Problem decrypting a pkcs7 structure
Hi, I am trying to decrypt some data in a pkcs7 env structure. The problem comes when I try to use the PKCS7_decrypt (I guess the problem to be in PKCS_dataDecode that is actually called -- see pk7_doit.c and pk7_smime.c). If I use a loaded normal certificate everything is fine, but when I try to use a fake X509 structure where I store only the cert_info-issuer and cert_info-serialNumber data (the only one that should be accessed in the used when decrypting) I get a core dump. Here it is the code: if( (foo_cert = X509_new()) == NULL ) { // Memory error... } else { char buffer[1024]; foo_cert-cert_info-issuer = rinfo-ias-issuer; foo_cert-cert_info-serialNumber = rinfo-ias-serial; } bio = BIO_new(BIO_s_mem()); if (PKCS7_decrypt(p7, pkey, foo_cert, bio, 0) == 0) { BIO_printf(bio_err, %s:%d: decryption failed\n, __FILE__, __LINE__); goto err; } Where am I wrong ? Is there a function for decrypting a pkcs7 structure that does not require a (X509 *) [virtually useless, if not for cecking against the recipient info, I guess] ? -- C'you, Massimiliano Pala --o- Massimiliano Pala [OpenCA Project Manager][EMAIL PROTECTED] [EMAIL PROTECTED] http://www.openca.orgTel.: +39 (0)59 270 094 http://openca.sourceforge.netMobile: +39 (0)347 7222 365 smime.p7s Description: S/MIME Cryptographic Signature
Re: [openssl.org #323] Bug in authorityKeyIdentifier extension?
Frédéric Giudicelli via RT wrote: Well Microsoft support tells me it's openssl's fault, and you tell me it's microsoft's ? It's dead end, what am I supposed to tell my clients ? Well... altough PKIX recommends the use of the authorityKeyId, and that the French Government says you must to have this extension, to be certified, I'll have to remove this extension ? No, I agree with Richard's opionion, and I guess it is the only one that makes sense... anyway M$ has been often reported to not follow the standards nevertheless what they where saying about it. My suggestion, do things in the right way. -- C'you, Massimiliano Pala --o- Massimiliano Pala [OpenCA Project Manager][EMAIL PROTECTED] [EMAIL PROTECTED] http://www.openca.orgTel.: +39 (0)59 270 094 http://openca.sourceforge.netMobile: +39 (0)347 7222 365 smime.p7s Description: S/MIME Cryptographic Signature
Re: Problem decrypting a pkcs7 structure
Hi all, I am replying myself... this seems like a sign I have to stop working late at night... anyway... here it comes the real message... Massimiliano Pala wrote: Hi, I am trying to decrypt some data in a pkcs7 env structure. The problem comes when I try to use the PKCS7_decrypt (I guess the problem to be in PKCS_dataDecode that is actually called -- see pk7_doit.c and pk7_smime.c). If I use a loaded normal certificate everything is fine, but when I try to use a fake X509 structure where I store only the cert_info-issuer and cert_info-serialNumber data (the only one that should be accessed in the used when decrypting) I get a core dump. Here it is the code: if( (foo_cert = X509_new()) == NULL ) { // Memory error... } else { char buffer[1024]; foo_cert-cert_info-issuer = rinfo-ias-issuer; foo_cert-cert_info-serialNumber = rinfo-ias-serial; } bio = BIO_new(BIO_s_mem()); if (PKCS7_decrypt(p7, pkey, foo_cert, bio, 0) == 0) { BIO_printf(bio_err, %s:%d: decryption failed\n, __FILE__, __LINE__); goto err; } Where am I wrong ? Is there a function for decrypting a pkcs7 structure that does not require a (X509 *) [virtually useless, if not for cecking against the recipient info, I guess] ? Still I don't know where and why, but it seems that in the fake X509 there should be a pkey, so I made with the one I had... :-D this code fixes the problem (after the X509_new()), but if you know why the old one was not working, please let me know ... X509_set_issuer_name(foo_cert,rinfo-ias-issuer); X509_set_subject_name(foo_cert,rinfo-ias-issuer); X509_set_serialNumber(foo_cert,rinfo-ias-serial); // X509_gmtime_adj(X509_get_notBefore(foo_cert),0); // X509_gmtime_adj(X509_get_notAfter(foo_cert), 1L ); X509_set_pubkey(foo_cert, pkey); -- C'you, Massimiliano Pala --o- Massimiliano Pala [OpenCA Project Manager][EMAIL PROTECTED] [EMAIL PROTECTED] http://www.openca.orgTel.: +39 (0)59 270 094 http://openca.sourceforge.netMobile: +39 (0)347 7222 365 smime.p7s Description: S/MIME Cryptographic Signature