Hi forks,
I've been using OpenSSL 0.9.8h, I use it for SMIME sign/verify. I've just
upgraded to OpenSSL 0.9.8i and my code doesn't work anymore.
The error is: [error:21075081:PKCS7 routines:PKCS7_verify:smime text error]
After spending sometime to investigate, I see the only diff is: the SMIME_text
function (crypto/asn1/asn_mime.c) in 0.9.8i was added the check for "len"
variable:
if (len < 0)
return 0;
I don't know why we need this check. But my code works on 0.9.8h (the one
without the check). Could someone give me a hint?
Here's is the code for signing:
...
flags = PKCS7_DETACHED;
flags |= PKCS7_STREAM;
flags |= PKCS7_NOCERTS;
flags |= PKCS7_TEXT;
p7 = PKCS7_sign(pCert,pPrivKey,NULL,in, flags);
if (!p7){
ret = ERRROR_INVALID;
goto done;
}
SMIME_write_PKCS7(out,p7,in, flags);
....
And here the code for verifying:
...
flags = PKCS7_NOVERIFY;
flags |= PKCS7_TEXT;
p7 = SMIME_read_PKCS7(in, &indata);
if (!p7){
ret = ERROR_INVALID;
goto done;
}
certs = sk_X509_new_null();
sk_X509_push(certs,pCert);
if (PKCS7_verify(p7,certs,NULL,indata,out,flags)){
...
Thanks!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
