xml-security-c 2.0.2

Cantor, Scott cantor.2 at osu.edu
Wed Nov 7 21:09:16 GMT 2018

> Speaking of the current issue: how is it possible to have only a private key in a
> DSA structure?  OpenSSL 1.1 does not seem to allow this at all.

I don't really know DSA well enough to even know what those fields mean, but the KeyInfo structure is just data. The right combination of elements causes OpenSSL to crash because the key material isn't in the right state, and the code wasn't detecting that before it tried to use the key object.

> Is there some 1.0 code path which gives you this?  What do I miss here?

I don't remember which combination of the elements causes the crash, I'd have to look at Rod's unit tests, but if you check out xmltooling master and run against an unpatched 2.0.1 one of the tests crashes. The code is "safe" on empty elements, but it puts the key into a state that OpenSSL doesn't handle and the code wasn't guarding against it.

> OK, this is what I suspected.  You don't support 1.7 anymore, so you didn't
> mention it.  But that doesn't mean we haven't got to backport the fix for Debian
> stable.

I'm just speaking to how best I can communicate what I know vs. what I don't necessarily know and how to distinguish that. As the code diverges more, it becomes less likely I'll know whether the bugs cross versions.

-- Scott

More information about the Pkg-shibboleth-devel mailing list