which causes (in
this configuration) Barbican to fail when it needs to use the RNG in the HSM.
This change adds two configuration options in the [p11_crypto_plugin] section
called 'seed_file' and 'seed_length' which default to empty string and 32
respectively.
If the 'seed_file' configuration file is not configured then this change has no
impact. If the seed_file is configured, then 'seed_length' bytes/chars are
read from the file and provided to eh C_SeedRandom() api call.
Change-Id: Ib063dfdac90d2a3ea9e4ec3da2d84f6ee5d45b03
Closes-Bug: #1599550
** Changed in: barbican
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to barbican in Ubuntu.
https://bugs.launchpad.net/bugs/1599550
Title:
barbican + softhsm2 + libssl1.0.0: pkcs11:_generate_random() fails
Status in Barbican:
Fix Released
Status in barbican package in Ubuntu:
New
Bug description:
barbican + softhsm2 + libssl1.0.0 — P11CryptoPluginException: HSM
returned response code: 0x5L CKR_GENERAL_ERROR - possible random_seed
not initialised?
Background:
barbican 2.0.0 (from xenial 16.04 packages)
softhsm2 2.0.0 (from xenial 16.04 packages)
libssl1.0.0 (also from xenial 16.04 packages)
When attempting to do:
secret = barbican.secrets.create(name='Self destruction sequence',
payload='the magic words are squeamish ossifrage’,
payload_content_type='text/plain')
secret.store()
The ‘secret.store()’ blows up with a:
"barbicanclient.exceptions.HTTPServerError: Internal Server Error"
Digging into the barbican-api.log reveals the following log (cleaned
up a little):
Problem seen creating plugin: 'p11_crypto'
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-package.py", line 42, in instantiate_plugins
plugin_instance = ext.plugin(*invoke_args, **invoke_kwargs)
File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/p11_crypto.py", line 87, in __init__
self.pkcs11 = pkcs11 or self._create_pkcs11(plugin_conf, ffi)
File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/p11_crypto.py", line 237, in _create_pkcs11
algorithm=plugin_conf.algorithm
File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 356, in __init__
self._rng_self_test(session)
File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 636, in _rng_self_test
test_random = self.generate_random(100, session)
File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 373, in generate_random
buf = self._generate_random(length, session)
File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 581, in _generate_random
self._check_error(rv)
File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 576, in _check_error
code=ERROR_CODES.get(value, 'CKR_????')))
P11CryptoPluginException: HSM returned response code: 0x5L CKR_GENERAL_ERROR
What I think may be wrong:
This is just based on me looking at the code, but I’m wondering if it
isn’t a feature of the new libssl library (>= 0.9.5) which bails out
if the random number generator isn’t seeded: (from
https://www.openssl.org/docs/faq.html#USER1):
“On other systems, applications have to call the RAND_add() or
RAND_seed() function with appropriate data before generating keys or
performing public key encryption. (These functions initialize the
pseudo-random number generator, PRNG.) Some broken applications do not
do this. As of version 0.9.5, the OpenSSL functions that need
randomness report an error if the random number generator has not been
seeded with at least 128 bits of randomness. If this error occurs and
is not discussed in the documentation of the application you are
using, please contact the author of that application; it is likely
that it never worked correctly. OpenSSL 0.9.5 and later make the error
visible by refusing to perform potentially insecure encryption."
Digging through the code:
In SoftHSMv2/src/lib/SoftHSM.cpp:
(https://github.com/opendnssec/SoftHSMv2/blob/04df677ce750d3486867b4f853c9648696c0db1c/src/lib/SoftHSM.cpp#L6283)
// Get the RNG
RNG* rng = CryptoFactory::i()->getRNG();
if (rng == NULL) return CKR_GENERAL_ERROR;
Seems to be the most likely culprit, and digging further (with the
Openssl library part):
In SoftHSMv2/src/lib/crypto/OSSLRNG.cpp
(https://github.com/opendnssec/SoftHSMv2/blob/a4799c41cdcdd31d503d8f4eba9003b8e5571d73/src/lib/crypto/OSSLRNG.cpp#L38):
bool OSSLRNG::generateRandom(ByteString& data, const size_t len)
{
data.wipe(len);
if (len == 0)
return true;
return RAND_bytes(&data[0], len) == 1;
}
Reading the doc above, it would appear that RAND_bytes(..) returns 0
if there isn’t sufficient entropy for versions of OpenSSL >= 0.9.5
I can also confirm that Softhsm2 has a seed function:
CK_RV SoftHSM::C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR
pSeed, CK_ULONG ulSeedLen)
and that it’s not called from Barbican
(https://github.com/openstack/barbican/search?utf8=%E2%9C%93&q=C_SeedRandom).
I’m not sure where the relevant call to C_SeedRandom() would need to
be in Barbican, plus where the seed file should come from.
To manage notifications about this bug go to:
https://bugs.launchpad.net/barbican/+bug/1599550/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list