Comments (9)
mtrojnar
commented on August 22, 2024
1
It is a bit more complex. There is no single call to initialize libcrypto:
https://wiki.openssl.org/index.php/Library_Initialization#libcrypto_Initialization
The application may only initialize a few algorithms it intends to use. This is safe with libcrypto, because libcrypto initialization (unlike libcrypto clean-up or PKCS#11 initialization) does not remove any accumulated internal state of the library. The initialization of every libcrypto component (for example an algorithm) has an internal check to prevent double initialization. It is also perfectly okay for the application to initialize the PKCS#11 library, and then initialize the libcrypto for the algorithms it wants to use directly.
As long as the application is still allowed to use libcrypto after PKCS#11 finalization, the only solution is to leave all the libcrypto clean-up to the application.
from softhsmv2.
mtrojnar
commented on August 22, 2024
1
And it's broken again after f1a8474
Please remember that SoftHSM2 is a library, and quite likely not the only code that uses OpenSSL in an application. Some other code my still need OpenSSL after SoftHSMv2 executed OSSLCryptoFactory::~OSSLCryptoFactory().
from softhsmv2.
bellgrim
commented on August 22, 2024
Is there a way of checking if OpenSSL has already been initialized by the calling application?
Compare
withfrom softhsmv2.
bellgrim
commented on August 22, 2024
The order should be:
- Application initialize crypto library
- Application initialize PKCS#11 library
- PKCS#11 library initialize crypto library, if not initialized by the calling application
- Application finalize PKCS#11 library
- PKCS#11 library clean up crypto library, if it was initialized by the PKCS#11 library
- Application clean up crypto library
from softhsmv2.
jariq
commented on August 22, 2024
It might be interesting to check how is PKCS#11 module provided by OpenSC (opensc-pkcs11.so) dealing with this. AFAIK it uses OpenSSL for general cryptographic tasks too so its authors were probably facing the same problem.
from softhsmv2.
mtrojnar
commented on August 22, 2024
OpenSC simply never invokes ENGINE_cleanup()...
from softhsmv2.
mtrojnar
commented on August 22, 2024
This is a critical issue with a very simple fix available as #184. Please merge it.
from softhsmv2.
bellgrim
commented on August 22, 2024
Thank you for the fix, have merged the code.
from softhsmv2.
mtrojnar
commented on August 22, 2024
Thank you for merging it.
from softhsmv2.
Related Issues (20)
- Configure fails with >= botan 3.0.0
- C_Decrypt sometimes fails to decrypt properly
- Import fails with RSA-PSS keys HOT 1
- SIGSEGV using OpenSSL 3 PKCS11 provider with SoftHSM2 + Botan HOT 1
- ECB is not supported by Botan HOT 1
- Getting SIGSEGV in EVP_MD_CTX_free HOT 1
- Implements RFC5649 as CKM_AES_KEY_WRAP_PAD but should actually be CKM_AES_KEY_WRAP_KWP
- Per-slot configuration
- openssl operations involving pcks11 and softHSM result in segfault on exit HOT 9
- AES/GCM multi-part decryption fails with CKR_BUFFER_TOO_SMALL HOT 1
- Unit Tests fails HOT 4
- Make check test fails on OS X HOT 2
- AES key file format for import HOT 1
- Possible problem with v2.6.1 with RHEL8 in FIPS mode and using Java 17 HOT 4
- Documentation for SoftHSM is inaccessible HOT 4
- Coredump / Alma/rhel 9 HOT 2
- decrypting scrambled ciphered text with RSA succeeded on RHEL9 unexpectedly
- SoftHSM on AIX
- Issues with configure option `--with-openssl=PATH`
- Any chance for SignRecover and VerifyRecover implementation? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from softhsmv2.