Hi,

I have also posted this issue in the OpenSSL mailing list but it
occurs down in the OpenSSL libraries and this is probably the place to
ask.

This issue doesn't occur in a 32 bit compile of OpenSSL 1.0.1c (with
libcurl 7.27.0) but
does when running the same code in 64 bit.*

When I do something like this...

curl -G https://myserver.com --cacert path-to-pem-file

...in 64 bit builds I get the following error

error:04091068:rsa routines:INT_RSA_VERIFY:bad signature

as stated in 32 bit it's fine and the cert is accepted and the transfer occurs.

I've debugged this down to code in OpenSSL, more specifically in
libeay, the call to RSA_public_decrypt in rsa_sign.c line 199 where
after that on line 221 the memcmp fails as s and m are not the same.

No idea if this helps understand the problem but I also noticed that
every time the two buffers are the same up to s[15] and m[15]

I'm kind of stuck at this stage, I've tried to debug into
RSA_public_decrypt but I'm just not familiar with any of these inner
workings to know what to look for. I did however notice plenty of
warnings when compiling about conversions from __int64 to smaller
types and a possible loss of data in conversion but found none of them
in code called up to this point.

Any help here would be greatly appreciated.

James

*
Compiled curl 7.27.0 as instructed in the docs with the following options

 mode=static VC=10 WITH_SSL=dll WITH_ZLIB=static USE_IDN=no
ENABLE_WINSSL=no MACHINE=x64

openssl 1.0.1c with options

 perl Configure no-idea no-mdc2 no-rc5 VC-WIN64A

zlib 1.2.7 with options

 AS=ml64 LOC="-DASMV -DASMINF -I." OBJA="inffasx64.obj gvmat64.obj
inffas8664.obj"
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to