Hi.
Unfortunately I found that the new openssl 097d release crashes
in PKCS7_get_octet_string(), called by PKCS7_datInit()
in file pk7_doit.c
Possibly this is because PKCS7_dataInit() *assumes* in this
release that the PKCS7 object is always a signed type,
and does PKCS7_get_octet_string (p7->d.sign->contents)
without checking for this first
(if PKCS7 is of type NID_pkcs7_enveloped, not NID_pkcs7_signed,
the code crashes because "p7->d.sign->contents" is junk).
You can also see it crash by running e.g. the OpenSSL test program
crypto/pkcs7/enc.c like:
./enc -k CERTFILE.PEM DATAFILE
Thanks,
Juki
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
