Hi Team,
My applicaiton core dumped. I read the related OSSL code and can't figure out why struct X509_pubkey_st.algor is NULL. I tried to reproduce the issue and captured the Certificate Handshake packet from the SSL server and found that the 3rd certificate
contains the public key algorithm. Any constructive suggest is highly appreciated.
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160…
modulus: 0x00b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d…
publicExponent: 65537
(gdb) bt
0 0x00007f9e09f9f70f in x509_pubkey_decode (ppkey=ppkey@entry=0x7f9d8e1f7e78, key=0x7f9d866287a0) at crypto/x509/x_pubkey.c:113
1 0x00007f9e09f9f9dd in X509_PUBKEY_get0 (key=<optimized out>) at crypto/x509/x_pubkey.c:159
0000002 0x00007f9e09f920ae in X509_get0_pubkey (x=x@entry=0x7f9d866e8480) at crypto/x509/x509_cmp.c:277
3 0x00007f9e09fb228b in x509_likely_issued (issuer=0x7f9d866e8480, subject=0x7f9d866e8300) at crypto/x509v3/v3_purp.c:876
4 0x00007f9e09f9644c in check_issued (ctx=<optimized out>, x=<optimized out>, issuer=<optimized out>) at crypto/x509/x509_vfy.c:352
5 0x00007f9e09f97362 in find_issuer (ctx=ctx@entry=0x7f9d86635c00, sk=sk@entry=0x7f9d872ff700, x=0x7f9d866e8300)
at crypto/x509/x509_vfy.c:338
6 0x00007f9e09f98eab in build_chain (ctx=0x7f9d86635c00) at crypto/x509/x509_vfy.c:3224
7 verify_chain (ctx=0x7f9d86635c00) at crypto/x509/x509_vfy.c:219
8 0x00007f9e09f99c90 in X509_verify_cert (ctx=ctx@entry=0x7f9d86635c00) at crypto/x509/x509_vfy.c:303
9 0x00007f9e07d3b458 in ssl_verify_cert_chain (s=s@entry=0x7f9d86657800, sk=sk@entry=0x7f9d86628bc0) at ssl/ssl_cert.c:427
10 0x00007f9e07d5f149 in tls_process_server_certificate (s=0x7f9d86657800, pkt=0x7f9d8e1f8120) at ssl/statem/statem_clnt.c:1898
11 0x00007f9e07d61705 in ossl_statem_client_process_message (s=0x7f9d86657800, pkt=<optimized out>) at ssl/statem/statem_clnt.c:1040
12 0x00007f9e07d5b4ce in read_state_machine (s=0x7f9d86657800) at ssl/statem/statem.c:636
13 state_machine (s=0x7f9d86657800, server=0) at ssl/statem/statem.c:434
14 0x00007f9e07d46668 in SSL_do_handshake (s=s@entry=0x7f9d86657800) at ssl/ssl_lib.c:3716
...
(gdb)
(gdb) f 0
0 0x00007f9e09f9f70f in x509_pubkey_decode (ppkey=ppkey@entry=0x7f9d8e1f7e78, key=0x7f9d866287a0) at crypto/x509/x_pubkey.c:113
113 crypto/x509/x_pubkey.c: No such file or directory.
(gdb) p *key
$30 = {algor = 0x0, public_key = 0x7f9d866287e0, pkey = 0x0}
In x509_pubkey_decode():
Line113 if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) {
SSL server send 4 certificates in its Certificate packet and only the 3rd one has NULL algor in its public key.
(gdb) f 9
9 0x00007f9e07d3b458 in ssl_verify_cert_chain (s=s@entry=0x7f9d86657800, sk=sk@entry=0x7f9d86628bc0) at ssl/ssl_cert.c:427
427 ssl/ssl_cert.c: No such file or directory.
(gdb) p *((struct stack_st *)sk)
$35 = {num = 4, data = "" sorted = 0, num_alloc = 4, comp = 0x0}
(gdb) x/4xg 0x7f9d86627520
0x7f9d86627520: 0x00007f9d866e8000 0x00007f9d866e8300
0x7f9d86627530: 0x00007f9d866e8480 0x00007f9d866e8780
(gdb) p ((struct x509_st *)0x00007f9d866e8480)->cert_info.key
$36 = (X509_PUBKEY *) 0x7f9d866287a0
(gdb) p *((X509_PUBKEY *) 0x7f9d866287a0)
$37 = {algor = 0x0, public_key = 0x7f9d866287e0, pkey = 0x0}
(gdb) p ((struct x509_st *)0x00007f9d866e8780)->cert_info.key
$38 = (X509_PUBKEY *) 0x7f9d866512e0
(gdb) p *((X509_PUBKEY *) 0x7f9d866512e0)
$39 = {algor = 0x7f9d872fd220, public_key = 0x7f9d866272e0, pkey = 0x7f9d8661bc30}
(gdb) p ((struct x509_st *)0x00007f9d866e8000)->cert_info.key
$40 = (X509_PUBKEY *) 0x7f9d86625b00
(gdb) p *((X509_PUBKEY *) 0x7f9d86625b00)
$41 = {algor = 0x7f9d872fd1a0, public_key = 0x7f9d86637980, pkey = 0x7f9d8661b870}
(gdb) p ((struct x509_st *)0x00007f9d866e8300)->cert_info.key
$42 = (X509_PUBKEY *) 0x7f9d8662b900
(gdb) p *((X509_PUBKEY *) 0x7f9d8662b900)
$43 = {algor = 0x7f9d872fd340, public_key = 0x7f9d86628060, pkey = 0x7f9d8661b5a0}
(gdb) |