NULL first parameter of X509V3_EXT_conf?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am a maintainer of M2Crypto [1] and I have finally moved to try
to understand mysterious crash in X509.new_extension() function
[2]. This (shortened) script [3] leads quite consistently to crash on all Pythons
from 2.7 to 3.12 with the latest M2Crypto 0.42.0 and many previous versions:

    from M2Crypto import X509

    sub_key_id = '1C:E6:F0:58:58:32:BC:7B:BA:8E:E0:23:1B:FF:17:99:B0:4D:CF:64'

    cert_pem_string = """
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    """
    m2_x509_cert = X509.load_cert_string(cert_pem_string)

    local_ski = m2_x509_cert.get_ext('subjectKeyIdentifier')
    local_aki = m2_x509_cert.get_ext('authorityKeyIdentifier')

    X509.new_extension('subjectKeyIdentifier', sub_key_id)
    print('This next bit seq faults.')
    X509.new_extension('authorityKeyIdentifier', 'keyid')

X509.new_extension() is just a very thin layer over
X509V3_EXT_conf() and it seems that OpenSSL crashes in this
function when it is called for the second time with the first
parameter (`conf`) set to `NULL`. The function doesn’t seem to be
very well documented (at least I haven’t find a manpage for it),
so I dived directly into the code and it seems to me that it all
boils down to `def_init_default()` function [4], which however
seems to be perfectly happy with `conf` value being `NULL`.

Any idea what I am missing?

Thank you for kicking me into the right direction,

Matěj


[1] Recently moved to https://sr.ht/~mcepl/m2crypto/
[2] https://todo.sr.ht/~mcepl/m2crypto/9
[3] Full version of the reproducer is on
    https://gitlab.com/-/project/346279/uploads/3b9517dc3b8582a47cd83c7cca14af2a/crash_m2crypto.py
[4] https://github.com/openssl/openssl/blob/master/crypto/conf/conf_def.c#L124
-- 
http://matej.ceplovi.cz/blog/, @mcepl@floss.social
GPG Finger: 3C76 A027 CA45 AD70 98B5  BC1D 7920 5802 880B C9D8
 
Do not pity the dead, Harry. Pity the living, and above all, the
people who watched [Harry Potter and the Cursed Child].
  -- Philami on https://is.gd/f9VMaC

-- 
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/D482XO16CXPR.2TBIO826UF3JY%40cepl.eu.

Attachment: E09FEF25D96484AC.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux