[Bug 1599550] Fix included in openstack/barbican 3.0.0.0b3

OpenStack Infra 1599550 at bugs.launchpad.net
Wed Aug 31 23:08:01 UTC 2016 

This issue was fixed in the openstack/barbican 3.0.0.0b3 development
milestone.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to barbican in Ubuntu.
https://bugs.launchpad.net/bugs/1599550

Title:
  barbican + softhsm2 + libssl1.0.0: pkcs11:_generate_random() fails

Status in Barbican:
  Fix Released
Status in barbican package in Ubuntu:
  New

Bug description:
  barbican + softhsm2 + libssl1.0.0 — P11CryptoPluginException: HSM
  returned response code: 0x5L CKR_GENERAL_ERROR - possible random_seed
  not initialised?

  Background:

  barbican 2.0.0 (from xenial 16.04 packages)
  softhsm2 2.0.0 (from xenial 16.04 packages)
  libssl1.0.0 (also from xenial 16.04 packages)

  When attempting to do:

      secret = barbican.secrets.create(name='Self destruction sequence',
                                       payload='the magic words are squeamish ossifrage’,
                                       payload_content_type='text/plain')
      secret.store()

  The ‘secret.store()’ blows up with a:
  "barbicanclient.exceptions.HTTPServerError: Internal Server Error"

  Digging into the barbican-api.log reveals the following log (cleaned
  up a little):

    Problem seen creating plugin: 'p11_crypto'
   Traceback (most recent call last):
     File "/usr/lib/python2.7/dist-package.py", line 42, in instantiate_plugins
       plugin_instance = ext.plugin(*invoke_args, **invoke_kwargs)
     File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/p11_crypto.py", line 87, in __init__
       self.pkcs11 = pkcs11 or self._create_pkcs11(plugin_conf, ffi)
     File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/p11_crypto.py", line 237, in _create_pkcs11
       algorithm=plugin_conf.algorithm
     File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 356, in __init__
       self._rng_self_test(session)
     File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 636, in _rng_self_test
       test_random = self.generate_random(100, session)
     File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 373, in generate_random
       buf = self._generate_random(length, session)
     File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 581, in _generate_random
       self._check_error(rv)
     File "/usr/lib/python2.7/dist-packages/barbican/plugin/crypto/pkcs11.py", line 576, in _check_error
       code=ERROR_CODES.get(value, 'CKR_????')))
   P11CryptoPluginException: HSM returned response code: 0x5L CKR_GENERAL_ERROR

  
  What I think may be wrong:

  This is just based on me looking at the code, but I’m wondering if it
  isn’t a feature of the new libssl library (>= 0.9.5) which bails out
  if the random number generator isn’t seeded:  (from
  https://www.openssl.org/docs/faq.html#USER1):

  “On other systems, applications have to call the RAND_add() or
  RAND_seed() function with appropriate data before generating keys or
  performing public key encryption. (These functions initialize the
  pseudo-random number generator, PRNG.) Some broken applications do not
  do this. As of version 0.9.5, the OpenSSL functions that need
  randomness report an error if the random number generator has not been
  seeded with at least 128 bits of randomness. If this error occurs and
  is not discussed in the documentation of the application you are
  using, please contact the author of that application; it is likely
  that it never worked correctly. OpenSSL 0.9.5 and later make the error
  visible by refusing to perform potentially insecure encryption."

  Digging through the code:

  In SoftHSMv2/src/lib/SoftHSM.cpp:
  (https://github.com/opendnssec/SoftHSMv2/blob/04df677ce750d3486867b4f853c9648696c0db1c/src/lib/SoftHSM.cpp#L6283)

          // Get the RNG
          RNG* rng = CryptoFactory::i()->getRNG();
          if (rng == NULL) return CKR_GENERAL_ERROR;

  Seems to be the most likely culprit, and digging further (with the
  Openssl library part):

  In SoftHSMv2/src/lib/crypto/OSSLRNG.cpp
  (https://github.com/opendnssec/SoftHSMv2/blob/a4799c41cdcdd31d503d8f4eba9003b8e5571d73/src/lib/crypto/OSSLRNG.cpp#L38):

      bool OSSLRNG::generateRandom(ByteString& data, const size_t len)
      {
          data.wipe(len);

          if (len == 0)
                  return true;
          return RAND_bytes(&data[0], len) == 1;
      }

  Reading the doc above, it would appear that RAND_bytes(..) returns 0
  if there isn’t sufficient entropy for versions of OpenSSL >= 0.9.5

  I can also confirm that Softhsm2 has a seed function:

  CK_RV SoftHSM::C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR
  pSeed, CK_ULONG ulSeedLen)

  and that it’s not called from Barbican
  (https://github.com/openstack/barbican/search?utf8=%E2%9C%93&q=C_SeedRandom).

  I’m not sure where the relevant call to C_SeedRandom() would need to
  be in Barbican, plus where the seed file should come from.

To manage notifications about this bug go to:
https://bugs.launchpad.net/barbican/+bug/1599550/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list