There are 2 issues I found with OCSP.
-
When neverbleed is enabled, OCSP_basic_verify with RSA key because RSA object has NULL bn_mod_exp. This can be fixed by just assigning default function to the field. But I propose to use RSA_meth_dup first, and then override custom functions instead.
-
If optional certificate is attached in OCSP response, priv_rsa_finish or priv_ecdsa_finish is called when OCSP_BASICRESP_free is called. In that function chain, we end up calling RSA_get_ex_data or
EC_KEY_get_ex_data, but we don't set its associated data, it fails and we hit dief.
One possible workaround is don't call dief if we cannot get any data from these functions and just do nothing without communicating daemon process. What do you think?
Issue 1 is new to OpenSSL 1.1.1.
I don't know Issue 2 happens with older OpenSSL. I just found it while debugging Issue 1.
There are 2 issues I found with OCSP.
When neverbleed is enabled, OCSP_basic_verify with RSA key because RSA object has NULL bn_mod_exp. This can be fixed by just assigning default function to the field. But I propose to use RSA_meth_dup first, and then override custom functions instead.
If optional certificate is attached in OCSP response, priv_rsa_finish or priv_ecdsa_finish is called when OCSP_BASICRESP_free is called. In that function chain, we end up calling RSA_get_ex_data or
EC_KEY_get_ex_data, but we don't set its associated data, it fails and we hit dief.
One possible workaround is don't call dief if we cannot get any data from these functions and just do nothing without communicating daemon process. What do you think?
Issue 1 is new to OpenSSL 1.1.1.
I don't know Issue 2 happens with older OpenSSL. I just found it while debugging Issue 1.