Antwort: Re: [xmlsec] XMLsec: Crash on WinNT in Keysmngr.c [Virus checked]
Hans-Juergen.Heinrich@de.gi-de.com
Hans-Juergen.Heinrich@de.gi-de.com
Tue, 21 May 2002 09:54:16 +0200
Yes, it definitely is a bug in OpenSSL (WinNT only, where it doesn't se=
em
to be tested
frequently). I use version engine-0.9.6d, but the bug also appears in o=
ther
versions.
As can be seen from the OpenSSL mailing list, others also had this prob=
lem;
I
cannot exclude the possibility that it could have to do with different
runtime libraries,
but it seems improbable. Did you get it to work on WinNT?
Originally my proposal would have been to change the code in keysmngr.c=
according
to the workaround below, but at the first trial it looks like this does=
n't
work either.
Regards,
Hans-Juergen
=
=20
Aleksey Sanin =
=20
<aleksey@alek An: Hans-Juergen.Heinrich@=
de.gi-de.com =20
sey.com> Kopie: xmlsec@aleksey.com =
=20
Thema: Re: [xmlsec] XMLsec: C=
rash on WinNT in=20
17.05.02 Keysmngr.c [Virus checked] =
=20
17:56 =
=20
=
=20
=
=20
Well, this looks as a bug in the OpenSSL. Which version do you use?
There is also a know problem with mixing different C runtime libraries
on Windows
(debug/multithread-debug/opt/multithread-opt/opt-dll/multithread-opt-dl=
l).
You MUST have everything compiled using the same mode.
Do you have problems with xmlsec.exe application compiled using
makefiles from win32/ folder?
Thanks,
Aleksey.
Hans-Juergen.Heinrich@de.gi-de.com wrote:
>Dear author,
>
>Here's a problem occurring in XMLsec on WinNT, but there is also
>a solution :-)
>When calling the procedure PEM_read_PrivateKey in Keysmngr.c, the
>program will crash.
>Anyway, this problem is already well-known in the OpenSSL mailing list=
,
>where a solution was provided (I did not yet try it, however!). See th=
e
>attachment containing this mail.
>
>I just wanted to report it so that you can update the XMLsec software.=
>
>Best regards,
>Hans-J=FCrgen Heinrich
>
>----------------------------------
>Dr. Hans-J=FCrgen Heinrich
>System engineer, 4TE3
>Giesecke & Devrient GmbH, Truderinger Stra=DFe 15, D-81607 M=FCnchen
>Phone: +49 89 4119-2625, FAX: +49 89 4119-1629
>mailto:hans-juergen.heinrich@de.gi-de.com
>http://www.gieseckedevrient.com
>
>(See attached file: crash_solution.txt)
>It works fines:
>
> EVP_PKEY *key;
> BIO *bio;
> char *file;
> //Init file with the appropriate path to the private key file.
> char *password;
> //Init the password.
>
> bio =3D BIO_new( BIO_s_file() );
> BIO_read_filename( bio, file );
> key =3D PEM_read_bio_PrivateKey( bio, NULL, NULL, password );
>
>Note that I am not providing a password callback and that I am using t=
he
>bio
>version of the PEM_read_PrivateKey.
>I hope it helps.
>
>Marc-Andre
>
>-----Original Message-----
>From: Roberto Rodrigues - McLean [mailto:Roberto.Rodrigues@Spacenet.co=
m]
>Sent: Friday, April 26, 2002 4:55 PM
>To: 'openssl-users@openssl.org'
>Subject: PEM_read_PrivateKey() wont work on Windows (visual)
>
>
>hi,
>
>I basically copied the code from sign.c, I call it like this:
>PEM_read_PrivateKey(fp, NULL, pass_cb, password);
>
>it crashes complaining about memory access.
>
>Has anyone make it work on Windows ? Is there any other way of loading=
a
>Private Key from a file (into a EVP obj) ?
>
>Thank you,
>roberto.KEY *key;
> BIO *bio;
> char *file;
> //Init file with the appropriate path to the private key file.
> char *password;
> //Init the password.
>
> bio =3D BIO_new( BIO_s_file() );
> BIO_read_filename( bio, file );
> key =3D PEM_read_bio_PrivateKey( bio, NULL, NULL, password );
>
>Note that I am not providing a password callback and that I am using t=
he
>bio
>version of the PEM_read_PrivateKey.
>I hope it helps.
>
>Marc-Andre
>
>-----Original Message-----
>From: Roberto Rodrigues - McLean [mailto:Roberto.Rodrigues@Spacenet.co=
m]
>Sent: Friday, April 26, 2002 4:55 PM
>To: 'openssl-users@openssl.org'
>Subject: PEM_read_PrivateKey() wont work on Windows (visual)
>
>
>hi,
>
>I basically copied the code from sign.c, I call it like this:
>PEM_read_PrivateKey(fp, NULL, pass_cb, password);
>
>it crashes complaining about memory access.
>
>Has anyone make it work on Windows ? Is there any other way of loading=
a
>Private Key from a file (into a EVP obj) ?
>
>Thank you,
>roberto.
>
=