Hey,
I found a strange behaviour in openssl. When I try to get private keys from
pfx - files in short time I've got sometimes an error form openssl.
To simulate this behaviour I wrote a short programme. Just to make it easier
this programme reads the same pfx - file in a for - loop, doing always the
same things. But it also works with different files.
I've got two different error, but not always!
Here ist the programme code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <iostream>
#include <fstream>
#include <string>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
using namespace std;
int main(int argc, char **argv )
{
try
{
if (argc != 2)
{
printf("Usage: openssltest file1 !\n");
return -1;
}
string filename = argv[1]; //pfx - file
for (int i = 0; i < 50; ++i)
{
ifstream *fd_in = new ifstream(filename.c_str(),
ios::in|ios::binary|ios::ate);
if (!fd_in->is_open())
{
printf("Error: Could not open file! \n");
return -1;
}
int len = fd_in->tellg();
char * text = new char [len + 1]; //
input from file
memset(text, 0x00, len + 1);
fd_in->seekg(0, ios::beg);
fd_in->read(text, len);
fd_in->close();
string password = "test"; //this is fixed
PKCS12 *aCert;
PKCS7 *p7;
PKCS12_SAFEBAG *bag;
STACK *asafes, *bags;
int i, bagnid;
unsigned int pwLen = password.size();
unsigned char * tempPKCS12;
X509 *x509;
char *buf;
char *pHelp;
char *pHelp1;
int nLength = 0;
char *szOwner;
SSLeay_add_all_algorithms();
if (!(aCert = PKCS12_new()))
{
printf("Error: Could not init PKCS12! \n");
return -1;
}
tempPKCS12 = (unsigned char *)malloc(len);
if (tempPKCS12 == NULL)
{
printf("Error: No Memory!\n");
return -1;
}
memset(tempPKCS12, 0x00, len);
memcpy(tempPKCS12, text, len);
//file content in unsigned char array
if(!(aCert= d2i_PKCS12(&aCert, (const unsigned
char**)&tempPKCS12, len)))
{
printf("Error: Error in d2i_PKCS12! \n");
return -1;
}
if (!PKCS12_verify_mac (aCert, password.c_str(),
-1))
{
printf("Error: in PKCS12_verify_mac! \n");
return -1;
}
if (!( asafes = M_PKCS12_unpack_authsafes (aCert)))
{
printf("Error: in
M_PKCS12_unpack_authsafes!\n");
return -1;
}
for (i = 0; i < sk_num (asafes); i++)
{
p7 = (PKCS7 *) sk_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data)
{
bags = M_PKCS12_unpack_p7data (p7);
}
else if (bagnid == NID_pkcs7_encrypted)
{
bags = M_PKCS12_unpack_p7encdata
(p7, password.c_str(), -1);
}
else
{
printf("bagnid: %d\n", bagnid);
}
if (!bags)
{
printf("Error: in bags!\n");
return -1;
}
}
}
}
catch(...)
{
printf("Exception in new!\n");
return -1;
}
return 0;
}
There are two possible errors:
1. Error: in PKCS12_verify_mac à Error in function PKCS12_verify_mac
2. Error: in bags! à Error in function M_PKCS12_unpack_p7encdata
Just to make it clear. This is always the same file. Sometimes it works for
the 50 calls and sometimes I've got one of these errors.
How could that be? Is something wrong in my programme code?
I found out that if the error occured it is always the same position.
For help I would be very thankful
Greeting
Pferdle
--
View this message in context:
http://www.nabble.com/Problem-with-Reading-private-key-form-pfx---key-file-tf3232707.html#a8982331
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
