From patchwork Wed Nov 8 20:07:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 10049167 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 282A060381 for ; Wed, 8 Nov 2017 20:10:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1AE4F2978A for ; Wed, 8 Nov 2017 20:10:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0FA2129884; Wed, 8 Nov 2017 20:10:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 957282978A for ; Wed, 8 Nov 2017 20:10:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E556A2034D83C; Wed, 8 Nov 2017 12:06:51 -0800 (PST) X-Original-To: intel-sgx-kernel-dev@lists.01.org Delivered-To: intel-sgx-kernel-dev@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=sean.j.christopherson@intel.com; receiver=intel-sgx-kernel-dev@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DEAE9202E5E64 for ; Wed, 8 Nov 2017 12:06:50 -0800 (PST) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Nov 2017 12:10:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,365,1505804400"; d="scan'208";a="173413581" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.8]) by fmsmga005.fm.intel.com with ESMTP; 08 Nov 2017 12:10:51 -0800 Message-ID: <1510171646.4659.5.camel@intel.com> From: Sean Christopherson To: Jarkko Sakkinen , intel-sgx-kernel-dev@lists.01.org Date: Wed, 08 Nov 2017 12:07:26 -0800 In-Reply-To: <20171010143258.21623-11-jarkko.sakkinen@linux.intel.com> References: <20171010143258.21623-1-jarkko.sakkinen@linux.intel.com> <20171010143258.21623-11-jarkko.sakkinen@linux.intel.com> X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 Subject: Re: [intel-sgx-kernel-dev] [PATCH RFC v3 10/12] intel_sgx: in-kernel launch enclave X-BeenThere: intel-sgx-kernel-dev@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: =?iso-8859-1?q?Project=3A_Intel=AE_Software_Guard_Extensions_for_Linux*=3A_https=3A//01=2Eorg/intel-software-guard-extensions?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: platform-driver-x86@vger.kernel.org Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org Sender: "intel-sgx-kernel-dev" X-Virus-Scanned: ClamAV using ClamSMTP On Tue, 2017-10-10 at 17:32 +0300, Jarkko Sakkinen wrote: > +static RSA *load_sign_key(const char *path) > +{ > + FILE *f; > + RSA *key; > + > + f = fopen(path, "rb"); > + if (!f) { > + fprintf(stderr, "Unable to open %s\n", path); > + return NULL; > + } > + key = RSA_new(); > + if (!PEM_read_RSAPrivateKey(f, &key, pem_passwd_cb, NULL)) > + return NULL; > + fclose(f); > + > + if (BN_num_bytes(key->n) != SGX_MODULUS_SIZE) { Dereferencing the RSA pointer (key) breaks on OpenSSL 1.1.0 as RSA is now an opaque object.  It's relatively easy to fudge around the issue, patch below. https://github.com/openssl/openssl/issues/1491 https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes > + fprintf(stderr, "Invalid key size %d\n", BN_num_bytes(key- > >n)); > + RSA_free(key); > + return NULL; > + } > + > + return key; > +} > +         FILE *f; @@ -125,8 +136,9 @@ static RSA *load_sign_key(const char *path)                 return NULL;         fclose(f);   -       if (BN_num_bytes(key->n) != SGX_MODULUS_SIZE) { -               fprintf(stderr, "Invalid key size %d\n", BN_num_bytes(key->n)); +       if (BN_num_bytes(get_modulus(key)) != SGX_MODULUS_SIZE) { +               fprintf(stderr, "Invalid key size %d\n", +                       BN_num_bytes(get_modulus(key)));                 RSA_free(key);                 return NULL;         } @@ -511,7 +523,7 @@ int main(int argc, char **argv)         if (!sign_key)                 goto out;   -       BN_bn2bin(sign_key->n, ss.modulus); +       BN_bn2bin(get_modulus(sign_key), ss.modulus);           if (!measure_encl(argv[1], ss.body.mrenclave))                 goto out; diff --git drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c index 27e8c61d033c..e454dc95f438 100644 --- drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c +++ drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c @@ -110,6 +110,17 @@ static int pem_passwd_cb(char *buf, int size, int rwflag, void *u)         return strlen(buf) >= size ? size - 1 : strlen(buf);  }   +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +       return key->n; +#else +       const BIGNUM *n; +       RSA_get0_key(key, &n, NULL, NULL); +       return n; +#endif +} +  static RSA *load_sign_key(const char *path)  {