[kmf-discuss] KMF_SignCSR problem

Massimiliano Pala pala at cs.dartmouth.edu
Sun Mar 18 20:16:13 PDT 2007 

Hi all,

I am trying to sign a CSR, but I get a seg fault (pstack):

  fe694f28 encode_extension_list (806fee0, 806f810) + 54
  fe696907 encode_csr_extensions (806fa00, 806f7e8) + 9f
  fe696a76 encode_tbs_csr (806fa00, 806f7e8) + 7e
  fe696c56 DerEncodeTbsCsr (806f7e8, 8047b58) + 3e
  fe9cf63d KMF_SignCSR (8088320, 806f7e8, 8088740, 8062ef8, fe9afaf8, 8047c98) + 79
  08051fa7 PKI_X509_REQ_new (8088858, 0, 0, 0, feffa7d0, 8047bf4) + ef
  080515ff gen_X509_Req (0, 200, 80522e4, 8062754, 0, 8052162) + 97
  0805191b main     (1, 8047c38, 8047c40) + a3
  0805140c _start   (1, 8047d00, 0, 8047d3c, 8047d90, 8047da4) + 80

I was wondering if there are required fields in the CSR before being
able to sign it. I use the following:

   rv = KMF_SignCSR( lib_h, req->tbs, pkey->priv_key, req->data);

where:

- pkey->priv_key is a KMF_KEY_HANDLE (as returned from KMF_CreateKeyPair());

- pkey->pub_key is a KMF_KEY_HANDLE (as returned from KMF_CreateKeyPair());

- req->tbs is a KMF_CSR_DATA where I have correctly set:
   * pubkey with --> KMF_SetCSRPubKey ( lib_h, pkey->pub_key, req->tbs);
   * version number with --> KMF_SetCSRVersion( req->tbs, 2 );
   * subject DN with --> KMF_SetCSRSubjectName ( req->tbs, &xname );
     ( where xname is set with KMF_DNParser( "", &xname ))

The problem seems related to extensions, are them required ? Since I am not
setting any, now ? (I also tried seting the version number to 0, but it does
not help)

Maybe you could add some checks on the input in the encoding routines for
bad values passed to the Sign routine :)

Thanks and have a good day!

Cheers,

-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala at cs.dartmouth.edu
                                                  project.manager at openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3088 bytes
Desc: S/MIME Cryptographic Signature
Url : http://oss-beta1.opensolaris.org/pipermail/kmf-discuss/attachments/20070318/0ec1cdeb/attachment.bin

More information about the kmf-discuss mailing list