Closed mpeylo closed 4 years ago
@DDvO @Akretsch was it so that this is nowadays fixed?
I just came across this issue -
I must have overlooked it earlier (sorry for that) and apparently @Akretsch did not respond either.
This bug has long been solved at least in our cmp-dev
branch,
and also the OpenSSL master
contains in cmp_msg.c
:
if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) {
CMPerr(0, CMP_R_MISSING_PRIVATE_KEY);
goto err;
}
Populating the CTX with a newpkey only containing a public key (no private key) triggers a Segfault if it is attempted to calculate popo.
It should be checked whether the newPkey contains a private key before it is attempted to calculate popo with it.
While that might not be possible to happen with the CLI, it is possible that this happens if the API is used directly.