Re: Problem calling PKCS12_gen_mac() twice

Wed, 11 Sep 2002 06:26:50 -0700 

I've the same problem if I try to get the private key using the source of
pkread.c. If I call it twice in a row it hangs at PKCS12_parse(p12,
password, &pkey, &cert, &ca).
The resulting error output:

Error parsing PKCS#12 file
1268:error:2306B076:PKCS12 routines:PKCS12_gen_mac:unknown digest
algorithm:.\crypto\pkcs12\p12_mutl.c:80:
1268:error:2307E06D:PKCS12 routines:VERIFY_MAC:mac generation
error:.\crypto\pkcs12\p12_mutl.c:105:
1268:error:23076071:PKCS12 routines:PKCS12_parse:mac verify
failure:.\crypto\pkcs12\p12_kiss.c:121:

I have no idea what else to try. What is the problem with that MAC
verification? What can I do to avoid this problem? Or maybe anyone have any
other idea to multiple read private keys from .p12 files?

Thanks in advance for any replies!

Yours friendly,
Stefan Richter

--
int CKeyStore::PKCS12Read(char *p12file, char *password, char *opfile)
{
 FILE *fp;
 EVP_PKEY *pkey;
 X509 *cert;
 STACK_OF(X509) *ca = NULL;
 PKCS12 *p12;
 int i;

 SSLeay_add_all_algorithms();
 ERR_load_crypto_strings();
 if (!(fp = fopen(p12file, "rb"))) {
  fprintf(stderr, "Error opening file %s\n", p12file);
  return -1;
 }
 p12 = d2i_PKCS12_fp(fp, NULL);
 fclose (fp);
 if (!p12) {
  fprintf(stderr, "Error reading PKCS#12 file\n");
  ERR_print_errors_fp(stderr);
  return -1;
 }
 if (!PKCS12_parse(p12, password, &pkey, &cert, &ca)) {
  fprintf(stderr, "Error parsing PKCS#12 file\n");
  ERR_print_errors_fp(stderr);
  return -1;
 }
 PKCS12_free(p12);
 if (!(fp = fopen(opfile, "w"))) {
  fprintf(stderr, "Error opening file %s\n", p12file);
  return -1;
 }
 if (pkey) {
  fprintf(fp, "***Private Key***\n");
  PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
 }
 if (cert) {
  fprintf(fp, "***User Certificate***\n");
  PEM_write_X509_AUX(fp, cert);
 }
 if (ca && sk_num(ca)) {
  fprintf(fp, "***Other Certificates***\n");
  for (i = 0; i < sk_X509_num(ca); i++)
      PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
 }
 fclose(fp);
 return 0;
}

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to