Antwort: Re: [xmlsec] XMLsec: Crash on WinNT in Keysmngr.c [Virus checked]

Hans-Juergen.Heinrich at de.gi-de.com Hans-Juergen.Heinrich at de.gi-de.com
Tue May 21 00:54:16 PDT 2002 

Yes, it definitely is a bug in OpenSSL (WinNT only, where it doesn't seem
to be tested
frequently). I use version engine-0.9.6d, but the bug also appears in other
versions.
As can be seen from the OpenSSL mailing list, others also had this problem;
I
cannot exclude the possibility that it could have to do with different
runtime libraries,
but it seems improbable. Did you get it to work on WinNT?

Originally my proposal would have been to change the code in keysmngr.c
according
to the workaround below, but at the first trial it looks like this doesn't
work either.

Regards,
Hans-Juergen



                                                                                        
                    Aleksey Sanin                                                       
                    <aleksey at alek        An:     Hans-Juergen.Heinrich at de.gi-de.com     
                    sey.com>             Kopie:  xmlsec at aleksey.com                     
                                         Thema:  Re: [xmlsec] XMLsec: Crash on WinNT in 
                    17.05.02             Keysmngr.c  [Virus checked]                    
                    17:56                                                               
                                                                                        
                                                                                        




Well, this looks as a bug in the OpenSSL. Which version do you use?
There is also a know problem with mixing different C runtime libraries
on Windows
(debug/multithread-debug/opt/multithread-opt/opt-dll/multithread-opt-dll).
You MUST have everything compiled using the same mode.
Do you have problems with xmlsec.exe application compiled using
makefiles from win32/ folder?

Thanks,

Aleksey.

Hans-Juergen.Heinrich at de.gi-de.com wrote:

>Dear author,
>
>Here's a problem occurring in XMLsec on WinNT, but there is also
>a solution :-)
>When calling the procedure PEM_read_PrivateKey in Keysmngr.c, the
>program will crash.
>Anyway, this problem is already well-known in the OpenSSL mailing list,
>where a solution was provided (I did not yet try it, however!). See the
>attachment containing this mail.
>
>I just wanted to report it so that you can update the XMLsec software.
>
>Best regards,
>Hans-Jürgen Heinrich
>
>----------------------------------
>Dr. Hans-Jürgen Heinrich
>System engineer, 4TE3
>Giesecke & Devrient GmbH, Truderinger Straße 15, D-81607 München
>Phone:  +49 89 4119-2625, FAX:     +49 89 4119-1629
>mailto:hans-juergen.heinrich at de.gi-de.com
>http://www.gieseckedevrient.com
>
>(See attached file: crash_solution.txt)
>It works fines:
>
>  EVP_PKEY *key;
>  BIO *bio;
>  char *file;
>  //Init file with the appropriate path to the private key file.
>  char *password;
>  //Init the password.
>
>  bio = BIO_new( BIO_s_file() );
>  BIO_read_filename( bio, file );
>  key  = PEM_read_bio_PrivateKey( bio, NULL, NULL, password );
>
>Note that I am not providing a password callback and that I am using the
>bio
>version of the PEM_read_PrivateKey.
>I hope it helps.
>
>Marc-Andre
>
>-----Original Message-----
>From: Roberto Rodrigues - McLean [mailto:Roberto.Rodrigues at Spacenet.com]
>Sent: Friday, April 26, 2002 4:55 PM
>To: 'openssl-users at openssl.org'
>Subject: PEM_read_PrivateKey() wont work on Windows (visual)
>
>
>hi,
>
>I basically copied the code from sign.c, I call it like this:
>PEM_read_PrivateKey(fp, NULL, pass_cb, password);
>
>it crashes complaining about memory access.
>
>Has anyone make it work on Windows ? Is there any other way of loading a
>Private Key from a file (into a EVP obj) ?
>
>Thank you,
>roberto.KEY *key;
>  BIO *bio;
>  char *file;
>  //Init file with the appropriate path to the private key file.
>  char *password;
>  //Init the password.
>
>  bio = BIO_new( BIO_s_file() );
>  BIO_read_filename( bio, file );
>  key  = PEM_read_bio_PrivateKey( bio, NULL, NULL, password );
>
>Note that I am not providing a password callback and that I am using the
>bio
>version of the PEM_read_PrivateKey.
>I hope it helps.
>
>Marc-Andre
>
>-----Original Message-----
>From: Roberto Rodrigues - McLean [mailto:Roberto.Rodrigues at Spacenet.com]
>Sent: Friday, April 26, 2002 4:55 PM
>To: 'openssl-users at openssl.org'
>Subject: PEM_read_PrivateKey() wont work on Windows (visual)
>
>
>hi,
>
>I basically copied the code from sign.c, I call it like this:
>PEM_read_PrivateKey(fp, NULL, pass_cb, password);
>
>it crashes complaining about memory access.
>
>Has anyone make it work on Windows ? Is there any other way of loading a
>Private Key from a file (into a EVP obj) ?
>
>Thank you,
>roberto.
>

More information about the xmlsec mailing list