> Alexander op de Weegh wrote: > > Hi all, > if I use the following code to generate a PKCS#7 signed and enveloped > message, I think the message created is not valid. > > X509 *signer, *recipient; > RSA *signkey; > p7 = PKCS7_new(); > PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped); > PKCS7_add_certificate(p7, signer); > pkey = EVP_PKEY_new(); > EVP_PKEY_assign_RSA(pkey, signkey); > si = PKCS7_add_signature(p7, signer, pkey, EVP_md5()); > ri = PKCS7_add_recipient(p7, recipient); > PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); > p7bio = PKCS7_dataInit(p7, NULL); > BIO_write(data, datalen); > PKCS7_dataFinal(p7, p7bio); > What happens? The data is not automatically padded by the PKCS7 > functions. So, I have to do it myself. But if I do, the padding is > included in the signature generation process, which must not be the > case. > > Is this a (known) bug? > Signed and enveloped data hasn't been tested much and its isn't used all that often either. Most browser encapsualted a signed message inside an encrypted one. Anyway try calling BIO_flush(data); after the BIO_write(), cipher BIOs need the flush to indicate EOF. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]