Hi all,
i have a problem with the PKCS12_gen_mac() which is called from within
PKCS12_verify_mac().
I've a function which extracts the private key from a PKCS#12 file. If I
call it once all is fine, but if I call it twice (with the same or another
PKCS#12 file) the second run fails calling PKCS12_verify_mac().
Thanks in advance for any replies!
Yours friendly,
Stefan Richter
--
The function for extracting the private key:
long ExtractPrivateKeyFromPkcs12(char *lpszPkcs12In, char *mpass, char
**lppszPrivateKeyOut, int *lpPrivateKeyOutLen)
{
long status = 0;
BIO *in = NULL;
PKCS12 *p12 = NULL;
STACK *asafes, *bags;
PKCS12_SAFEBAG *bag;
int i, ii, bagnid;
int passlen=-1;
PKCS7 *p7;
PKCS8_PRIV_KEY_INFO *p8;
apps_startup();
in = BIO_new_file(lpszPkcs12In, "rb");
if (!in) {
BIO_printf(bio_err, "Error opening input file %s\n", lpszPkcs12In ?
lpszPkcs12In : "<stdin>");
perror(lpszPkcs12In);
return -1;
}
if (enc == NULL)
enc = EVP_des_ede3_cbc();
if (!(p12 = d2i_PKCS12_bio(in, NULL))) {
ERR_print_errors(bio_err);
return -1;
}
if (!PKCS12_verify_mac (p12, mpass, -1)) {
BIO_printf(bio_err, "Mac verify error: invalid password?\n");
ERR_print_errors(bio_err);
return -1;
}
else
BIO_printf(bio_err, "MAC verified OK\n");
if (!(asafes = M_PKCS12_unpack_authsafes (p12)))
return 0;
for (i = 0; i < sk_num (asafes); i++) {
p7 = (PKCS7 *)sk_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data)
bags = M_PKCS12_unpack_p7data (p7);
else
if (bagnid == NID_pkcs7_encrypted)
bags = M_PKCS12_unpack_p7encdata(p7, mpass, passlen);
else
continue;
if (!bags)
return 0;
for (ii = 0; ii < sk_num (bags); ii++) {
bag = (PKCS12_SAFEBAG *)sk_value(bags, ii);
if (M_PKCS12_bag_type(bag) == NID_keyBag) {
p8 = bag->value.keybag;
if (lppszPrivateKeyOut && lpPrivateKeyOutLen) {
*lpPrivateKeyOutLen = (*(((*((*p8).pkey)).value).asn1_string)).length;
*lppszPrivateKeyOut = (char *) calloc(1, *lpPrivateKeyOutLen);
memcpy(*lppszPrivateKeyOut,
(*(((*((*p8).pkey)).value).asn1_string)).data, *lpPrivateKeyOutLen);
}
}
else
if (M_PKCS12_bag_type(bag) == NID_pkcs8ShroudedKeyBag){
if (!(p8 = M_PKCS12_decrypt_skey(bag, mpass, passlen)))
return 0;
if (lppszPrivateKeyOut && lpPrivateKeyOutLen) {
*lpPrivateKeyOutLen = (*(((*((*p8).pkey)).value).asn1_string)).length;
*lppszPrivateKeyOut = (char *)calloc(1, *lpPrivateKeyOutLen);
memcpy(*lppszPrivateKeyOut,
(*(((*((*p8).pkey)).value).asn1_string)).data, *lpPrivateKeyOutLen);
}
PKCS8_PRIV_KEY_INFO_free(p8);
}
}
}
sk_pop_free(bags, (void(__cdecl*)(void*))PKCS12_SAFEBAG_free);
sk_pop_free(asafes, (void(__cdecl*)(void*))PKCS7_free);
BIO_free(in);
PKCS12_free(p12);
EVP_cleanup();
return(status);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
