RE: PEM_read_PrivateKey

Dave Thompson Mon, 29 Oct 2012 14:28:08 -0700

> From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
> Sent: Monday, 29 October, 2012 16:20


> The problem I've got is quite simple. The callback I pass 
> throught this
> function is not called. <snip>
> Someone could please help me figure out why? I've wrote as 
> OpenSSL page
> tells. Am I doing something wrong? Is thera a best way for 
> doing this? 
> 
What page is that? Your posted code is quite unlike any 
OpenSSL example (or actual) code I've seen.

<snip>
> EVP_PKEY *pkey;
> BIO *bio;
> 
There's no reason (this) bio variable should be global,  
and pkey maybe not.

> typedef struct pw_cb_data
> {
>     const void *password;
>     const char *prompt_info;
> } PW_CB_DATA;
> 
> static int rsa_cb(char *buf, int size, int rwflag, void *u)
> {
>     int len;
>     PW_CB_DATA *cb_data = (PW_CB_DATA *)u;
>     
>     //Programm doesn't enter here!!
>     len = strlen((char *)cb_data->password);
> 
>     if (len <= 0)
>         return 0;
> 
>     /* if too long, truncate */
>     if (len > size)
>         len = size;
> 
>     memcpy(buf, cb_data->password, len);
> 
>     return len;
> }
> 
Using a callback to set a caller-supplied C-style string is 
a waste of time. You can _read*PrivateKey(,,NULL,password).

> int main()
> {
>     PW_CB_DATA cb_data; 
>     int ret = 1;
> 
> (...)
>     memcpy(&kprPath[0],"path_to_Kpr",pathlen);
>     kprPath[pathlen] = '\0';
> 
>     memcpy(&kprPath[0],"Kpr_password",passlen);
>     kprPath[passlen] = '\0';
> 
>     if (ret)
>         bio = BIO_new(BIO_s_file());
> 
>     if (bio == NULL)
>         ret = 0;
> 
>     if (ret && !BIO_read_filename(bio,&kprPath[0]))
>         ret = 0;
> 
The code above set kprPath to "Kpr_password" 
which I doubt is the correct filename.

>     cb_data.password = &passwd[0];
>     cb_data.prompt_info = &kprPath[0];
> 
It might be the correct "prompt", but 
your callback doesn't use the .prompt_info .
It does use .password, and your code doesn't 
set .password to anything valid at all.

>     if (ret)
>         
> pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb,
> &cb_data); 
>     
>     if (pkey != NULL)
>         ret = 0;
> 
If pretty much any OpenSSL routine returns an error indicateion, 
and here read*PrivateKey == NULL is an error indication, you should 
look at the error queue: http://www.openssl.org/support/faq.html#PROG6
I bet you'll see that you didn't give it the correct filename.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

RE: PEM_read_PrivateKey

Reply via email to