000011853 - R_PKEY_from_bio or R_PKEY_from_file fails when reading an encrypted key

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011853
Applies To

RSA BSAFE MES 

RSA BSAFE Crypto-C ME

IssueFailure when reading an encrypted key using R_PKEY_from_bio or R_PKEY_from_file. The issue is seen with the MES library for win32vc8, but not win32
CauseThe default password reader from terminal uses a routine pushsig which attempts to establish a signal handler for signal numbers 1-32. On the current runtime for Visual studio 2005, this will do an abort in the "signal" implementation with a comment that this is an illegal signal number.
Resolution

Workarounds:

1. A call-back function can be set to obtain the password using the R_passwd_set_cb() API.

int R_passwd_set_cb ( R_PASSWD_CB_T * cb ) Sets the password callback function.

Parameters: cb [In] The password callback function.

Refer sample cert\frombuf.c (which is included in both binary release and source code release). This sample uses R_passwd_set_cb() to replace the default password callback.

2. Or use R_passwd_stdin_cb() which is provided by MES.

R_passwd_stdin_cb obtains a password from standard input. The prompt string is written to standard error and the password string is read from standard input. If the callback must verify the password, it writes a verification prompt and reads the password string again. If the password cannot be verified, then up to two more attempts are made to accept a verified password.

 

NotesAn example for the workaround can also be found in the "pem.c" file which is provided in the MES 3.2 source release (./CRYPTOCME/common/module/pem/unittest/pem.c).
Legacy Article IDa49236

Attachments

    Outcomes