> Alexander op de Weegh wrote:
> 
> Hi all,
> if I use the following code to generate a PKCS#7 signed and enveloped
> message, I think the message created is not valid.
> 
> X509 *signer, *recipient;
> RSA *signkey;
> p7 = PKCS7_new();
> PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped);
> PKCS7_add_certificate(p7, signer);
> pkey = EVP_PKEY_new();
> EVP_PKEY_assign_RSA(pkey, signkey);
> si = PKCS7_add_signature(p7, signer, pkey, EVP_md5());
> ri = PKCS7_add_recipient(p7, recipient);
> PKCS7_set_cipher(p7, EVP_des_ede3_cbc());
> p7bio = PKCS7_dataInit(p7, NULL);
> BIO_write(data, datalen);
> PKCS7_dataFinal(p7, p7bio);
> What happens? The data is not automatically padded by the PKCS7
> functions. So, I have to do it myself. But if I do, the padding is
> included in the signature generation process, which must not be the
> case.
> 
> Is this a (known) bug?
> 

Signed and enveloped data hasn't been tested much and its isn't used all
that often either. Most browser encapsualted a signed message inside an
encrypted one.

Anyway try calling BIO_flush(data); after the BIO_write(), cipher BIOs
need the flush to indicate EOF.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to