On Fri, Oct 25, 2002, Marco Donati wrote: > Well... the application is actually an intermediate library, so every >''cryptographic'' operation is enclosed between > OpenSSL_add_all_algorithms()...EVP_cleanup() calls. > > There are no OpenSSL_add_all_algorithms() calls without the final EVP_cleanup() and >vice versa, there are no EVP_cleanup() calls without the initial >OpenSSL_add_all_algorithms(). > > Are you saying that this is not enough and that the library should call >OpenSSL_add_all_algorithms()...EVP_cleanup() only ONCE ? > This could be not straightforward.... >
Well let me explain a bit... OpenSSL has an internal global table of supported algorithms (digests and ciphers). Certain operations such as PKCS12_parse() lookup digests and ciphers from this table so if it can't find one it gives the error you are seeing. Now addding and removing all ciphers whenever you use an OpenSSL command is not really recommended, it will repeatedly rebuild the table and it is not thread safe. One thread could access a partially complete table. So ideally you should only build the table in a single threaded context before calling any OpenSSL functions and clean it up only after no further calls will be made. However one added complication is that a change was made to OpenSSL 0.9.6g which avoids a problem of duplicate calls to OpenSSL_add_all_algorithms() creating duplicate table entries by only making the first call work. This has a problem because EVP_cleanup() doesn't reset the flag so effectively only the first call to OpenSSL_add_all_algorithms() works. This isn't what earlier 0.9.6X did and this will be fixed for 0.9.6h. You can get the old baheviour by deleting the relevant lines from OpenSSL_add_all_ciphers() and OpenSSL_add_all_digest(). Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]