Hello,
I am trying to walk through the user guide for CST 3.3.1 for generating a CSF binary signature. I am doing this with keys stored on AWS cloudHSM and have openssl 1.1.1k and using PKCS#11. CloudHSM does not support adding pins to private keys, so I have the private keys in the HSM and the certificates locally. My hsm.cfg file looks like
# hsm stuff
hsm:
{
module = "/opt/cloudhsm/lib/libcloudhsm_pkcs11.so";
pin = "ep800_hab_test:ep800password";
slot = 0;
objects = (
{ file = "../crts/CSF1_1_sha256_secp384r1_v3_usr_crt.pem";
id = "100";
},
{ file = "../crts/IMG1_1_sha256_secp384r1_v3_usr_crt.pem";
id = "101";
});
};
After trying to compile the source code as described in the user guide, I found that I was missing libfrontend.a but was able to find it from a newer download of the source code and was able to then compile. After running the tool, I encountered a segmentation fault:
19105 Segmentation fault (core dumped) ../code/back_end-hsm/src/cst -i csf_spl.txt -o csf_spl.bin
and debugged this to find that it was coming from code/back_end-hsm/src/backend.c in line 607 from the line
ENGINE_ctrl_cmd_string (eng, "MODULE_PATH", hsm_conf.module_path, 0);
Is there a specific version of openssl I should be using for using the code-signing tool?
I included a pdf of the user guide I was using for this.
