hello all,
i wonder if the openssl pkcs7 object is compatible with outlook
express5 and netscape messager. Because i have success to decrypt
the smime.p7m produced by outlook express5 to plaintext(smime.txt)
by command
dec -k server.pem smime.p7m (of course i and the -----BEGIN PKCS7--- and
-----END PKCS7----- to smime.p7m file.)
but, unfortunately, when i try to encrypt the smime.txt to smime2.p7m
,i found that smime2.p7m is not equal to smime.p7m. but both can
generate the same plaintext by dec.c. And if i replace the smime.p7m file
to smime2.p7m , then outlook express or netscape messager does not
recognize it! (invalid encryption!!) Why?????????
//the below file is server.pem
subject=/O=British Telecommunications plc/OU=BT Trustwise - Class 1 Individual
CA/OU=www.trustwise.com/repository/RP Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not
Validated/OU=Digital ID Class 1 - Netscape/CN=Norton [EMAIL PROTECTED]
issuer= /O=British Telecommunications plc/OU=BT Trustwise - Class 1 Individual CA
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:28:27:28:a9:15:c0:04:cc:3e:d1:72:0a:38:d8:a9
Signature Algorithm: md5WithRSAEncryption
Issuer: O=British Telecommunications plc, OU=BT Trustwise - Class 1 Individual
CA
Validity
Not Before: Jul 6 00:00:00 1999 GMT
Not After : Sep 4 23:59:59 1999 GMT
Subject: O=British Telecommunications plc, OU=BT Trustwise - Class 1
Individual CA, OU=www.trustwise.com/repository/RP Incorp. by Ref.,LIAB.LTD(c)98,
OU=Persona Not Validated, OU=Digital ID Class 1 - Netscape, CN=Norton
[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:c4:8f:65:7d:e2:bf:e8:90:a4:6c:77:c1:cb:ed:
41:2d:47:e7:9f:a4:6a:45:da:f4:77:08:84:17:2a:
07:2e:a0:2c:04:53:d6:61:dc:3d:69:88:39:09:a9:
d2:22:94:4b:7b:7b:90:43:ac:0e:01:5e:6d:0f:f0:
24:b0:ef:71:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
0.
Netscape Cert Type:
....
2.16.840.1.113733.1.6.3:
.vd4652bd63f2047029298763c9d2f275069c7359bed1b059da75bc4bc9701747da5c1e3141beadb2bd2e89206bd68f1d711489ca0bb45f8f3ea45db
Signature Algorithm: md5WithRSAEncryption
90:93:ae:cf:d5:8f:9b:53:d5:d3:44:32:1b:66:54:98:f0:f0:
b3:b1:e1:70:b0:ad:c0:f2:5b:2b:94:11:13:0e:bf:a8:4a:b5:
e3:1e:78:82:f0:10:a4:7f:5b:19:c4:b1:89:88:59:ff:7c:13:
fa:dd:1d:2a:6b:cf:e2:9a:8f:16:e3:e1:89:6c:7c:62:09:eb:
a8:28:ff:7f:54:b7:0a:9b:cf:75:8a:63:d9:a2:14:dc:70:70:
61:5a:06:51:33:50:af:a4:cf:90:6c:7e:5e:28:5d:88:22:d2:
4c:58:42:bc:2c:c3:a8:ca:04:57:03:21:f3:6b:66:82:2e:66:
ff:d7
-----BEGIN CERTIFICATE-----
MIIDaDCCAtGgAwIBAgIQfignKKkVwATMPtFyCjjYqTANBgkqhkiG9w0BAQQFADBY
MScwJQYDVQQKEx5Ccml0aXNoIFRlbGVjb21tdW5pY2F0aW9ucyBwbGMxLTArBgNV
BAsTJEJUIFRydXN0d2lzZSAtIENsYXNzIDEgSW5kaXZpZHVhbCBDQTAeFw05OTA3
MDYwMDAwMDBaFw05OTA5MDQyMzU5NTlaMIIBIjEnMCUGA1UEChMeQnJpdGlzaCBU
ZWxlY29tbXVuaWNhdGlvbnMgcGxjMS0wKwYDVQQLEyRCVCBUcnVzdHdpc2UgLSBD
bGFzcyAxIEluZGl2aWR1YWwgQ0ExRjBEBgNVBAsTPXd3dy50cnVzdHdpc2UuY29t
L3JlcG9zaXRvcnkvUlAgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAc
BgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMdRGlnaXRhbCBJ
RCBDbGFzcyAxIC0gTmV0c2NhcGUxEjAQBgNVBAMTCU5vcnRvbiBOZzEkMCIGCSqG
SIb3DQEJARYVamtuZ0Bjc2llLm5jdHUuZWR1LnR3MFwwDQYJKoZIhvcNAQEBBQAD
SwAwSAJBAMSPZX3iv+iQpGx3wcvtQS1H55+kakXa9HcIhBcqBy6gLART1mHcPWmI
OQmp0iKUS3t7kEOsDgFebQ/wJLDvcQ0CAwEAAaOBqjCBpzAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0
NzAyOTI5ODc2M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3
NDdkYTVjMWUzMTQxYmVhZGIyYmQyZTg5MjA2YmQ2OGYxZDcxMTQ4OWNhMGJiNDVm
OGYzZWE0NWRiMA0GCSqGSIb3DQEBBAUAA4GBAJCTrs/Vj5tT1dNEMhtmVJjw8LOx
4XCwrcDyWyuUERMOv6hKteMeeILwEKR/WxnEsYmIWf98E/rdHSprz+Kajxbj4Yls
fGIJ66go/39Utwqbz3WKY9miFNxwcGFaBlEzUK+kz5Bsfl4oXYgi0kxYQrwsw6jK
BFcDIfNrZoIuZv/X
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAMSPZX3iv+iQpGx3wcvtQS1H55+kakXa9HcIhBcqBy6gLART1mHc
PWmIOQmp0iKUS3t7kEOsDgFebQ/wJLDvcQ0CAwEAAQJAYaPFy7nWkMVBGCyJFS7f
AIpGcdPvgpHYfES7sPIMrUi9wohXHRfkGG3f+grHc4QEKfDwrfW/tMshEA6j9bKt
QQIhAPSXjzCnrQr92siGvqBVrH/xvw+rR3ko97ZOe/uABwo9AiEAzbpVhYO2i0Ti
8r3LqFWQRIcoADz/o4nEMJfTe8ep/xECIENn5TlGbGTkEsBCihRLqA9Wgw4BaOAW
DzY5qOdloAsNAiBvzkGmQxPVEoYIiE+DV6UFKTL7FiuUlE20Xv8HeVaREQIgRrV7
BW9gd3K6Uf5NhdP8d2pUQOtB+f5fE1qL98zDECA=
-----END RSA PRIVATE KEY-----
//the file below is generated by outlook express5. smime.p7m (encrypt only)
-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHA6CAMIACAQAxggGKMIHCAgEAMGwwWDEnMCUGA1UEChMeQnJpdGlzaCBUZWxl
Y29tbXVuaWNhdGlvbnMgcGxjMS0wKwYDVQQLEyRCVCBUcnVzdHdpc2UgLSBDbGFzcyAxIEluZGl2
aWR1YWwgQ0ECEH4oJyipFcAEzD7Rcgo42KkwDQYJKoZIhvcNAQEBBQAEQAYGjSwz9zIXblenf7tC
KV5MBv+xFV5Xo2CcbA7Be0LsPEyXt0O3XNt1fOU5n+QyWIlIJsN6Cocd9D2FkezHX0swgcICAQAw
bDBYMScwJQYDVQQKEx5Ccml0aXNoIFRlbGVjb21tdW5pY2F0aW9ucyBwbGMxLTArBgNVBAsTJEJU
IFRydXN0d2lzZSAtIENsYXNzIDEgSW5kaXZpZHVhbCBDQQIQfignKKkVwATMPtFyCjjYqTANBgkq
hkiG9w0BAQEFAARAh9xxFDesnkLS21qGu+JVYEYeGqaDZOrvSiVuOotvXrrlpQLBq18FnEN/FFjE
ixzSCVjgwLa8bYbGdrjNv89XGjCABgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECH771vKe
/88aoIAEggQApm+rmhobDBgI1Ko869nlH4DPQPitnozr1mR9N+XZ3E++E/IfcrX2obt7C/XVySOV
0PAgWllh6h40CMEMs6mblU6AWifRboSxY6hJxN4VU8WiUDc0983SX3qw+lVbSFsn1KMB4wxsV8rt
L9hudH2k027uKPo/PUH4ZvPK8L4MOwWxMSLfgLlvJI1MNbSThdedZIY48yWDsWrI/0HnVjBxTJ3V
ekQGY0r5UhnCKkQaM4sQua9hNCifewd+2nO6m3ly85j74YgTsb+cOYiz6sLW/p2+lo3/azykZ9PM
uelCtgQbbPFkT1dn61APbhGjcVtCBV1SWKzEHh4eQyZ2Mde1ltyZLnhrfvL/GenXweMvB3+bsNn8
7QCEXNTXzgHiLu6/Ar0lcT78+Khn0ojOltaA14Nn26IfxNepuZ15HoppVR6WWuYN2dwigAMjxKap
20SeKFcff8Z5CHyegtiXK6p/hAmEgYM8PG6qq8RhsWitDwJOI1mPWl0aEa9OG4cSzj3rB/rT9t1s
MpmGAuvzGdGQEJIRDXG2DDpI8deFmFYlYtqUfKxZGhm4PVdD0tzJXrRMMbeTwbQ4ZJl2ULfx+ydJ
STnXyPPqZTmW6+CpPj1g5YfXtMTSVa3LXHcsoetY5KSksRDvaAP/AUBOAE94us7aQhnTCASbVS0r
u9nBIalQanqpfqmPv6q+HsUF4t7fydYvs9VwefuUV5Q/WpFvRqav4yiutNljFM709Vg6NS44aM04
uJbm9RIbnetXDAX8zPynIKJ7H9JBUf4ZAoQA7hmCOYa18SjPVQrzPh9qTTHdHDfp1FiumDZfsOB0
91vEp/HgvHHxUVwCHDlniXlSilbaUK9Lg+JH5b6NqCfYhFSCQIVbFBfFRYzzBrk+nwPWe8LGZ0om
XHrc1aEJlcpFgD02bmZmoUHbodRBALHR+3XLjvyjrPDpslrMO0ks9PeEvs0JnZRqej0/h76lD2SY
SFXXKwSug2c93FaEqVhdv06EmU8dO7caVZhK4pbZtqBN+o//t8q2TXX8W9DVUWr9oPQIBaL5aEIz
83nIaRH/7XbQsnzs61G0MGdXAwvROBOCFJEcGKFtTUqikYI/t6ww4qMNUF7HLgu7y8lEhCosc2C4
Q9kQYR/SWrDl4pjlknjbjfCQkrxFQ5ArA55bNHQ3/I3YgPeq/UTfbeHlm9TD+NRFoMNxVP/qEh4K
F1o+2WkX/wl7g8CFaUm6hG7mr4+yNcLOZSDGSCO4CItj+4hMMswdeiQeBr5Ie1OEEb9gfvHJ0y34
NX4VxSCAaaIFUv9dspsDlwU+VcNSipjZ21Avty/H3nslpBEPM0mUDD2iyEwEQVirJGdQXe9T46HG
8iBJWDQ6HgAAAAAAAAAAAAA=
-----END PKCS7-----
//the file below is generated by pkcs7/enc.c from the plain text
// by pkcs7/dec.c from smime.p7m
-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHA6CAMIIE9AIBADGBxTCBwgIBADBsMFgxJzAlBgNVBAoTHkJy
aXRpc2ggVGVsZWNvbW11bmljYXRpb25zIHBsYzEtMCsGA1UECxMkQlQgVHJ1c3R3
aXNlIC0gQ2xhc3MgMSBJbmRpdmlkdWFsIENBAhB+KCcoqRXABMw+0XIKONipMA0G
CSqGSIb3DQEBAQUABEC+i7U+ctCPMNcYBY3vwYSgGoH9tpivDFBhvaOkbYJHnCf/
HUiox3Tw/84W/eb3qKiowNeK8b7g4dkLMxvx5LbaMIIEJQYJKoZIhvcNAQcGMBQG
CCqGSIb3DQMHBAgTxD3HW1dD84CCBAA4vZCAYbOgNDdg7AjsgFhJaykhpPAfLmHp
qTb+Vb1uDXi9xG9kD4UnGd4JAs4EuedCoLKxmjEnd5cocvYgY3FgBKstVDkRUYQ+
JxMpRFT5CvsDh2pctr9wXdmJXypYyOvyLQOsC0cUI+ufNlLSi4Ue/3rKTFVjz1w9
Rtt+MS3RHl1Sb43hVVQzCtGWMZkqjH1Hp08CFL1Vdt9zQ8BvaihzxUpqub9XxpNJ
YK6xEFs3C4MYUi8XCbmEmu+YSTrW937FDbLkpGIOMuchNHTxOgVET+athXw2ufMh
U42dl5CxmQgpvCipDqwU6ha6VxfeKG5vwNQuBYJqOzXaopFgex3HHH4x+bLZoJap
IIn+OhbReYzBiYCmtnCc2ZUrcGZ9/QypfOVHKD/HxTpan4RxUsLRCBUmD7ljBKY8
plXC9jt2Rt+uYwXG/zDANg/xpUaQMnJK4eVTDJlcz/Pq4pcptydURvpfpNMVg8XC
LgxKt30KkT1wdwPGujj0sionq8rIDqFOrBU/2dNyNvLpGpY6jZvtyVzI/EXqLOXq
QIXEijbjqY0a4lOdeLBlvuaX45piwejkqP2Myl3q32dLUgTuaxiSb2y5tzRngPue
Lbz9+0oDofOdqQJivC8n2NgmfKTxJ8VGAxwiXahInX3SSwSETHXq4esqFwJWHHgT
6FH2QvNDBe0fYjY/FyCyweo23K7eRcRRHcDD3ZcKWJAparu+bDk8TORg8k+wkNj8
CrPMc0E8m28MbSJUKfy7y/AsshHxzVu9/AVqvM128QKXtTOKB1ktGbSuPbRXJhkv
8BtW002k5w/f7Y19JKRN80V0jRroKahha14SasIZOcnYJ/k6cYUvsZ0UKlbkuByL
OAmCEJ13CxkjlwgyjCSe3NZ1kJZDsl2Oj5EtKiZkJaYlnqnKI6n2vmsRv9QGkkyV
VamWKWkvDwaTzAqQ2ln5pi97yxi2Lmu7fnmb6uZFHgCbFbjFq48su7zJsbaY0GAT
ncfU3dJvFr+4Y7pcitXovwfsrbhOk9CKT8asrx/KtfkrFHp6tKx2ghvE+m1aiCte
d1/WsyM6+ptb3dzHl22xI3hVDVVkvD0oHw903jgMErCFL2FRUnqjTU9Y+SVLZNqv
uvsqpLS4bBXerJ9GeCjnRTwR0L22elDwkK7a1jL0xfpjYfo7O0hhS6Uk9XDXOVBi
1s1YlXfUFay48Cu/Cwf7uoAh24bOh563zOqYmf/Bw1eDMLjwQ6VDxU+HizWR6d5Y
RWab/cjjnlkBjYcID5I+CE/PUMTDrmPB2ohtpi8gE/ZH7YKDifMdo80Kz8cxMXhQ
jkME0xGvllvvJXUudise4+dFg3DPKGru7D+1GO7MUz8Ve1o4W6K1AAAAAA==
-----END PKCS7-----
/* crypto/pkcs7/enc.c */
/* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED])
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young ([EMAIL PROTECTED]).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson ([EMAIL PROTECTED]).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young ([EMAIL PROTECTED])"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson ([EMAIL PROTECTED])"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
int main(argc,argv)
int argc;
char *argv[];
{
X509 *x509;
PKCS7 *p7;
BIO *in;
BIO *data,*p7bio;
char buf[1024*4];
int i;
int nodetach=1;
char *keyfile = NULL;
const EVP_CIPHER *cipher=NULL;
SSLeay_add_all_algorithms();
data=BIO_new(BIO_s_file());
while(argc > 1)
{
if (strcmp(argv[1],"-nd") == 0)
{
nodetach=1;
argv++; argc--;
}
else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
fprintf(stderr, "Unknown cipher %s\n", argv[2]);
goto err;
}
argc-=2;
argv+=2;
} else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
keyfile = argv[2];
argc-=2;
argv+=2;
} else break;
}
if (!BIO_read_filename(data,argv[1])) goto err;
if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
p7=PKCS7_new();
#if 0
BIO_reset(in);
if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
BIO_free(in);
PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
/* we may want to add more */
PKCS7_add_certificate(p7,x509);
#else
PKCS7_set_type(p7,NID_pkcs7_enveloped);
#endif
if(!cipher) cipher = EVP_des_ede3_cbc();
if (!PKCS7_set_cipher(p7,cipher)) goto err;
if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
/* Set the content of the signed to 'data' */
/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
/* could be used, but not in this version :-)
if (!nodetach) PKCS7_set_detached(p7,1);
*/
if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
for (;;)
{
i=BIO_read(data,buf,sizeof(buf));
if (i <= 0) break;
BIO_write(p7bio,buf,i);
}
BIO_flush(p7bio);
if (!PKCS7_dataFinal(p7,p7bio)) goto err;
BIO_free(p7bio);
PEM_write_PKCS7(stdout,p7);
PKCS7_free(p7);
exit(0);
err:
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
//------------------------------
/* crypto/pkcs7/dec.c */
/* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED])
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young ([EMAIL PROTECTED]).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson ([EMAIL PROTECTED]).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young ([EMAIL PROTECTED])"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson ([EMAIL PROTECTED])"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
#include <openssl/safestack.h>
int verify_callback(int ok, X509_STORE_CTX *ctx);
BIO *bio_err=NULL;
int main(argc,argv)
int argc;
char *argv[];
{
char KEYSTR[]="certificate";
char *keyfile=NULL;
BIO *in;
EVP_PKEY *pkey;
X509 *x509;
PKCS7 *p7;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
X509_STORE *cert_store=NULL;
BIO *data,*detached=NULL,*p7bio=NULL;
char buf[1024*4];
unsigned char *pp;
int i,printit=0;
STACK *sk;
//STACK_OF(PKCS7_SIGNER_INFO) *sk;
FILE *fw;
SSLeay_add_all_algorithms();
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
data=BIO_new(BIO_s_file());
pp=NULL;
while (argc > 1)
{
argc--;
argv++;
if (strcmp(argv[0],"-p") == 0)
{
printit=1;
}
else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
keyfile = argv[1];
argc-=1;
argv+=1;
} else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
{
detached=BIO_new(BIO_s_file());
if (!BIO_read_filename(detached,argv[1]))
goto err;
argc-=1;
argv+=1;
}
else break;
}
pp = argv[0];
printf("\nbefore BIO_read_filename!!");fflush(stdout);
if (!BIO_read_filename(data,argv[0])) goto err;
if(!keyfile) {
fprintf(stderr, "No private key file specified\n");
goto err;
}
if ((in=BIO_new_file(keyfile,"r")) == NULL)
{
printf("\nBIO_new_file error!!");fflush(stdout);
goto err;
}
printf("\nbefore PEM_read_bio_X509 ");fflush(stdout);
if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
{
printf("\nPEM_read_bio_x509 error!!");fflush(stdout);
goto err;
}
BIO_reset(in);
printf("\nbefore PEM_read_bio_PrivateKey");fflush(stdout);
if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
BIO_free(in);
printf("\nbefore BIO_set_fp(data,stdin,BIO_NOCLOSE) ");fflush(stdout);
if (pp == NULL)
{
printf("\npp == NULL ");fflush(stdout);
BIO_set_fp(data,stdin,BIO_NOCLOSE);
}
printf("\nbefore PEM_read_bio_PKCS7 ");fflush(stdout);
/* Load the PKCS7 object from a file */
if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL)
{
printf("\nPEM_read_bio_PKCS7 error");fflush(stdout);
goto err;
}
printf("\nbefore setup for certificate verification");fflush(stdout);
/* This stuff is being setup for certificate verification.
* When using SSL, it could be replaced with a
* cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
cert_store=X509_STORE_new();
X509_STORE_set_default_paths(cert_store);
X509_STORE_load_locations(cert_store,NULL,"../../certs");
X509_STORE_set_verify_cb_func(cert_store,verify_callback);
ERR_clear_error();
/* We need to process the data */
/* We cannot support detached encryption */
p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
if (p7bio == NULL)
{
printf("problems decoding\n");
goto err;
}
/* We now have to 'read' from p7bio to calculate digests etc. */
fw = fopen( "test.txt", "wb");
for (;;)
{
i=BIO_read(p7bio,buf,sizeof(buf));
/* print it? */
if (i <= 0) break;
//fwrite(buf,1, i, stdout);
fwrite(buf,1,i, fw);
}
fclose(fw);
/* We can now verify signatures */
sk=PKCS7_get_signer_info(p7);
if (sk == NULL)
{
fprintf(stderr, "there are no signatures on this data\n");
}
else
{
/* Ok, first we need to, for each subject entry,
* see if we can verify */
ERR_clear_error();
for (i=0; i<sk_num(sk); i++)
//for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
{
si=(PKCS7_SIGNER_INFO *)sk_value(sk,i);
//si=sk_PKCS7_SIGNER_INFO_value(sk,i);
i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
if (i <= 0)
goto err;
else
fprintf(stderr,"Signature verified\n");
}
}
X509_STORE_free(cert_store);
exit(0);
err:
printf("\n!error!!");fflush(stdout);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
/* should be X509 * but we can just have them as char *. */
int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
int err,depth;
printf("\nverify_callback function....."); fflush(stdout);
err_cert=X509_STORE_CTX_get_current_cert(ctx);
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
if (!ok)
{
BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
X509_verify_cert_error_string(err));
if (depth < 6)
{
ok=1;
X509_STORE_CTX_set_error(ctx,X509_V_OK);
}
else
{
ok=0;
X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
}
}
switch (ctx->error)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
BIO_printf(bio_err,"issuer= %s\n",buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err,"notBefore=");
ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err,"notAfter=");
ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
}
BIO_printf(bio_err,"verify return:%d\n",ok);
return(ok);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
