Closed pemensik closed 1 year ago
Thank you for the report. We are discussing internally how we want to approach this.
Fix in main should resolve any issues with alignment of structures in SCOSSL in the presence of memory allocators that have alignment guarantees less than required by SymCrypt for SymCrypt structs.
We have a customer, who tried to use SymCrypt and this engine to implement FIPS 140-2 like compliance. However they hit a crashes with some software, for example bind-export-libs and dhcp client.
I have tried reproducing it by using the engine with named service. It crashes early in the start, because it uses MOVAPS instructions requiring 16B alignment. Normal OpenSSL does not have any similar requirement and typical application does not have a need for alignment checks. I think that is important difference from default OpenSSL engine, be it on Windows platform or Linux. Is such requirement documented anywhere?
I think such requirement prevents the use of symcryptengine as a system wide default. Is it possible to build version without such limitation? Ie. which would accept also non-aligned memory buffers? I had expected some requirements for RSA keys and such, but requirement of digest functions is a bit surprising.