On Thursday 13 April 2006 22:26 pm, Dr. Stephen Henson wrote:
> On Thu, Apr 13, 2006, Brad Hards wrote:
> > I'm trying to do detached CMS signatures and verification using the
> > PKCS7_sign() and PKCS7_verify() functions. It appears to work OK, except
> > that my test case for a zero length array fails to verify() - looks like
> > the signature is OK though.
> >
> > The documentation suggests that PKCS7_verify() isn't expected to work
> > ("indata cannot be NULL"). Are there any alternative functions that I
> > should be looking at? Or is there some workaround?
>
> Have you tried passing it an empty memory BIO?
Yes. Roughly what I'm doing is:
... stuff to set up the keystore and PKCS7 structure...
bi = BIO_new(BIO_s_mem());
BIO_write(bi, in.data(), in.size());
int ret = PKCS7_verify(p7, xs, store, bi, NULL, 0);
It works (ret == 1) for data I've signed using PKCS7_sign, except for the case
where in.size() == 0 (i.e. an empty string). Then it returns 0.Brad
pgp5BkQaJ7UMJ.pgp
Description: PGP signature
