Problem decrypting a pkcs7 structure
Hi,
I am trying to decrypt some data in a pkcs7 env structure. The problem comes
when I try to use the PKCS7_decrypt (I guess the problem to be in
PKCS_dataDecode that is actually called -- see pk7_doit.c and pk7_smime.c).
If I use a loaded normal certificate everything is fine, but when I try
to use a fake X509 structure where I store only the cert_info-issuer
and cert_info-serialNumber data (the only one that should be accessed
in the used when decrypting) I get a core dump.
Here it is the code:
if( (foo_cert = X509_new()) == NULL ) {
// Memory error...
} else {
char buffer[1024];
foo_cert-cert_info-issuer =
rinfo-ias-issuer;
foo_cert-cert_info-serialNumber =
rinfo-ias-serial;
}
bio = BIO_new(BIO_s_mem());
if (PKCS7_decrypt(p7, pkey, foo_cert, bio, 0) == 0) {
BIO_printf(bio_err, %s:%d: decryption failed\n, __FILE__,
__LINE__);
goto err;
}
Where am I wrong ? Is there a function for decrypting a pkcs7 structure
that does not require a (X509 *) [virtually useless, if not for cecking
against the recipient info, I guess] ?
--
C'you,
Massimiliano Pala
--o-
Massimiliano Pala [OpenCA Project Manager][EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.orgTel.: +39 (0)59 270 094
http://openca.sourceforge.netMobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
Re: [openssl.org #323] Bug in authorityKeyIdentifier extension?
Frédéric Giudicelli via RT wrote: Well Microsoft support tells me it's openssl's fault, and you tell me it's microsoft's ? It's dead end, what am I supposed to tell my clients ? Well... altough PKIX recommends the use of the authorityKeyId, and that the French Government says you must to have this extension, to be certified, I'll have to remove this extension ? No, I agree with Richard's opionion, and I guess it is the only one that makes sense... anyway M$ has been often reported to not follow the standards nevertheless what they where saying about it. My suggestion, do things in the right way. -- C'you, Massimiliano Pala --o- Massimiliano Pala [OpenCA Project Manager][EMAIL PROTECTED] [EMAIL PROTECTED] http://www.openca.orgTel.: +39 (0)59 270 094 http://openca.sourceforge.netMobile: +39 (0)347 7222 365 smime.p7s Description: S/MIME Cryptographic Signature
Re: Problem decrypting a pkcs7 structure
Hi all,
I am replying myself... this seems like a sign I have to stop working
late at night... anyway... here it comes the real message...
Massimiliano Pala wrote:
Hi,
I am trying to decrypt some data in a pkcs7 env structure. The problem
comes
when I try to use the PKCS7_decrypt (I guess the problem to be in
PKCS_dataDecode that is actually called -- see pk7_doit.c and pk7_smime.c).
If I use a loaded normal certificate everything is fine, but when I try
to use a fake X509 structure where I store only the cert_info-issuer
and cert_info-serialNumber data (the only one that should be accessed
in the used when decrypting) I get a core dump.
Here it is the code:
if( (foo_cert = X509_new()) == NULL ) {
// Memory error...
} else {
char buffer[1024];
foo_cert-cert_info-issuer =
rinfo-ias-issuer;
foo_cert-cert_info-serialNumber =
rinfo-ias-serial;
}
bio = BIO_new(BIO_s_mem());
if (PKCS7_decrypt(p7, pkey, foo_cert, bio, 0) == 0) {
BIO_printf(bio_err, %s:%d: decryption failed\n, __FILE__,
__LINE__);
goto err;
}
Where am I wrong ? Is there a function for decrypting a pkcs7 structure
that does not require a (X509 *) [virtually useless, if not for cecking
against the recipient info, I guess] ?
Still I don't know where and why, but it seems that in the fake X509
there should be a pkey, so I made with the one I had... :-D this code
fixes the problem (after the X509_new()), but if you know why the old
one was not working, please let me know ...
X509_set_issuer_name(foo_cert,rinfo-ias-issuer);
X509_set_subject_name(foo_cert,rinfo-ias-issuer);
X509_set_serialNumber(foo_cert,rinfo-ias-serial);
// X509_gmtime_adj(X509_get_notBefore(foo_cert),0);
// X509_gmtime_adj(X509_get_notAfter(foo_cert), 1L );
X509_set_pubkey(foo_cert, pkey);
--
C'you,
Massimiliano Pala
--o-
Massimiliano Pala [OpenCA Project Manager][EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.orgTel.: +39 (0)59 270 094
http://openca.sourceforge.netMobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
