Adding OpenSSL_add_all_ciphers() or OpenSSL_add_all_digests() doesn't help.
If we comment out the OpenSSL_add_all_algorithms() call, we get the ''correct'' error:
<<
5257:error:2306B076:PKCS12 routines:PKCS12_gen_mac:unknown digest
algorithm:p12_mutl.c:80:
5257:error:2307E06D:PKCS12 routines:VERIFY_MAC:mac generation error:p12_mutl.c:105:
5257:error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure:p12_kiss.c:121:
>>
If we put the OpenSSL_add_all_algorithms() back in the code we get the ''unexplained''
error:
<<
5637:error:2306B076:lib(35):func(107):reason(118):p12_mutl.c:80:
5637:error:2307E06D:lib(35):func(126):reason(109):p12_mutl.c:105:
5637:error:23076071:lib(35):func(118):reason(113):p12_kiss.c:121:
>>
Let me underline again some facts:
1) the first call to PKCS12_parse is ok
2) the PKCS12_parse calls starting from the second reports the error above
3) if we restart the application we have the same behavior (first call OK, then errors)
4) the error happens only with OpenSSL 0.9.6g, NOT with OpenSSL 0.9.6c (we haven't
tried intermediate versions)
5) with openSSL 0.9.6g we get ''similar'' (related?) error in calls like
''X509_verify(userCert,X509_extract_key(CACert))''
or
''X509_CRL_verify(crl,pubKey)''
that returned no error with the same files/data using OpenSSL 0.9.6c
Help! :-)
----- Original Message -----
Don't you also have to call
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
?
I had to. And I think there's a replacement in 0.9.7 IIRC.
----- Original Message -----
From: "Francesco Dal Bello" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 17, 2002 11:44 AM
Subject: R: PKCS12_parse problem
On Wed, Oct 16, 2002, Dr. Stephen Henson wrote:
> What error do you get (see FAQ)?
These are the errors reported:
21153:error:06074079:lib(6):func(116):reason(121):evp_pbe.c:89:TYPE=pbeWithS
HA1And3-KeyTripleDES-CBC
21153:error:23077073:lib(35):func(119):reason(115):p12_decr.c:82:
21153:error:2306A075:lib(35):func(106):reason(117):p12_decr.c:121:
21153:error:23076072:lib(35):func(118):reason(114):p12_kiss.c:127:
> Are you calling OpenSSL_add_all_algorithms() more than once?
My function is like the following:
int MyFunc()
{
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
...
if (!PKCS12_parse(p12, passphrase, &prkey, NULL,NULL)) {
error handling
ERR_print_error_fp(stderr);
}
...
EVP_cleanup();
}
The first call to this function is OK.
Subsequent calls cause the error above.
Thanks in advance.
Francesco.
-----Messaggio originale-----
Da: Dr. Stephen Henson [mailto:steve@;openssl.org]
Inviato: mercoledì 16 ottobre 2002 23.53
A: [EMAIL PROTECTED]
Oggetto: Re: PKCS12_parse problem
On Wed, Oct 16, 2002, Francesco Dal Bello wrote:
>
> Greetings.
>
> I recently re-compiled my application with OpenSSL 0.9.6g (it was
> previously linked with 0.9.6c).
>
> I have a problem with the ''PKCS12_parse'' function that I didn't have
> before (platform is Solaris 8).
>
> If my application calls ''PKCS12_parse'' more than once (at different
> moments, even distant in time) on the same PKCS#12, ONLY THE FIRST CALL
> SUCCEED.
> Calls after the first return 0.
>
> Since I'm only interested in extracting the private key, my call is
> like:
>
> if (!PKCS12_parse(p12, passphrase, &prkey, NULL,NULL))
> error handling
>
> This problem didn't happen with 0.9.6c.
>
> I'm quite sure that the p12 argument is a valid pointer to a PKCS#12
> structure because every time I :
>
> open the key file (abort if it fails),
>
> read the pkcs12 by means of d2i_PKCS12_fp (close file and abort if it
> fails)
>
> close the key file
>
> call the PKCS12_parse
>
>
> Any hint, FAQ or known problem?
>
What error do you get (see FAQ)?
Are you calling OpenSSL_add_all_algorithms() more than once?
I've seen this reported before but couldn't reproduce it myself.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Post a follow-up to this message
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
