Hi all, I am trying to sign an ASN1 object. Basically the object is very similar to an OCSP request - it is the PRQP response message (new proposal at IETF for PKI Discovery Query Protocol).
The basic structure is reported here:
========
/* PRQPResponse ::= SEQUENCE {
* respData TBSRespData,
* signature [0] EXPLICIT Signature OPTIONAL }
*/
ASN1_SEQUENCE(PRQP_RESP) = {
ASN1_SIMPLE(PRQP_RESP, respData, TBS_RESP_DATA),
ASN1_EXP_OPT(PRQP_RESP, prqpSignature, PRQP_SIGNATURE, 0)
} ASN1_SEQUENCE_END(PRQP_RESP)
========
Where the prqpSignature is the usual:
========
/* Signature ::= SEQUENCE {
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING,
* certs [0] EXPLICIT SEQUENCE OF Certificate OPT }
*/
ASN1_SEQUENCE(PRQP_SIGNATURE) = {
ASN1_SIMPLE(PRQP_SIGNATURE, signatureAlgorithm, ASN1_OBJECT ),
ASN1_SIMPLE(PRQP_SIGNATURE, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(PRQP_SIGNATURE, certs, X509, 0)
} ASN1_SEQUENCE_END(PRQP_SIGNATURE)
IMPLEMENT_ASN1_FUNCTIONS(PRQP_SIGNATURE)
=========
When I want to sign the structure I generate the prqpSignature object and
then I call the ASN1_item_sign, but I get a memory fault when the openssl
lib tries to free the (signatureAlgorithm->parameter) in:
asn1/a_sign.c --> line 243
Where am I missing something ?
Just to try, I changed the code and worked on a different test (although it
seems
quite wrong to me) to figure out what's going on.
I initialized the signatureAlgorithm structure (which is the one that is
giving me the hard times), by doing the following:
=========
if((a = X509_ALGOR_new()) == NULL ) {
fprintf( stderr, "ERROR::No X509_ALGOR allocated!\n");
}
if((a->algorithm = OBJ_nid2obj( NID_sha1WithRSAEncryption )) == NULL ) {
fprintf( stderr, "ERROR::No valid algorithm generated!\n");
}
if((a->parameter = ASN1_TYPE_new()) == NULL ) {
fprintf(stderr, "ERROR::Can not generate a valid parameter!\n");
}
ASN1_TYPE_set(a->parameter, V_ASN1_NULL, (void *) NULL );
resp->prqpSignature->signatureAlgorithm = a;
ret = PRQP_ASN1_item_sign( ASN1_ITEM_rptr(TBS_RESP_DATA),
resp->prqpSignature->signatureAlgorithm, NULL,
resp->prqpSignature->signature, resp->respData,
(EVP_PKEY *) pkey, (EVP_MD *) md );
=========
Everything seems to work properly, as the signature is generated correctly
and I can print it out with the X509_signature_print().
Anyhow when I want to write it to a BIO (i2d_PRPQ_RESP_bio), I get
a segmentation fault:
==========
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1284179056 (LWP 21851)]
0x4186f6d5 in memcpy () from /lib/libc.so.6
(gdb) bacltrace
Undefined command: "bacltrace". Try "help".
(gdb) backtrace
#0 0x4186f6d5 in memcpy () from /lib/libc.so.6
#1 0x47c67c9b in asn1_ex_i2c () from /lib/libcrypto.so.6
#2 0x47c67e61 in asn1_ex_i2c () from /lib/libcrypto.so.6
#3 0x47c6810c in ASN1_item_ex_i2d () from /lib/libcrypto.so.6
#4 0x47c68637 in ASN1_item_ex_i2d () from /lib/libcrypto.so.6
#5 0x47c6829b in ASN1_item_ex_i2d () from /lib/libcrypto.so.6
#6 0x47c6882f in ASN1_item_ex_i2d () from /lib/libcrypto.so.6
#7 0x47c6829b in ASN1_item_ex_i2d () from /lib/libcrypto.so.6
#8 0x47c68981 in ASN1_template_i2d () from /lib/libcrypto.so.6
#9 0xb7fac2d9 in i2d_PRQP_RESP (a=0x805f6a0, out=0xb374ed50) at asn1_res.c:112
#10 0x47c7517c in PEM_ASN1_write_bio () from /lib/libcrypto.so.6
#11 0xb7faeecb in PEM_write_bio_PRQP_RESP (bp=0x8088938, o=0x805f6a0)
at prqp_bio.c:92
=========
Anyone can help me ? It is quite strange behavior -- I am missing something,
but I have no idea *what* am I missing!!!!
Later,
Max
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
