[v2,2/8] evmctl: Handle engine initialization properly

Message ID	20210810134557.2444863-3-stefanb@linux.vnet.ibm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-integrity-owner@kernel.org> From: Stefan Berger <stefanb@linux.vnet.ibm.com> To: linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, Stefan Berger <stefanb@linux.ibm.com> Subject: [PATCH v2 2/8] evmctl: Handle engine initialization properly Date: Tue, 10 Aug 2021 09:45:51 -0400 Message-Id: <20210810134557.2444863-3-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210810134557.2444863-1-stefanb@linux.vnet.ibm.com> References: <20210810134557.2444863-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	ima-evm-utils: Add support for signing with pkcs11 URIs \| expand [v2,0/8] ima-evm-utils: Add support for signing with pkcs11 URIs [v2,1/8] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable [v2,2/8] evmctl: Handle engine initialization properly [v2,3/8] evmctl: Move code setting up engine to own funtion [v2,4/8] evmctl: Extend libimaevm_params with ENGINE field and use it [v2,5/8] evmctl: Setup the pkcs11 engine if key has pkcs11: prefix [v2,6/8] libimaevm: Add support for pkcs11 private keys for signing a v2 hash [v2,7/8] tests: Extend sign_verify test with pkcs11-specific test [v2,8/8] tests: Get the packages for pkcs11 testing on the CI/CD system

Message ID

20210810134557.2444863-3-stefanb@linux.vnet.ibm.com (mailing list archive)

State

New, archived

Headers

From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: linux-integrity@vger.kernel.org
Cc: zohar@linux.ibm.com, Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v2 2/8] evmctl: Handle engine initialization properly
Date: Tue, 10 Aug 2021 09:45:51 -0400
Message-Id: <20210810134557.2444863-3-stefanb@linux.vnet.ibm.com>
In-Reply-To: <20210810134557.2444863-1-stefanb@linux.vnet.ibm.com>
References: <20210810134557.2444863-1-stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

ima-evm-utils: Add support for signing with pkcs11 URIs | expand

Commit Message

Stefan Berger Aug. 10, 2021, 1:45 p.m. UTC

From: Stefan Berger <stefanb@linux.ibm.com>

Fix the following issue when passing a not available engine:

$ ./src/evmctl --engine foo
engine foo isn't available
140322992015168:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/engines-1.1/foo.so): /usr/lib64/engines-1.1/foo.so: cannot open shared object file: No such file or directory
140322992015168:error:25070067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:162:
140322992015168:error:260B6084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:414:
140322992015168:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:334:id=foo
Segmentation fault (core dumped)

Also, jump to the exit when the setup of the engine failed.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/evmctl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Mimi Zohar Sept. 3, 2021, 12:55 p.m. UTC | #1

On Tue, 2021-08-10 at 09:45 -0400, Stefan Berger wrote:
> From: Stefan Berger <stefanb@linux.ibm.com>
> 
> Fix the following issue when passing a not available engine:

First describe the problem and then include details and/or an example. 
For example, "Handle failure to initialize the openssl engine.  For
example, "
> 
> $ ./src/evmctl --engine foo
> engine foo isn't available
> 140322992015168:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/engines-1.1/foo.so): /usr/lib64/engines-1.1/foo.so: cannot open shared object file: No such file or directory
> 140322992015168:error:25070067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:162:
> 140322992015168:error:260B6084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:414:
> 140322992015168:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:334:id=foo
> Segmentation fault (core dumped)
> 
> Also, jump to the exit when the setup of the engine failed.

Patch descriptions should not be explaining the details of the code,
but providing the motivation for the patch.  Please remove this line.

> 
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Thanks,

Mimi

> ---
>  src/evmctl.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/src/evmctl.c b/src/evmctl.c
> index 58f8e66..ed0ece3 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> @@ -2765,7 +2765,10 @@ int main(int argc, char *argv[])
>  				ENGINE_free(eng);
>  				eng = NULL;
>  			}
> -			ENGINE_set_default(eng, ENGINE_METHOD_ALL);
> +			if (eng)
> +				ENGINE_set_default(eng, ENGINE_METHOD_ALL);
> +			else
> +				goto error;
>  			break;
>  		case 140: /* --xattr-user */
>  			xattr_ima = "user.ima";
> @@ -2839,6 +2842,7 @@ int main(int argc, char *argv[])
>  			err = 125;
>  	}
>  
> +error:
>  	if (eng) {
>  		ENGINE_finish(eng);
>  		ENGINE_free(eng);

diff --git a/src/evmctl.c b/src/evmctl.c
index 58f8e66..ed0ece3 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2765,7 +2765,10 @@  int main(int argc, char *argv[])
 				ENGINE_free(eng);
 				eng = NULL;
 			}
-			ENGINE_set_default(eng, ENGINE_METHOD_ALL);
+			if (eng)
+				ENGINE_set_default(eng, ENGINE_METHOD_ALL);
+			else
+				goto error;
 			break;
 		case 140: /* --xattr-user */
 			xattr_ima = "user.ima";
@@ -2839,6 +2842,7 @@  int main(int argc, char *argv[])
 			err = 125;
 	}
 
+error:
 	if (eng) {
 		ENGINE_finish(eng);
 		ENGINE_free(eng);