-
-
Notifications
You must be signed in to change notification settings - Fork 11.1k
Closed
Closed
Copy link
Labels
triaged: bugThe issue/pr is/fixes a bugThe issue/pr is/fixes a bug
Description
Encountering sigsegv when executing CMP IR using PBM while server is using signature to protect the responses.
CMP profile used by EJBCA was using HMAC authentication module in RA mode but used signature to protect responses. Crash occurs when trying to validate signature of pkiconf. Validation goes to crypto/cmp/cmp_vfy.c:353:check_cert_path_3gpp and crep is null.
Self-issued certificate from the msg extraCerts field is allowed to be used for as trust anchor for path validation:
OSSL_CMP_CTX_set_option(cmpCtx, OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR, 1)messages:
ip:
certConf:
pkiconf:
bt
#0 ossl_cmp_certresponse_get1_cert (ctx=ctx@entry=0x754030005a60, crep=0x0) at crypto/cmp/cmp_msg.c:1118
#1 0x0000754037a0fdfb in check_cert_path_3gpp (ctx=ctx@entry=0x754030005a60, msg=msg@entry=0x754030013c20, scrt=scrt@entry=0x754030014a40)
at crypto/cmp/cmp_vfy.c:353
#2 0x0000754037a108a3 in check_cert_path_3gpp (ctx=0x754030005a60, msg=0x754030013c20, scrt=0x754030014a40) at crypto/cmp/cmp_vfy.c:332
#3 check_msg_given_cert (ctx=ctx@entry=0x754030005a60, cert=cert@entry=0x754030014a40, msg=msg@entry=0x754030013c20) at crypto/cmp/cmp_vfy.c:374
#4 0x0000754037a111e3 in check_msg_find_cert (ctx=0x754030005a60, msg=0x754030013c20) at crypto/cmp/cmp_vfy.c:492
#5 OSSL_CMP_validate_msg (ctx=0x754030005a60, msg=0x754030013c20) at crypto/cmp/cmp_vfy.c:640
#6 0x0000754037a11636 in ossl_cmp_msg_check_update (ctx=0x754030005a60, msg=0x754030013c20, cb=0x754037a04f50 <unprotected_exception>, cb_arg=19)
at crypto/cmp/cmp_vfy.c:770
#7 0x0000754037a06a5c in send_receive_check (ctx=ctx@entry=0x754030005a60, req=req@entry=0x754030046f30, rep=rep@entry=0x75403523d968,
expected_type=expected_type@entry=19) at crypto/cmp/cmp_client.c:212
#8 0x0000754037a06ebd in send_receive_also_delayed (ctx=ctx@entry=0x754030005a60, req=req@entry=0x754030046f30, rep=rep@entry=0x75403523d968,
expected_type=expected_type@entry=19) at crypto/cmp/cmp_client.c:423
#9 0x0000754037a07ee7 in ossl_cmp_exchange_certConf (ctx=0x754030005a60, certReqId=<optimized out>, fail_info=0, txt=0x0) at crypto/cmp/cmp_client.c:466
#10 cert_response (ctx=ctx@entry=0x754030005a60, sleep=sleep@entry=0, rid=<optimized out>, rid@entry=0, resp=resp@entry=0x75403523d9d0,
checkAfter=checkAfter@entry=0x75403523da4c, expected_type=expected_type@entry=1, req_type=<optimized out>) at crypto/cmp/cmp_client.c:786
#11 0x0000754037a08ca2 in OSSL_CMP_try_certreq (ctx=0x754030005a60, req_type=<optimized out>, crm=<optimized out>, checkAfter=0x75403523da4c)
at crypto/cmp/cmp_client.c:852
Versions
OpenSSL 3.5.0 8 Apr 2025 (Library: OpenSSL 3.5.0 8 Apr 2025)
EJBCA 7.4.3.2
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
triaged: bugThe issue/pr is/fixes a bugThe issue/pr is/fixes a bug
