On Sun, Nov 03, 2002 at 01:56:31AM +0100, Massimiliano Pala wrote:
> Hi,
>
> I am trying to decrypt some data in a pkcs7 env structure. The problem comes
> when I try to use the PKCS7_decrypt (I guess the problem to be in
> PKCS_dataDecode that is actually called -- see pk7_doit.c and pk7_smime.c).
>
> If I use a loaded "normal" certificate everything is fine, but when I try
> to use a "fake" X509 structure where I store only the cert_info->issuer
> and cert_info->serialNumber data (the only one that should be accessed
> in the used when decrypting) I get a core dump.
>
> Here it is the code:
>
> if( (foo_cert = X509_new()) == NULL ) {
> // Memory error...
> } else {
> char buffer[1024];
>
> foo_cert->cert_info->issuer =
> rinfo->ias->issuer;
> foo_cert->cert_info->serialNumber =
> rinfo->ias->serial;
> }
>
> bio = BIO_new(BIO_s_mem());
> if (PKCS7_decrypt(p7, pkey, foo_cert, bio, 0) == 0) {
> BIO_printf(bio_err, "%s:%d: decryption failed\n", __FILE__,
> __LINE__);
> goto err;
> }
>
> Where am I wrong ? Is there a function for decrypting a pkcs7 structure
> that does not require a (X509 *) [virtually useless, if not for cecking
> against the recipient info, I guess] ?
It's easy to see PKCS7_decrypt() does X509_check_private_key(certificate, key)
and then PKCS7_dataDecode()
One could also read PKCS7_dataDecode() source to see "decryption certificate"
will only be used to match issuer and serial number with that of each
"recipient info" from enveloped data, so your code should work fine
with PKCS7_decrypt() replaced
good luck,
Vadim
--
Naina library: http://www.unity.net/~vf/naina_r1.tgz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
