[kmf-discuss] KMF_SignCSR problem

Mon Mar 19 07:33:34 PDT 2007

As usual.. Thanks!

I think that it might be a good idea to add some 'OBJ_new' functions to the
library so that when the objects are created, the lib itself could take care
about initialization of the values (i.e., in most cases it will be zeroize
the structure, but it might also be setting default values...).
And, if possible, I would avoid macros, they are an inferno when it comes
to debugging, usually :(

Something like:

	KMF_CSR_DATA * KMF_CSR_DATA_new( void );

if there was something like this for each datatype, it would be easier for
the developer, because memory management would become more "linear", i.e.
using the KMF_CSR_DATA_new() and KMF_CSR_DATA_free() [ or KMF_FreeCSR() and
KMF_NewCSR() as it is now]

Thanks for the help!

By the way, I am now actually working with the openssl store for "simple"
operations and I'll go deeper into store support later when dealing with
certificate issuing (I'll probably use a special datatype for that, the
"PKI_TOKEN"). Anyway, let me know if and when you are including the new
"in-memory" features also for the keys so that I can get rid of the file
operations I am actually doing now.

Cheers,
Max

Wyllys Ingersoll wrote:
> OK, I figured it out.
> 
> You must "zero" the CSR structure before you start building it.
> ex:
>   (void) memset(&req->tbs, 0, sizeof (KMF_CSR_DATA));
> 
> Otherwise, the "numberOfExtensions" counter inside the structure
> is uninitialized and any non-zero value in that position will
> potentially cause a SEGV when the "encode" routine sees it
> and tries to walk the extension list.
> 
> Maybe we need to add a new function or macro for initializing
> some of these structures.
> Ex:
> #define INITIALIZE_CSR_DATA(csrptr) (void) memset((void *)csrptr, 0, sizeof (KMF_CSR_DATA));
> 
> I posted my own sample code for signing a csr in the "files" section
> for reference.
> 
> -Wyllys

-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala at cs.dartmouth.edu
                                                  project.manager at openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3088 bytes
Desc: S/MIME Cryptographic Signature
Url : http://oss-beta1.opensolaris.org/pipermail/kmf-discuss/attachments/20070319/718f72fe/attachment.bin 