[openssl.org #2564] PKCS7_cert_from_signer_info Enhancement Request

Mon, 18 Jul 2011 05:19:14 -0700 

        Hi,

        I just find (after spending some time on debug) than the 
PKCS7_cert_from_signer_info functions doesn't work in case of Signed and 
enveloped PKCS7

        As I don't see any reason of that, I would propose a support of this 
case.

        Actual version (Openssl 1.0.0d) :
        
X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
{
        if (PKCS7_type_is_signed(p7))
                return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
                        si->issuer_and_serial->issuer,
                        si->issuer_and_serial->serial));
        else
                return (NULL);
}

        I propose this version :

X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
{
        if (PKCS7_type_is_signed(p7))
                return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
                        si->issuer_and_serial->issuer,
                        si->issuer_and_serial->serial));
        else if (PKCS7_type_is_signedAndEnveloped(p7))
                
return(X509_find_by_issuer_and_serial(p7->d.signed_and_enveloped->cert,
                        si->issuer_and_serial->issuer,
                        si->issuer_and_serial->serial));
        else
                return (NULL);
}

        Kind regards,
-- 
Ludovic FLAMENT
Fondateur -  Expert Cryptographie,PKI,CC/CSPN
http://www.cryptograph-ic.com/
[email protected]
Hi,

I just find (after spending some time on debug) than the PKCS7_cert_from_signer_info functions doesn't work in case of Signed and enveloped PKCS7

As I don't see any reason of that, I would propose a support of this case.

Actual version (Openssl 1.0.0d) :
X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
{
if (PKCS7_type_is_signed(p7))
return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
si->issuer_and_serial->issuer,
si->issuer_and_serial->serial));
else
return (NULL);
}

I propose this version :

X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
{
if (PKCS7_type_is_signed(p7))
return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
si->issuer_and_serial->issuer,
si->issuer_and_serial->serial));
else if (PKCS7_type_is_signedAndEnveloped(p7))
return(X509_find_by_issuer_and_serial(p7->d.signed_and_enveloped->cert,
si->issuer_and_serial->issuer,
si->issuer_and_serial->serial));
else
return (NULL);
}

Kind regards,
-- 
Ludovic FLAMENT
Fondateur -  Expert Cryptographie,PKI,CC/CSPN

Reply via email to