RE: pkcs7 cert loading, why this code doesn't work?
thanks Mounir! yes the 'write' thing was a typo. the second issue was the problem. sean your are right the pass in type should be a Date: Sun, 4 Apr 2010 02:22:29 +0200 From: mounir.idra...@idrix.net To: openssl-users@openssl.org Subject: Re: pkcs7 cert loading, why this code doesn't work? Hi, There are two bugs in your code: First, you only need calls to BIO_read not BIO_write, and in order to avoid the crash you have to pass a pointer equal to inbuf instead of inbuf directly because d2i_PKCS7 increment the pointer internally. So, a more correct version of the code will be : BIO *bio, *b64; char inbuf[4096]; int inlen = strlen(a); char* ptr = inbuf[0]; b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio = BIO_push(b64, bio); inlen=BIO_read(bio, inbuf, 4096); p7 = d2i_PKCS7(NULL, ptr, inlen); I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/3/2010 3:06 AM, sean wang wrote: Hello, I have a pkcs7 encoded cert which i want to load. the following code block works fine: ( I am doing a base64 decoding first, will explain the reason in the second half): BIO *bio, *b64; PKCS7 * p7; b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); p7 = d2i_PKCS7_bio(bio, NULL); However, for some interface reasons, I need to pass pass in a base64 decoded blob to a legacy function, so i tried the following code: BIO *bio, *b64, *bio_out; char inbuf[4096]; int inlen = strlen(a); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); while((inlen=BIO_read(bio, inbuf, 4096))0) BIO_write(bio_out, inbuf, inlen); p7 = d2i_PKCS7(NULL,inbuf, inlen); now this code fails with a segment fault. So my question is, if i really need to get the based64 decoded blob of a pkcs 7 cert, what is the right way? (because the first code worked, I assume the base64 decoding worked fine, but I can't pull the data out of 'bio' variable, appears there the data is still base64 encoded. how can i get the correct decoded blob?) test cert I used: char cert[] = MIIDCgYJKoZIhvcNAQcCoIIC+zCCAvcCAQExADALBgkqhkiG9w0BBwGgggLdMIIC\ 2TCCAkKgAwIBAgIJAILcTFTXHeLsMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\ AlVTMQswCQYDVQQIEwJXQTELMAkGA1UEChMCT00xCzAJBgNVBAsTAk9NMQ0wCwYD\ VQQDEwRzZWFuMSIwIAYJKoZIhvcNAQkBFhNzd2FuZzU0QGhvdG1haWwuY29tMB4X\ DTEwMDMyMjIxMTkzN1oXDTExMDMyMjIxMTkzN1oweTELMAkGA1UEBhMCVVMxCzAJ\ BgNVBAgTAldBMRAwDgYDVQQHEwdyZWRtb25kMQswCQYDVQQKEwJPTTELMAkGA1UE\ CxMCT00xDTALBgNVBAMTBHNlYW4xIjAgBgkqhkiG9w0BCQEWE3N3YW5nNTRAaG90\ bWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKS/aKF9VjvokJZ\ dW4xkuqYFaRnNSYHNnmi4pIvbvf26QMnj9SerMw/c53LJTre1uQ/t1iAARY1LX4D\ wUCAijg/RN6zuW5NBcnJpgIYL6ZHciaL2qiDWIb6aoKy5hh0fb7psPI2n4/VO7pq\ 9fhjsiCosJvEUehezhEOWkCDEyw7AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI\ AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW\ BBScenB4QwEq0x5n/oSRa8CuW+TifzAfBgNVHSMEGDAWgBSEddm7LRw5ylO1uAkY\ ZPvI6WnNqjANBgkqhkiG9w0BAQUFAAOBgQCmxtc5DV9wA8U3GW8ZVy5wO9Kzmhpz\ aRMLsKXjmgR5T0x9AQnf3W4Y5JmHtpXeOpvYEUiKiLOb/aNya+Km3S/7LJv8ufjn\ kHIiE6bsus/3NgAkLLmdodfJXFve/1viBzibwDZm4FyTHFjEnsFL57eAH+w0ZGna\ OUP4KRvWhjC/AKEAMQA=; _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org _ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccountocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
Re: pkcs7 cert loading, why this code doesn't work?
Hi, There are two bugs in your code: First, you only need calls to BIO_read not BIO_write, and in order to avoid the crash you have to pass a pointer equal to inbuf instead of inbuf directly because d2i_PKCS7 increment the pointer internally. So, a more correct version of the code will be : BIO *bio, *b64; char inbuf[4096]; int inlen = strlen(a); char* ptr = inbuf[0]; b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio = BIO_push(b64, bio); inlen=BIO_read(bio, inbuf, 4096); p7 = d2i_PKCS7(NULL, ptr, inlen); I hope this will help. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 4/3/2010 3:06 AM, sean wang wrote: Hello, I have a pkcs7 encoded cert which i want to load. the following code block works fine: ( I am doing a base64 decoding first, will explain the reason in the second half): BIO *bio, *b64; PKCS7 * p7; b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); p7 = d2i_PKCS7_bio(bio, NULL); However, for some interface reasons, I need to pass pass in a base64 decoded blob to a legacy function, so i tried the following code: BIO *bio, *b64, *bio_out; char inbuf[4096]; int inlen = strlen(a); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); while((inlen=BIO_read(bio, inbuf, 4096))0) BIO_write(bio_out, inbuf, inlen); p7 = d2i_PKCS7(NULL,inbuf, inlen); now this code fails with a segment fault. So my question is, if i really need to get the based64 decoded blob of a pkcs 7 cert, what is the right way? (because the first code worked, I assume the base64 decoding worked fine, but I can't pull the data out of 'bio' variable, appears there the data is still base64 encoded. how can i get the correct decoded blob?) test cert I used: char cert[] = MIIDCgYJKoZIhvcNAQcCoIIC+zCCAvcCAQExADALBgkqhkiG9w0BBwGgggLdMIIC\ 2TCCAkKgAwIBAgIJAILcTFTXHeLsMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\ AlVTMQswCQYDVQQIEwJXQTELMAkGA1UEChMCT00xCzAJBgNVBAsTAk9NMQ0wCwYD\ VQQDEwRzZWFuMSIwIAYJKoZIhvcNAQkBFhNzd2FuZzU0QGhvdG1haWwuY29tMB4X\ DTEwMDMyMjIxMTkzN1oXDTExMDMyMjIxMTkzN1oweTELMAkGA1UEBhMCVVMxCzAJ\ BgNVBAgTAldBMRAwDgYDVQQHEwdyZWRtb25kMQswCQYDVQQKEwJPTTELMAkGA1UE\ CxMCT00xDTALBgNVBAMTBHNlYW4xIjAgBgkqhkiG9w0BCQEWE3N3YW5nNTRAaG90\ bWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKS/aKF9VjvokJZ\ dW4xkuqYFaRnNSYHNnmi4pIvbvf26QMnj9SerMw/c53LJTre1uQ/t1iAARY1LX4D\ wUCAijg/RN6zuW5NBcnJpgIYL6ZHciaL2qiDWIb6aoKy5hh0fb7psPI2n4/VO7pq\ 9fhjsiCosJvEUehezhEOWkCDEyw7AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI\ AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW\ BBScenB4QwEq0x5n/oSRa8CuW+TifzAfBgNVHSMEGDAWgBSEddm7LRw5ylO1uAkY\ ZPvI6WnNqjANBgkqhkiG9w0BAQUFAAOBgQCmxtc5DV9wA8U3GW8ZVy5wO9Kzmhpz\ aRMLsKXjmgR5T0x9AQnf3W4Y5JmHtpXeOpvYEUiKiLOb/aNya+Km3S/7LJv8ufjn\ kHIiE6bsus/3NgAkLLmdodfJXFve/1viBzibwDZm4FyTHFjEnsFL57eAH+w0ZGna\ OUP4KRvWhjC/AKEAMQA=; _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
pkcs7 cert loading, why this code doesn't work?
Hello, I have a pkcs7 encoded cert which i want to load. the following code block works fine: ( I am doing a base64 decoding first, will explain the reason in the second half): BIO *bio, *b64; PKCS7 * p7; b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); p7 = d2i_PKCS7_bio(bio, NULL); However, for some interface reasons, I need to pass pass in a base64 decoded blob to a legacy function, so i tried the following code: BIO *bio, *b64, *bio_out; char inbuf[4096]; int inlen = strlen(a); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio=BIO_new_mem_buf(a, -1); bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); bio = BIO_push(b64, bio); while((inlen=BIO_read(bio, inbuf, 4096))0) BIO_write(bio_out, inbuf, inlen); p7 = d2i_PKCS7(NULL, inbuf, inlen); now this code fails with a segment fault. So my question is, if i really need to get the based64 decoded blob of a pkcs 7 cert, what is the right way? (because the first code worked, I assume the base64 decoding worked fine, but I can't pull the data out of 'bio' variable, appears there the data is still base64 encoded. how can i get the correct decoded blob?) test cert I used: char cert[] = MIIDCgYJKoZIhvcNAQcCoIIC+zCCAvcCAQExADALBgkqhkiG9w0BBwGgggLdMIIC\ 2TCCAkKgAwIBAgIJAILcTFTXHeLsMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\ AlVTMQswCQYDVQQIEwJXQTELMAkGA1UEChMCT00xCzAJBgNVBAsTAk9NMQ0wCwYD\ VQQDEwRzZWFuMSIwIAYJKoZIhvcNAQkBFhNzd2FuZzU0QGhvdG1haWwuY29tMB4X\ DTEwMDMyMjIxMTkzN1oXDTExMDMyMjIxMTkzN1oweTELMAkGA1UEBhMCVVMxCzAJ\ BgNVBAgTAldBMRAwDgYDVQQHEwdyZWRtb25kMQswCQYDVQQKEwJPTTELMAkGA1UE\ CxMCT00xDTALBgNVBAMTBHNlYW4xIjAgBgkqhkiG9w0BCQEWE3N3YW5nNTRAaG90\ bWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKS/aKF9VjvokJZ\ dW4xkuqYFaRnNSYHNnmi4pIvbvf26QMnj9SerMw/c53LJTre1uQ/t1iAARY1LX4D\ wUCAijg/RN6zuW5NBcnJpgIYL6ZHciaL2qiDWIb6aoKy5hh0fb7psPI2n4/VO7pq\ 9fhjsiCosJvEUehezhEOWkCDEyw7AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI\ AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW\ BBScenB4QwEq0x5n/oSRa8CuW+TifzAfBgNVHSMEGDAWgBSEddm7LRw5ylO1uAkY\ ZPvI6WnNqjANBgkqhkiG9w0BAQUFAAOBgQCmxtc5DV9wA8U3GW8ZVy5wO9Kzmhpz\ aRMLsKXjmgR5T0x9AQnf3W4Y5JmHtpXeOpvYEUiKiLOb/aNya+Km3S/7LJv8ufjn\ kHIiE6bsus/3NgAkLLmdodfJXFve/1viBzibwDZm4FyTHFjEnsFL57eAH+w0ZGna\ OUP4KRvWhjC/AKEAMQA=; _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
