Hi All, I've looked for any fix for the below mentioned API's in the OpenSSL site. But my bad, could not find any.
Let me know if anyone have faced similar issue with the EVP_EncodeUpdate() and EVP_EncodeFinal() API's or any pointer where I can find the fixes in OpenSSL releases from OpenSSL version 0.9.7d 17 Mar 2004 to the latest one. The API's are not working as expected for Class 3 type of CA certificates. Details are given in the mail thread how I've used the api's what is expected and what is the actual outcome. Any help is highly appreciated. -Thanks & Regards Basi Reddy M -----Original Message----- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Basireddy M via RT Sent: Wednesday, March 31, 2010 11:24 PM Cc: openssl-dev@openssl.org Subject: [openssl.org #2213] Unable to read Class 3 type CA certificates properly using EVP_EncodeUpdate & EVP_EncodeFinal functions. Hi, I'm reading the CA Certificate file using OpenSSL API's EVP_EncodeUpdate & EVP_EncodeFinal and writting the data to out file (say .pem). Issue: I'm able be read the CA Certificates properly except for Class 3 CA files. For Class 3 type of CA certificates, the API EVP_EncodeFinal reads the entire certificate body after reading the certificate data using EVP_EncodeUpdate, by which the certificate data is written twice to the out file. But for other CA files, after reading the certificate data using EVP_EncodeUpdate, the left out data is fetched by EVP_EncodeFinal. There by the certificate data is written properly to the out file How am I reading the CA file? 1. Creating cert (X509 * structure) for the certificate 2. Initialize the Base64 encoder, using EVP_EncodeInit(), an encoding context structure "bctx" which is used during all encoding operations. EVP_EncodeInit( &bctx ); 3. DER encode the certificate i2d_X509() encodes the structure pointed to by "cert" into DER format. If out is not NULL is writes the DER encoded data to the buffer at derTmp, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. derLen = i2d_X509( cert, &derTmp ); 4. Base 64 encode the certificate DER EVP_EncodeUpdate copies "derLen" bytes of the input string "der" into a previously-initialized "bctx"; if any data was already stored in the "bctx", it is base64-encoded first and the results written to "encodeBuf". The number of bytes written to "encodeBuf" is placed in "nBytesWritten". Note that the first time this function is called, the input string is copied into the "bctx" but since there is no input data already in "bctx", no data is base64-encoded. In effect, output is always one function call behind the input. EVP_EncodeUpdate(&bctx, encodeBuf, &nBytesWritten, der, derLen ); 5. EVP_EncodeFinal() base64-encodes the data in a previously initialized and filled "bctx" and writes the results to "encodeBuf". The number of bytes written is placed in "nBytesWritten". EVP_EncodeFinal(&bctx, encodeBuf, &nBytesWritten ); What is the version of OpenSSL? OpenSSL 0.9.7d 17 Mar 2004 What is expected? 1. Is there anything incorrect in the reading the CA file, because of which I'm seeing the issue? 2. Wherther Class 3 CA certificates should be handled differently? If Yes, How? 3. Is it an OpenSSL API issue? If Yes, is it fixed in any of the future releases of the OpenSSL and in which version of OpenSSL. -Regards Basi Reddy M DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.