Well... the application is actually an intermediate library, so every
''cryptographic'' operation is enclosed between
OpenSSL_add_all_algorithms()...EVP_cleanup() calls.
There are no OpenSSL_add_all_algorithms() calls without the final EVP_cleanup() and
vice versa, there are no EVP_cleanup() calls without the initial
OpenSSL_add_all_algorithms().
Are you saying that this is not enough and that the library should call
OpenSSL_add_all_algorithms()...EVP_cleanup() only ONCE ?
This could be not straightforward
Thanks in advance
-Messaggio originale-
Da: Dr. Stephen Henson [mailto:steve;openssl.org]
Inviato: mercoledì 23 ottobre 2002 18.14
A: [EMAIL PROTECTED]
Oggetto: Re: PKCS12_parse problem
On Wed, Oct 23, 2002, Marco Donati wrote:
Adding OpenSSL_add_all_ciphers() or
OpenSSL_add_all_digests() doesn't help.
If we comment out the OpenSSL_add_all_algorithms() call, we
get the ''correct'' error:
5257:error:2306B076:PKCS12 routines:PKCS12_gen_mac:unknown
digest algorithm:p12_mutl.c:80:
5257:error:2307E06D:PKCS12 routines:VERIFY_MAC:mac
generation error:p12_mutl.c:105:
5257:error:23076071:PKCS12 routines:PKCS12_parse:mac verify
failure:p12_kiss.c:121:
If we put the OpenSSL_add_all_algorithms() back in the code
we get the ''unexplained'' error:
5637:error:2306B076:lib(35):func(107):reason(118):p12_mutl.c:80:
5637:error:2307E06D:lib(35):func(126):reason(109):p12_mutl.c:105:
5637:error:23076071:lib(35):func(118):reason(113):p12_kiss.c:121:
Let me underline again some facts:
1) the first call to PKCS12_parse is ok
2) the PKCS12_parse calls starting from the second reports
the error above
3) if we restart the application we have the same behavior
(first call OK, then errors)
4) the error happens only with OpenSSL 0.9.6g, NOT with
OpenSSL 0.9.6c (we haven't tried intermediate versions)
5) with openSSL 0.9.6g we get ''similar'' (related?) error
in calls like
Are you calling EVP_cleanup() in between calls?
You should really only call OpenSSL_add_all_algorithms() once
on application
startup and EVP_cleanup() when it shuts down.
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]