Hi,
I have a PKCS#7 signedData Block generated by an
external application.
When reading it in OpenSSL with d2i_PKCS7() and writing
it out again with i2d_PKCS7() the order of the
authenticated attributes changes and the signature
becomes invalid.
The reason is that when writing the SignerInfo
the call for writing the STACK_OF(X509_ATTRIBUTE)
is made through
#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
if ((a != NULL) && (sk_##type##_num(a) != 0)) \
{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
V_ASN1_CONTEXT_SPECIFIC, \
IS_SET); }
(asn1_mac.h, ln. 488)
The last parameter (IS_SET) causes i2d_ASN1_SET()
(asn1/a_set.c, ln. 86) to sort the attributes (!) after they
have already been written properly!!
So is there a reason why IS_SET must be used?
Can I change it to IS_SEQUENCE without breaking other
functionality?
Or how can I get OpenSSL to write the attributes in
stack-order?
Background: the reason why I read and write the data
is that I want to strip the certificates (which works).
Any help would be gladly appreciated.
Robert
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
