OpenSolaris

Printable Version Enter a New Search
Bug ID 6629477
Synopsis libkmf is crashed in OpenSSL_StoreKey if keytype is not KMF_RSA or KMF_DSA
State 10-Fix Delivered (Fix available in build)
Category:Subcategory solaris-crypto:key_mgmt_libraries
Keywords
Responsible Engineer Wyllys Ingersoll
Reported Against 2.0
Duplicate Of
Introduced In solaris_nevada
Commit to Fix snv_80
Fixed In snv_80
Release Fixed solaris_nevada(snv_80)
Related Bugs
Submit Date 14-November-2007
Last Update Date 19-December-2007
Description 
calling kmf_store_key crashed the application as the following,

  [1] ssl_write_key(0x8061100, 0x2, 0x8065bc0, 0x8046b78, 0x0, 0x1), at 0xc6666573
  [2] OpenSSL_StoreKey(0x8061100, 0x5, 0x8046c44), at 0xc666ad4d
  [3] kmf_store_key(0x8061100, 0x5, 0x8046c44), at 0xc6b94b90
=>[4] main(argc = 1, argv = 0x8047b60), line 124 in "km.c"

the root cause is located in,

lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c

4653         } else if (rawkey != NULL) {
4654                 /* RAW keys are always private */
4655                 if (rawkey->keytype == KMF_RSA) {
4656                         pkey = ImportRawRSAKey(&rawkey->rawdata.rsa);
4657                 } else if (rawkey->keytype == KMF_DSA) {
4658                         pkey = ImportRawDSAKey(&rawkey->rawdata.dsa);
4659                 } else {
4660                         rv = KMF_ERR_BAD_PARAMETER;
4661                 }
4662                 rv = ssl_write_key(kmfh, format, out, &cred, pkey, TRUE);
4663         }

when rawkey->keytype is not KMF_RSA or KMF_DSA, pkey=NULL is put to ssl_write_key. This is a obvisous bug that should be avoided.
Work Around 
N/A
Comments 
N/A