Hello, For certain reasons I want to load the OpenSSL libraries at run-time (rather than at load-time). My application will specifically need to be able to load a PKCS#12 file, and fiddle around with the data in it.
The relevant code snippets follows (the code below is just exerts,
and parts where originally taken from apps/apps.c):
------------------------
typedef int (OPENSSLCALLCONV *pfnPKCS12_parse)(PKCS12 *p12, const char
*pass,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
typedef int (OPENSSLCALLCONV *pfnPKCS12_free)(PKCS12 *p12);
typedef int (OPENSSLCALLCONV *pfnPKCS12_verify_mac)(PKCS12 *p12,
const char *pass, int passlen);
typedef PKCS12 *(OPENSSLCALLCONV *pfnd2i_PKCS12_fp)(FILE *fp, PKCS12 **p12);
pfnPKCS12_parse pkcs12_parse = NULL;
pfnPKCS12_free pkcs12_free = NULL;
pfnPKCS12_verify_mac pkcs12_verify_mac = NULL;
pfnd2i_PKCS12_fp d2i_pkcs12_fp = NULL;
main()
{
int ret = 0;
void *lib = NULL;
char *error = NULL;
lib = dlopen(fname, RTLD_LAZY);
dlerror();
pkcs12_parse = (pfnPKCS12_parse)dlsym(lib, "PKCS12_parse");
pkcs12_free = (pfnPKCS12_free)dlsym(lib, "PKCS12_free");
pkcs12_verify_mac = (pfnPKCS12_verify_mac)dlsym(lib,
"PKCS12_verify_mac");
d2i_pkcs12_fp = (pfnd2i_PKCS12_fp)dlsym(lib, "d2i_PKCS12_fp");
fpp12file = fopen(p12file, "rb");
if(fpp12file == NULL)
{
printf("Error: Unable to fopen(\"%s\")\n", p12file);
return 1;
}
load_pkcs12(fpp12file, "P12 test #1", p12password, NULL, NULL, NULL);
return 0;
}
int load_pkcs12(FILE *fp, const char *desc, const char *passwd,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{
int len, ret = 0;
PKCS12 *p12;
p12 = d2i_pkcs12_fp(fp, NULL);
if(p12 == NULL)
{
printf("Error: Unable to load PKCS12 file for \"%s\"\n", desc);
goto die;
}
/* See if an empty password will do */
if(pkcs12_verify_mac(p12, "", 0) || pkcs12_verify_mac(p12, NULL, 0))
{
pass = "";
}
else
{
len = strlen(passwd);
if(!pkcs12_verify_mac(p12, passwd, len))
{
printf("Mac verify error (wrong password?) in PKCS12 "
"file for %s\n", desc);
goto die;
}
pass = tpass;
}
ret = pkcs12_parse(p12, pass, pkey, cert, ca);
die:
if(p12)
pkcs12_free(p12);
return ret;
}
------------------------
I get the "Mac verify error (wrong password? ..." error.
My initial guess was that I need to initialize the library in some
manner before I can call functions which perform the verification. A
quick search led me to
http://www.ibm.com/developerworks/linux/library/l-openssl.html, which
stipulates:
``/* Initializing OpenSSL */
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();''
I nm'd my /usr/lib/libcrypto.so, but it doesn't appear to contain any
entry for OpenSSL_add_all_algorithms. It does however have:
000000000009be20 T OpenSSL_add_all_ciphers
000000000009bc90 T OpenSSL_add_all_digests
But I'm beginning to feel that I might be chasing the wrong end here.
Can anyone find an immediate problem with how I'm using the PKCS#12
functions?
--
Kind regards,
Jan Danielsson
signature.asc
Description: OpenPGP digital signature
