Friday, January 03, 2025

yubico-piv-tool: libcrypto SIGSEGV on self-signed certificate generation

Today's packages and snapshot with /bsd
OpenBSD 7.6-current (GENERIC.MP) #497: Fri Jan 3 10:21:33 MST 2025


uhidev12 at uhub1 port 7 configuration 1 interface 1 "Yubico Yubikey 4 OTP+U2F+CCID" rev 2.00/4.31 addr 10
uhidev12: iclass 3/0
fido0 at uhidev12: input=64, output=64, feature=0
ugen1 at uhub1 port 7 configuration 1 "Yubico Yubikey 4 OTP+U2F+CCID" rev 2.00/4.31 addr 10


I created a key:
$ yubico-piv-tool -s9a -agenerate | tee ./pubkey
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
Successfully generated a new private key.

and wanted to create a self-signed certificate with it:
$ yubico-piv-tool -s9a -S'/CN=yubikey/' -averify-pin -aselfsign < ./pubkey
Enter PIN:
Successfully verified PIN.
Segmentation fault (core dumped)



Program terminated with signal SIGSEGV, Segmentation fault.
#0 _lcry_BN_with_flags (dest=0x762e12c43d80, b=0x0, flags=4) at /usr/src/lib/libcrypto/bn/bn_lib.c:147
147 (b->flags & ~BN_FLG_MALLOCED) | BN_FLG_STATIC_DATA | flags;
(gdb) bt
#0 _lcry_BN_with_flags (dest=0x762e12c43d80, b=0x0, flags=4) at /usr/src/lib/libcrypto/bn/bn_lib.c:147
#1 0x00000a137fd54027 in rsa_private_encrypt (flen=<optimized out>, from=<optimized out>, to=0xa13ddc30800 "",
rsa=0xa13872c7750, padding=1) at /usr/src/lib/libcrypto/rsa/rsa_eay.c:393
#2 0x00000a137fd74293 in _lcry_RSA_sign (type=<optimized out>, m=<optimized out>, m_len=<optimized out>,
sigret=0xa13ddc30800 "", siglen=0x762e12c43e9c, rsa=0xa13872c7750) at /usr/src/lib/libcrypto/rsa/rsa_sign.c:158
#3 0x00000a137fddfcac in pkey_rsa_sign (ctx=0xa1359019e10, sig=0xa13ddc30800 "", siglen=0x762e12c43f90,
tbs=0x762e12c43ef0 "\250\037\261.̃£Rt\364I\n\252>\t\t\b\036Y\310\r\344\271\301\255F_\224\301\232\177\245^\220\355\344\177\023\n", tbslen=32) at /usr/src/lib/libcrypto/rsa/rsa_pmeth.c:218
#4 0x00000a137fe1c63b in _lcry_EVP_DigestSignFinal (ctx=0xa13a1d2ff00, sigret=0xa13ddc30800 "", siglen=0x762e12c43f90)
at /usr/src/lib/libcrypto/evp/m_sigver.c:209
#5 0x00000a137fdf1bdb in asn1_item_sign (ctx=0xa13a1d2ff00, it=0xa137fe4ed90 <_libre_X509_CINF_it>, asn=<optimized out>,
signature=0xa134fd68480) at /usr/src/lib/libcrypto/asn1/asn1_item.c:305
#6 _lcry_ASN1_item_sign_ctx (it=0xa137fe4ed90 <_libre_X509_CINF_it>, algor1=<optimized out>, algor2=<optimized out>,
signature=0xa134fd68480, asn=<optimized out>, ctx=0xa13a1d2ff00) at /usr/src/lib/libcrypto/asn1/asn1_item.c:370
#7 0x00000a137fdf196d in _lcry_ASN1_item_sign (it=0xa137fe4ed90 <_libre_X509_CINF_it>, algor1=0xa13e1e293a0,
algor2=0xa13e1e29ed0, signature=0xa134fd68480, asn=0xa1352eaf620, pkey=0xa13fed37aa0, type=0xa137fe4a978 <sha256_md>)
at /usr/src/lib/libcrypto/asn1/asn1_item.c:234
#8 0x00000a137fd31f95 in _lcry_X509_sign (x=<optimized out>, pkey=0x100, md=<optimized out>)
at /usr/src/lib/libcrypto/x509/x_all.c:429
#9 0x00000a114a1923d3 in selfsign_certificate ()
#10 0x00000a114a18f211 in main ()

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)