Hi Steve, Thanks very much for the reply!
I am a bit new to OpenSSL and the release procedure. I did not build OpenSSL from source, I just downloaded the windows binary. Is it easy to upgrade to the snapshot? Is there an FAQ or instructions for this for Windows? Cheers, Simon. Simon McMahon Work: (07) 31311420 Mobile: (043) 2294180 >>> [EMAIL PROTECTED] 05/19/05 08:26pm >>> On Thu, May 19, 2005, Simon McMahon wrote: > Hi, > > There seems to be a very small limit on the size of data that can be handled. > > Using "OpenSSL 0.9.7f 22 March 2005" on windows. Don't know if this is > reproducible on Linux. > > I get the following result signing and encrypting a reasonably small file - > a.txt (~5K attached). > Note that the following commands work fine if the file (a.txt) is less than > 2,800 bytes long. > > File smmsg.smime is the result of the sign, then encrypt. > File temp_dv.smime is the result of the decrypt that is obviously corrupted. > The verify fails. > > I also tried it without the "-binary" on the sign. > > C:\>openssl rand -rand rand.dat -base64 128 1>rand2.dat > Loading 'screen' into random state - done > 4899 semi-random bytes loaded > > C:\>openssl smime -sign -in a.txt -signer fac_sign2.pem -out temp_se.smime > -passin pass:Pass-123 -nocerts -binary > Loading 'screen' into random state - done > > C:\>openssl smime -encrypt -rand rand.dat -in temp_se.smime -out semsg.smime > -from [EMAIL PROTECTED] -to [EMAIL PROTECTED] -aes128 fac_enc1.pem > Loading 'screen' into random state - done > 178 semi-random bytes loaded > > C:\>openssl smime -decrypt -in semsg.smime -out temp_dv.smime -recip > fac_enc1.pem -passin pass:Pass-123 > > C:\>openssl smime -verify -CAfile testHICca.pem -in temp_dv.smime -certfile > fac_sign2.pem -out result.hl7 > Error reading S/MIME message > 3252:error:2107A088:PKCS7 routines:SMIME_read_PKCS7:no multipart body > failure:.\crypto\pkcs7\pk7_mime.c:255: > That's due to a change in the AES CBC code in 0.9.7f which stopped it working with cipher BIOs after the initial buffer had been processed. I've fixed this in the latest snapshot. FYI the fix is: http://cvs.openssl.org/chngview?cn=13195 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] *********************************************************************************** This email, including any attachments sent with it, is confidential and for the sole use of the intended recipient(s). This confidentiality is not waived or lost, if you receive it and you are not the intended recipient(s), or if it is transmitted/received in error. Any unauthorised use, alteration, disclosure, distribution or review of this email is prohibited. It may be subject to a statutory duty of confidentiality if it relates to health service matters. If you are not the intended recipient(s), or if you have received this email in error, you are asked to immediately notify the sender by telephone or by return email. You should also delete this email and destroy any hard copies produced. *********************************************************************************** ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
