I sent some information conserning problems with the PKCS7 output
when I posted info related to the decryption performance problem.
One correction was made 'encryptedData' -> 'data', but the other
has obviously been omitted, so I post this again in case you
missed the problem.
i2d_PKCS7_ENC_CONTENT seems to produce an invalid output.
According to the PKCS7 definition, the EncryptedContentInfo,
should look something like:
.....................................
245 30 2529: SEQUENCE {
249 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
260 30 20: SEQUENCE {
262 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3
7)
272 04 8: OCTET STRING
: 5D 77 04 E1 3B 4B 0B 39
: }
282 A0 NDEF: [0] {
284 04 2488: OCTET STRING
: 88 33 54 7D CA B9 8B 80 85 84 0D EB B9 90 D6 06
: 5D FF 1E 30 78 34 FC 5D 4F 4B 81 AB 04 60 AF CF
: 45 0F 89 57 10 BC 63 52 93 3B 30 88 2F 77 A4 75
: 4B 08 F8 AB DC 27 9F 1E 47 01 E2 DD 0C E3 DF 02
: 39 EB 13 B9 C8 E5 E4 5E 66 03 05 9E 9B 05 EA D0
: D2 55 95 0E 5D A7 B8 BD DB 71 9F 52 53 AE 24 BE
: 71 3B A9 36 0B DC 4C D2 F3 F9 96 ED EA 3A 1A E2
: 28 EC E5 F8 94 80 47 54 22 06 AF 16 C8 31 E0 5F
: [ Another 2360 bytes skipped ]
: }
: }
: }
: }
: }
.....................................
where the encrypted data is an 'OCTET STRING', but instead it looks like
this:
.....................................
245 30 2525: SEQUENCE {
249 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
260 30 20: SEQUENCE {
262 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3
7)
272 04 8: OCTET STRING
: D2 CA 20 1D CF 51 65 9F
: }
282 80 2488: [0]
: 62 A3 56 01 E1 FB B6 63 92 A3 62 A5 A7 E3 49 EA
: 74 B1 14 2D 03 A7 C5 BE 4E B7 36 BD FC 3A 34 BD
: 2F 85 0F A7 A6 DE DA 89 3F 94 CD 9D 04 9A 63 E8
: E0 A8 DE A5 12 3A FB 22 78 FC 48 17 46 9C 98 A6
: FE FE EC 50 FC 9C 18 67 4C 6E F4 4C 6A 03 7A 1E
: 4C 0D 6A 1B E1 70 10 F2 7F 7C 83 1C 2F 70 D8 FC
: 91 97 72 4C 0C B7 2E F4 C5 2D 23 FB 3A 9C FA C6
: D2 09 BD AE 45 0C 1A 16 8E 8F 91 9B 27 3A C3 62
: [ Another 2360 bytes skipped ]
: }
: }
: }
: }
.....................................
The 'EncryptedContent' should be an "OCTET STRING" according to the
PKCS7 spec., but that information is missing in the OpenSSL PKCS7
output.
The problem seems to be the "M_ASN1_I2D_put_IMP_opt" macro.
To produce the correct output I made the following modification to
"i2d_PKCS7_ENC_CONTENT", probably not the right way but....
.....................................
int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->content_type,i2d_ASN1_OBJECT);
M_ASN1_I2D_len(a->algorithm,i2d_X509_ALGOR);
/* dtc_ M_ASN1_I2D_len_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING);
* is replaced by the following 2 lines: */
ret += 4; /* Compensate length for sequence below */
M_ASN1_I2D_len(a->enc_data,i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->content_type,i2d_ASN1_OBJECT);
M_ASN1_I2D_put(a->algorithm,i2d_X509_ALGOR);
/* dtc_ M_ASN1_I2D_put_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING,0);
* is replaced by the following 3 lines: */
M_ASN1_I2D_INF_seq_start(0,V_ASN1_CONTEXT_SPECIFIC);
M_ASN1_I2D_put(a->enc_data,i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_INF_seq_end();
M_ASN1_I2D_finish();
}
.....................................
/Bo
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
