EldoS | Feel safer!

Software components for data protection, secure storage and transfer

LoadFromFileAuto Error 20489 under Linux

Posted: 07/30/2013 09:51:14
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

I am converting a Delphi application so that it can also compile with FreePascal and work in Linux.

I have the following code where Cert is a TElX509Certificate and CertFile and Password are set to a .p12 file and corresponsing password.

Cert := TElX509Certificate.Create(nil);
  iRes := Cert.LoadFromFileAuto(CertFile, Password);

It runs fine in Windows (Delphi and FreePascal), the certificate is loaded and iRes = 0.

When running the same code in Linux the certificate is not loaded and iRes = 20489.
When I examine the certificate in Linux with openssl it works just fine.

What can be the reason that this does not work in Linux?
Posted: 07/30/2013 13:21:22
by Ken Ivanov (Team)

Hello Birger,

Could you please check if the same error is returned for the sample certificate from SecureBlackbox distribution (cert.pfx)?
Posted: 07/31/2013 03:41:07
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

The same result with cert.pfx and the corresponding password.
Posted: 07/31/2013 05:16:45
by Ken Ivanov (Team)

Thank you for checking. The most typical reason for such sort of problems is absence of SetLicenseKey() call. Could you please confirm that you are calling the SetLicenseKey() function and passing your license key there?
Posted: 07/31/2013 06:36:33
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

The licensekey has been set, when I debug I see that the CheckLicenseKey() function is passed.

I am debugging Linux and Windows side-by-side now and it seems something happens with string conversion, here is the stack trace that leads to the exception:

#0  0x08057956 in fpc_raiseexception ()
#1  0x080ca081 in STRTOWIDESTR (ASTR=0x0, result=0x0)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBStrUtils.pas:1465
#2  0x081d69b2 in TELPKCS12MESSAGE__DERIVEKEYFROMPASSWORD (PASSWORD=0x0, SALT=0xb7e01168 "h\307n\222<y\254\003",
    ID=1, HASHALGORITHM=-1210052448, ITERS=-1210052448, SIZE=-1210052448, USEEMPTYPASSBUGWORKAROUND=true (160),
    result=0x0) at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBPKCS12.pas:1216
#3  0x081d5dc7 in TELPKCS12MESSAGE__PROCESSSHROUDEDKEYBAG (TAG=0xb7db7ca0, this=<error reading variable>)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBPKCS12.pas:983
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBPKCS12.pas:845
#5  0x081d5142 in TELPKCS12MESSAGE__PROCESSSAFEBAGS (P=0xb7e0e208, SIZE=1334, this=<error reading variable>)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBPKCS12.pas:725
#6  0x081d4fee in TELPKCS12MESSAGE__PROCESSSAFECONTENTS (MES=0xb7de02e0)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBPKCS12.pas:683
    this=<error reading variable>) at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBPKCS12.pas:574
#8  0x081d4375 in TELPKCS12MESSAGE__LOADFROMBUFFER (BUFFER=0xb7e0b248, SIZE=2701, this=<error reading variable>)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBPKCS12.pas:466
#9  0x080a284b in TELX509CERTIFICATE__LOADFROMBUFFERPFX (BUFFER=0xb7e0b248, SIZE=2701, PASSWORD=0x0,
    this=<error reading variable>) at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBX509.pas:2095
#10 0x080a3ec2 in TELX509CERTIFICATE__DETECTCERTFILEFORMAT (BUFFER=0xb7e0b248, SIZE=2701, pvmt=0x8202be4)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBX509.pas:2650
#11 0x080a4769 in TELX509CERTIFICATE__LOADFROMBUFFERAUTO (BUFFER=0xb7e0b248, SIZE=2701,
    PASSWORD=0xb7dc7138 "password", this=<error reading variable>)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBX509.pas:2833
#12 0x080a4ac1 in TELX509CERTIFICATE__LOADFROMSTREAMAUTO (STREAM=0xb7e010a0, PASSWORD=0xb7dc7138 "password",
    COUNT=1) at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBX509.pas:2883
    FILENAME=0xb7df70c8 "/root/LocalSVN/trunk/projects/BOA/client/_bin-fpc/cert.pfx",
    PASSWORD=0xb7dc7138 "password", this=<error reading variable>)
    at /root/LocalSVN/trunk/3rdparty/SecureBlackbox/Sources/SBX509.pas:2908

There is no FStringConverter assigned and therefore StrToWideStr raises an exception and there is no result...
Posted: 07/31/2013 06:49:26
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 80

And there is no FSTringConverter assigned because it doesn't happen here:

  {$ifdef SB_PGPSFX_STUB}

Please change the ifdefs so that the correct converter is used! I added


to the project and now it works.
Posted: 07/31/2013 09:21:30
by Ken Ivanov (Team)


Thank you for pinpointing the problem for us. I've just checked the code and it looks like the issue has already been fixed. Version 11 should not expose the problem any more.

Thanks again for reporting the problem and sharing the solution with other users.



Topic viewed 1246 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!