[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

info and questions on CML

To: IMC-CML mailing list <imc-cml@xxxxxxx>
Subject: info and questions on CML
From: Ken Stillson <stillson@xxxxxxxxxxxx>
Date: Fri, 19 Oct 2001 10:34:39 -0400 (EDT)
List-archive: <http://www.imc.org/imc-cml/mail-archive/>
List-id: <imc-cml.imc.org>
List-unsubscribe: <mailto:imc-cml-request@imc.org?body=unsubscribe>
Sender: owner-imc-cml@xxxxxxxxxxxx


  Hello list,

  <info part>

  As some of you may know by now, my company, Mitretek Systems, is
  implementing a service wrapper around CML/CPL.  This Windows NT/2000
  service (with possible Unix TCP service port) is known as the
  Discovery And Validation Engine (DAVE).

  DAVE will be integrated into the Certificate Arbitrator Module (CAM), thus
  providing inter-operability between two of the federal government's PKI
  efforts: the federal bridge CA (FBCA, which uses path discovery) and the
  Access Certificates for Electronic Services program (ACES, which uses CAM).

  It's not confirmed just yet, but I hope and believe DAVE will be released
  as open-source upon completion (although I cannot speak for Mitretek or
  our client(s) on this; I'm a techie and that's a management call.)

  During this coding, I've had to make a number of adjustments to CML/CPL,
  both because I need CML and all its dependencies statically linked
  (currently only some CML dependencies support this), and because I think
  I've started to find some possible bugs, which leads to:

  <questions part>

  <#1>

  CMAPI:
  CM_Retrieve_key.c:
  CMU_CPLBuildPath(...):

  	/* Check to see if certificate the same as the one passed in,
  		if not, try another path */
         if (CMU_CompareBytes(&pCertPath->asn1cert, &origAsnCert) == FALSE)
               continue;

  This code segment is causing a major problem for me, when the path length
  is exactly 2 (ie: one subordinate CA directly under a trust anchor).  It
  causes the trust anchor to be left off the path, which causes subsequent
  validation failure when the trust-path for a CRL verification cannot be
  established back to the anchor.

  I find that if I disable this code block, everything works fine.
  Can someone perhaps explain why this test is in there.  It sounds like
  it's some sort of loop prevention, but I've never had it trigger and do
  something obviously useful.

  Is removing this block a security problem?
  I'm just not convinced I understand it's purpose...


  <#2>

  CMAPI:
  CM_infc.c:
  short CMU_BreakUpCertPath(...):
        else if (totalElmtsLen1 != elmtLen0)
         {
           err = CM_ASN_ERROR;
           goto ErrorExit;
        }

  I've found several condition under which this safety check fails.
  That's strange, as the path was just constructed a few calls before by CML
  itself.  It appears that a few "extra" bytes (usually 2 bytes) remain
  after decoding.  If I disable this check, it always works.

  I suspect the actual bug is in the ASN1 encoding logic, but haven't been
  able to discover the pattern which causes failure yet (it's complicated in
  there...)  Anyone else had problems with this?


  Thanks-in-advance for any ideas or input!

  Regards,

  	- Ken Stillson
  	  DAVE developer


-- 
      |   Ken Stillson             |    stillson@xxxxxxxxxxxx    |
      |   Sr. Principal Engineer   |    voice: (703) 610-2965    |
      |   Mitretek Systems         |      fax: (703) 610-2984    |

Prev by Date: FW: SRL_FreeDBListing
Next by Date: RE: info and questions on CML
Previous by thread: FW: SRL_FreeDBListing
Next by thread: RE: info and questions on CML
Index(es):
- Date
- Thread