cURL / Mailing Lists / curl-library / Single Mail

curl-library

Cert issue with 64 bit build of libcurl on Windows

From: James Swift <james_at_3dengineer.com>
Date: Fri, 28 Sep 2012 11:42:10 +0200

Hi,

I have an issue which may possibly be better asked in the OpenSSL
mailing list but I'm not 100% sure.
This issue doesn't occur in a 32 bit compile of libcurl 7.27.0 but
does when running the same code in 64 bit.*

I'm using the curl easy api in my app but can reproduce the problem
with curl.exe

When I do something like this...

curl -G https://myserver.com --cacert path-to-pem-file

...in 64 bit builds I get the following error

error:04091068:rsa routines:INT_RSA_VERIFY:bad signature

as stated in 32 bit it's fine and the cert is accepted and the transfer occurs.

I've debugged this down to code in OpenSSL, more specifically in
libeay, the call to RSA_public_decrypt in rsa_sign.c line 199 where
after that on line 221 the memcmp fails as s and m are not the same.

No idea if this helps understand the problem but I also noticed that
every time the two buffers are the same up to s[15] and m[15]

I'm kind of stuck at this stage, I've tried to debug into
RSA_public_decrypt but I'm just not familiar with any of these inner
workings to know what to look for. I did however notice plenty of
warnings when compiling about conversions from __int64 to smaller
types and a possible loss of data in conversion but found none of them
in code called up to this point.

Any help here would be greatly appreciated.

James

*
Compiled curl 7.27.0 as instructed in the docs with the following options

 mode=static VC=10 WITH_SSL=dll WITH_ZLIB=static USE_IDN=no
ENABLE_WINSSL=no MACHINE=x64

openssl 1.0.1c with options

 perl Configure no-idea no-mdc2 no-rc5 VC-WIN64A

zlib 1.2.7 with options

 AS=ml64 LOC="-DASMV -DASMINF -I." OBJA="inffasx64.obj gvmat64.obj
inffas8664.obj"
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-09-28