Hello,
After digging some more I saw that the cause of the problem was that the
BIO callback function "b->method->bgets" that should have pointed to
file_gets actually pointed to BIO_new_fp which obviously crashed my
program. I don't know what caused this, but I can guess that this is
related to the special build required for OpenSSL 0.9.7 FIPS support
(using MSYS & GCC for the FIPS canister). This does not happen in 0.9.8.
I was able to find a workaround by using different API to load the
certificate, this code works:
bioCert = BIO_new(BIO_s_file());
if(bioCert == NULL) {
printf ("problem\n");
return;
}
if (BIO_read_filename(bioCert," CA.cer") <= 0)
{
printf ("problems\n");
}
hCert=PEM_read_bio_X509_AUX(bioCert,NULL,NULL, NULL);
Cheers,
Hagai.
________________________________
From: Hagai Yaffe
Sent: Thursday, December 04, 2008 11:08 PM
To: [email protected]
Subject: Crash when using FIPS OpenSSL
Hello,
I am working on using OpenSSL in FIPS mode in my application, I am using
OpenSSL 0.9.7m on windows. I have successfully built OpenSSL according
to the FIPS user guide, but on specific operation my application crashes
inside OpenSSL.
I have created a small program that demonstrates the problem, when
linked with regular OpenSSL build in works successfully, when working
with FIPS build OpenSSL (in FIPS mode or not) it crashes (in a call to
BIO_gets).
The certificate I am trying to read is a base 64 encoded CA certificate.
Any ideas on what is causing this? I can't seem to debug into the
BIO_gets command (I guess that this happens since it is in the FIPS
canister), any help would be great.
Thanks,
Hagai.
Program:
----------------
#include <stdio.h>
#include <windows.h>
#include <openssl/fips.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#define OPENSSL_FIPS
void main()
{
#ifdef _FIPS
if (!FIPS_mode_set(1))
{
fprintf(stderr,"*** Problem entering fips mode ***\n");
return;
}
else
{
fprintf(stderr,"*** IN FIPS MODE ***\n");
}
#endif
int iRc = 1;
BIO *bioCert = NULL;
FILE *hStoreFile;
X509 *hCert = NULL;
hStoreFile = fopen("CA.cer", "r");
// Create new BIO and set it to point our store file
bioCert = BIO_new(BIO_s_file());
if(bioCert == NULL) {
printf ("problem\n");
return;
}
iRc = BIO_set_fp(bioCert,hStoreFile, BIO_NOCLOSE);
if (iRc <= 0) {
printf ("problem\n");
}
hCert = (X509 *)PEM_read_bio_X509(bioCert, NULL, NULL, NULL);
}
Crash occurs at line: i=BIO_gets(bp,buf,254); (pem_lib.c:643)
> libeay32.dll!PEM_read_bio(bio_st * bp=0x0172acb8, char * *
name=0x0012d14c, char * * header=0x0012d148, unsigned char * *
data=0x0012d150, long * len=0x0012d158) Line 643 C
libeay32.dll!PEM_bytes_read_bio(unsigned char * *
pdata=0x0012d180, long * plen=0x0012d188, char * * pnm=0x00000000, const
char * name=0x0fbee77c, bio_st * bp=0x0172acb8, int (char *, int, int,
void *)* cb=0x00000000, void * u=0x00000000) Line 231 + 0x19 C
libeay32.dll!PEM_ASN1_read_bio(char * (void)* d2i=0x0fb3af70,
const char * name=0x0fbee77c, bio_st * bp=0x0172acb8, char * *
x=0x00000000, int (char *, int, int, void *)* cb=0x00000000, void *
u=0x00000000) Line 77 + 0x1f C
libeay32.dll!PEM_read_bio_X509(bio_st * bp=0x0172acb8, x509_st *
* x=0x00000000, int (char *, int, int, void *)* cb=0x00000000, void *
u=0x00000000) Line 68 + 0x22 C
