hello all, i wonder if the openssl pkcs7 object is compatible with outlook express5 and netscape messager. Because i have success to decrypt the smime.p7m produced by outlook express5 to plaintext(smime.txt) by command dec -k server.pem smime.p7m (of course i and the -----BEGIN PKCS7--- and -----END PKCS7----- to smime.p7m file.) but, unfortunately, when i try to encrypt the smime.txt to smime2.p7m ,i found that smime2.p7m is not equal to smime.p7m. but both can generate the same plaintext by dec.c. And if i replace the smime.p7m file to smime2.p7m , then outlook express or netscape messager does not recognize it! (invalid encryption!!) Why????????? //the below file is server.pem subject=/O=British Telecommunications plc/OU=BT Trustwise - Class 1 Individual CA/OU=www.trustwise.com/repository/RP Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not Validated/OU=Digital ID Class 1 - Netscape/CN=Norton [EMAIL PROTECTED] issuer= /O=British Telecommunications plc/OU=BT Trustwise - Class 1 Individual CA Certificate: Data: Version: 3 (0x2) Serial Number: 7e:28:27:28:a9:15:c0:04:cc:3e:d1:72:0a:38:d8:a9 Signature Algorithm: md5WithRSAEncryption Issuer: O=British Telecommunications plc, OU=BT Trustwise - Class 1 Individual CA Validity Not Before: Jul 6 00:00:00 1999 GMT Not After : Sep 4 23:59:59 1999 GMT Subject: O=British Telecommunications plc, OU=BT Trustwise - Class 1 Individual CA, OU=www.trustwise.com/repository/RP Incorp. by Ref.,LIAB.LTD(c)98, OU=Persona Not Validated, OU=Digital ID Class 1 - Netscape, CN=Norton [EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:c4:8f:65:7d:e2:bf:e8:90:a4:6c:77:c1:cb:ed: 41:2d:47:e7:9f:a4:6a:45:da:f4:77:08:84:17:2a: 07:2e:a0:2c:04:53:d6:61:dc:3d:69:88:39:09:a9: d2:22:94:4b:7b:7b:90:43:ac:0e:01:5e:6d:0f:f0: 24:b0:ef:71:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: 0. Netscape Cert Type: .... 2.16.840.1.113733.1.6.3: .vd4652bd63f2047029298763c9d2f275069c7359bed1b059da75bc4bc9701747da5c1e3141beadb2bd2e89206bd68f1d711489ca0bb45f8f3ea45db Signature Algorithm: md5WithRSAEncryption 90:93:ae:cf:d5:8f:9b:53:d5:d3:44:32:1b:66:54:98:f0:f0: b3:b1:e1:70:b0:ad:c0:f2:5b:2b:94:11:13:0e:bf:a8:4a:b5: e3:1e:78:82:f0:10:a4:7f:5b:19:c4:b1:89:88:59:ff:7c:13: fa:dd:1d:2a:6b:cf:e2:9a:8f:16:e3:e1:89:6c:7c:62:09:eb: a8:28:ff:7f:54:b7:0a:9b:cf:75:8a:63:d9:a2:14:dc:70:70: 61:5a:06:51:33:50:af:a4:cf:90:6c:7e:5e:28:5d:88:22:d2: 4c:58:42:bc:2c:c3:a8:ca:04:57:03:21:f3:6b:66:82:2e:66: ff:d7 -----BEGIN CERTIFICATE----- MIIDaDCCAtGgAwIBAgIQfignKKkVwATMPtFyCjjYqTANBgkqhkiG9w0BAQQFADBY MScwJQYDVQQKEx5Ccml0aXNoIFRlbGVjb21tdW5pY2F0aW9ucyBwbGMxLTArBgNV BAsTJEJUIFRydXN0d2lzZSAtIENsYXNzIDEgSW5kaXZpZHVhbCBDQTAeFw05OTA3 MDYwMDAwMDBaFw05OTA5MDQyMzU5NTlaMIIBIjEnMCUGA1UEChMeQnJpdGlzaCBU ZWxlY29tbXVuaWNhdGlvbnMgcGxjMS0wKwYDVQQLEyRCVCBUcnVzdHdpc2UgLSBD bGFzcyAxIEluZGl2aWR1YWwgQ0ExRjBEBgNVBAsTPXd3dy50cnVzdHdpc2UuY29t L3JlcG9zaXRvcnkvUlAgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAc BgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMdRGlnaXRhbCBJ RCBDbGFzcyAxIC0gTmV0c2NhcGUxEjAQBgNVBAMTCU5vcnRvbiBOZzEkMCIGCSqG SIb3DQEJARYVamtuZ0Bjc2llLm5jdHUuZWR1LnR3MFwwDQYJKoZIhvcNAQEBBQAD SwAwSAJBAMSPZX3iv+iQpGx3wcvtQS1H55+kakXa9HcIhBcqBy6gLART1mHcPWmI OQmp0iKUS3t7kEOsDgFebQ/wJLDvcQ0CAwEAAaOBqjCBpzAJBgNVHRMEAjAAMBEG CWCGSAGG+EIBAQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0 NzAyOTI5ODc2M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3 NDdkYTVjMWUzMTQxYmVhZGIyYmQyZTg5MjA2YmQ2OGYxZDcxMTQ4OWNhMGJiNDVm OGYzZWE0NWRiMA0GCSqGSIb3DQEBBAUAA4GBAJCTrs/Vj5tT1dNEMhtmVJjw8LOx 4XCwrcDyWyuUERMOv6hKteMeeILwEKR/WxnEsYmIWf98E/rdHSprz+Kajxbj4Yls fGIJ66go/39Utwqbz3WKY9miFNxwcGFaBlEzUK+kz5Bsfl4oXYgi0kxYQrwsw6jK BFcDIfNrZoIuZv/X -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIBOQIBAAJBAMSPZX3iv+iQpGx3wcvtQS1H55+kakXa9HcIhBcqBy6gLART1mHc PWmIOQmp0iKUS3t7kEOsDgFebQ/wJLDvcQ0CAwEAAQJAYaPFy7nWkMVBGCyJFS7f AIpGcdPvgpHYfES7sPIMrUi9wohXHRfkGG3f+grHc4QEKfDwrfW/tMshEA6j9bKt QQIhAPSXjzCnrQr92siGvqBVrH/xvw+rR3ko97ZOe/uABwo9AiEAzbpVhYO2i0Ti 8r3LqFWQRIcoADz/o4nEMJfTe8ep/xECIENn5TlGbGTkEsBCihRLqA9Wgw4BaOAW DzY5qOdloAsNAiBvzkGmQxPVEoYIiE+DV6UFKTL7FiuUlE20Xv8HeVaREQIgRrV7 BW9gd3K6Uf5NhdP8d2pUQOtB+f5fE1qL98zDECA= -----END RSA PRIVATE KEY----- //the file below is generated by outlook express5. smime.p7m (encrypt only) -----BEGIN PKCS7----- MIAGCSqGSIb3DQEHA6CAMIACAQAxggGKMIHCAgEAMGwwWDEnMCUGA1UEChMeQnJpdGlzaCBUZWxl Y29tbXVuaWNhdGlvbnMgcGxjMS0wKwYDVQQLEyRCVCBUcnVzdHdpc2UgLSBDbGFzcyAxIEluZGl2 aWR1YWwgQ0ECEH4oJyipFcAEzD7Rcgo42KkwDQYJKoZIhvcNAQEBBQAEQAYGjSwz9zIXblenf7tC KV5MBv+xFV5Xo2CcbA7Be0LsPEyXt0O3XNt1fOU5n+QyWIlIJsN6Cocd9D2FkezHX0swgcICAQAw bDBYMScwJQYDVQQKEx5Ccml0aXNoIFRlbGVjb21tdW5pY2F0aW9ucyBwbGMxLTArBgNVBAsTJEJU IFRydXN0d2lzZSAtIENsYXNzIDEgSW5kaXZpZHVhbCBDQQIQfignKKkVwATMPtFyCjjYqTANBgkq hkiG9w0BAQEFAARAh9xxFDesnkLS21qGu+JVYEYeGqaDZOrvSiVuOotvXrrlpQLBq18FnEN/FFjE ixzSCVjgwLa8bYbGdrjNv89XGjCABgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECH771vKe /88aoIAEggQApm+rmhobDBgI1Ko869nlH4DPQPitnozr1mR9N+XZ3E++E/IfcrX2obt7C/XVySOV 0PAgWllh6h40CMEMs6mblU6AWifRboSxY6hJxN4VU8WiUDc0983SX3qw+lVbSFsn1KMB4wxsV8rt L9hudH2k027uKPo/PUH4ZvPK8L4MOwWxMSLfgLlvJI1MNbSThdedZIY48yWDsWrI/0HnVjBxTJ3V ekQGY0r5UhnCKkQaM4sQua9hNCifewd+2nO6m3ly85j74YgTsb+cOYiz6sLW/p2+lo3/azykZ9PM uelCtgQbbPFkT1dn61APbhGjcVtCBV1SWKzEHh4eQyZ2Mde1ltyZLnhrfvL/GenXweMvB3+bsNn8 7QCEXNTXzgHiLu6/Ar0lcT78+Khn0ojOltaA14Nn26IfxNepuZ15HoppVR6WWuYN2dwigAMjxKap 20SeKFcff8Z5CHyegtiXK6p/hAmEgYM8PG6qq8RhsWitDwJOI1mPWl0aEa9OG4cSzj3rB/rT9t1s MpmGAuvzGdGQEJIRDXG2DDpI8deFmFYlYtqUfKxZGhm4PVdD0tzJXrRMMbeTwbQ4ZJl2ULfx+ydJ STnXyPPqZTmW6+CpPj1g5YfXtMTSVa3LXHcsoetY5KSksRDvaAP/AUBOAE94us7aQhnTCASbVS0r u9nBIalQanqpfqmPv6q+HsUF4t7fydYvs9VwefuUV5Q/WpFvRqav4yiutNljFM709Vg6NS44aM04 uJbm9RIbnetXDAX8zPynIKJ7H9JBUf4ZAoQA7hmCOYa18SjPVQrzPh9qTTHdHDfp1FiumDZfsOB0 91vEp/HgvHHxUVwCHDlniXlSilbaUK9Lg+JH5b6NqCfYhFSCQIVbFBfFRYzzBrk+nwPWe8LGZ0om XHrc1aEJlcpFgD02bmZmoUHbodRBALHR+3XLjvyjrPDpslrMO0ks9PeEvs0JnZRqej0/h76lD2SY SFXXKwSug2c93FaEqVhdv06EmU8dO7caVZhK4pbZtqBN+o//t8q2TXX8W9DVUWr9oPQIBaL5aEIz 83nIaRH/7XbQsnzs61G0MGdXAwvROBOCFJEcGKFtTUqikYI/t6ww4qMNUF7HLgu7y8lEhCosc2C4 Q9kQYR/SWrDl4pjlknjbjfCQkrxFQ5ArA55bNHQ3/I3YgPeq/UTfbeHlm9TD+NRFoMNxVP/qEh4K F1o+2WkX/wl7g8CFaUm6hG7mr4+yNcLOZSDGSCO4CItj+4hMMswdeiQeBr5Ie1OEEb9gfvHJ0y34 NX4VxSCAaaIFUv9dspsDlwU+VcNSipjZ21Avty/H3nslpBEPM0mUDD2iyEwEQVirJGdQXe9T46HG 8iBJWDQ6HgAAAAAAAAAAAAA= -----END PKCS7----- //the file below is generated by pkcs7/enc.c from the plain text // by pkcs7/dec.c from smime.p7m -----BEGIN PKCS7----- MIAGCSqGSIb3DQEHA6CAMIIE9AIBADGBxTCBwgIBADBsMFgxJzAlBgNVBAoTHkJy aXRpc2ggVGVsZWNvbW11bmljYXRpb25zIHBsYzEtMCsGA1UECxMkQlQgVHJ1c3R3 aXNlIC0gQ2xhc3MgMSBJbmRpdmlkdWFsIENBAhB+KCcoqRXABMw+0XIKONipMA0G CSqGSIb3DQEBAQUABEC+i7U+ctCPMNcYBY3vwYSgGoH9tpivDFBhvaOkbYJHnCf/ HUiox3Tw/84W/eb3qKiowNeK8b7g4dkLMxvx5LbaMIIEJQYJKoZIhvcNAQcGMBQG CCqGSIb3DQMHBAgTxD3HW1dD84CCBAA4vZCAYbOgNDdg7AjsgFhJaykhpPAfLmHp qTb+Vb1uDXi9xG9kD4UnGd4JAs4EuedCoLKxmjEnd5cocvYgY3FgBKstVDkRUYQ+ JxMpRFT5CvsDh2pctr9wXdmJXypYyOvyLQOsC0cUI+ufNlLSi4Ue/3rKTFVjz1w9 Rtt+MS3RHl1Sb43hVVQzCtGWMZkqjH1Hp08CFL1Vdt9zQ8BvaihzxUpqub9XxpNJ YK6xEFs3C4MYUi8XCbmEmu+YSTrW937FDbLkpGIOMuchNHTxOgVET+athXw2ufMh U42dl5CxmQgpvCipDqwU6ha6VxfeKG5vwNQuBYJqOzXaopFgex3HHH4x+bLZoJap IIn+OhbReYzBiYCmtnCc2ZUrcGZ9/QypfOVHKD/HxTpan4RxUsLRCBUmD7ljBKY8 plXC9jt2Rt+uYwXG/zDANg/xpUaQMnJK4eVTDJlcz/Pq4pcptydURvpfpNMVg8XC LgxKt30KkT1wdwPGujj0sionq8rIDqFOrBU/2dNyNvLpGpY6jZvtyVzI/EXqLOXq QIXEijbjqY0a4lOdeLBlvuaX45piwejkqP2Myl3q32dLUgTuaxiSb2y5tzRngPue Lbz9+0oDofOdqQJivC8n2NgmfKTxJ8VGAxwiXahInX3SSwSETHXq4esqFwJWHHgT 6FH2QvNDBe0fYjY/FyCyweo23K7eRcRRHcDD3ZcKWJAparu+bDk8TORg8k+wkNj8 CrPMc0E8m28MbSJUKfy7y/AsshHxzVu9/AVqvM128QKXtTOKB1ktGbSuPbRXJhkv 8BtW002k5w/f7Y19JKRN80V0jRroKahha14SasIZOcnYJ/k6cYUvsZ0UKlbkuByL OAmCEJ13CxkjlwgyjCSe3NZ1kJZDsl2Oj5EtKiZkJaYlnqnKI6n2vmsRv9QGkkyV VamWKWkvDwaTzAqQ2ln5pi97yxi2Lmu7fnmb6uZFHgCbFbjFq48su7zJsbaY0GAT ncfU3dJvFr+4Y7pcitXovwfsrbhOk9CKT8asrx/KtfkrFHp6tKx2ghvE+m1aiCte d1/WsyM6+ptb3dzHl22xI3hVDVVkvD0oHw903jgMErCFL2FRUnqjTU9Y+SVLZNqv uvsqpLS4bBXerJ9GeCjnRTwR0L22elDwkK7a1jL0xfpjYfo7O0hhS6Uk9XDXOVBi 1s1YlXfUFay48Cu/Cwf7uoAh24bOh563zOqYmf/Bw1eDMLjwQ6VDxU+HizWR6d5Y RWab/cjjnlkBjYcID5I+CE/PUMTDrmPB2ohtpi8gE/ZH7YKDifMdo80Kz8cxMXhQ jkME0xGvllvvJXUudise4+dFg3DPKGru7D+1GO7MUz8Ve1o4W6K1AAAAAA== -----END PKCS7----- /* crypto/pkcs7/enc.c */ /* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED]) * All rights reserved. * * This package is an SSL implementation written * by Eric Young ([EMAIL PROTECTED]). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson ([EMAIL PROTECTED]). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young ([EMAIL PROTECTED])" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([EMAIL PROTECTED])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include <stdio.h> #include <openssl/bio.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/err.h> int main(argc,argv) int argc; char *argv[]; { X509 *x509; PKCS7 *p7; BIO *in; BIO *data,*p7bio; char buf[1024*4]; int i; int nodetach=1; char *keyfile = NULL; const EVP_CIPHER *cipher=NULL; SSLeay_add_all_algorithms(); data=BIO_new(BIO_s_file()); while(argc > 1) { if (strcmp(argv[1],"-nd") == 0) { nodetach=1; argv++; argc--; } else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) { if(!(cipher = EVP_get_cipherbyname(argv[2]))) { fprintf(stderr, "Unknown cipher %s\n", argv[2]); goto err; } argc-=2; argv+=2; } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) { keyfile = argv[2]; argc-=2; argv+=2; } else break; } if (!BIO_read_filename(data,argv[1])) goto err; if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err; if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err; p7=PKCS7_new(); #if 0 BIO_reset(in); if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; BIO_free(in); PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped); if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; /* we may want to add more */ PKCS7_add_certificate(p7,x509); #else PKCS7_set_type(p7,NID_pkcs7_enveloped); #endif if(!cipher) cipher = EVP_des_ede3_cbc(); if (!PKCS7_set_cipher(p7,cipher)) goto err; if (PKCS7_add_recipient(p7,x509) == NULL) goto err; /* Set the content of the signed to 'data' */ /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */ /* could be used, but not in this version :-) if (!nodetach) PKCS7_set_detached(p7,1); */ if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; for (;;) { i=BIO_read(data,buf,sizeof(buf)); if (i <= 0) break; BIO_write(p7bio,buf,i); } BIO_flush(p7bio); if (!PKCS7_dataFinal(p7,p7bio)) goto err; BIO_free(p7bio); PEM_write_PKCS7(stdout,p7); PKCS7_free(p7); exit(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); } //------------------------------ /* crypto/pkcs7/dec.c */ /* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED]) * All rights reserved. * * This package is an SSL implementation written * by Eric Young ([EMAIL PROTECTED]). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson ([EMAIL PROTECTED]). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young ([EMAIL PROTECTED])" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([EMAIL PROTECTED])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include <stdio.h> #include <stdlib.h> #include <openssl/bio.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/err.h> #include <openssl/asn1.h> #include <openssl/safestack.h> int verify_callback(int ok, X509_STORE_CTX *ctx); BIO *bio_err=NULL; int main(argc,argv) int argc; char *argv[]; { char KEYSTR[]="certificate"; char *keyfile=NULL; BIO *in; EVP_PKEY *pkey; X509 *x509; PKCS7 *p7; PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; X509_STORE *cert_store=NULL; BIO *data,*detached=NULL,*p7bio=NULL; char buf[1024*4]; unsigned char *pp; int i,printit=0; STACK *sk; //STACK_OF(PKCS7_SIGNER_INFO) *sk; FILE *fw; SSLeay_add_all_algorithms(); bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); data=BIO_new(BIO_s_file()); pp=NULL; while (argc > 1) { argc--; argv++; if (strcmp(argv[0],"-p") == 0) { printit=1; } else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) { keyfile = argv[1]; argc-=1; argv+=1; } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) { detached=BIO_new(BIO_s_file()); if (!BIO_read_filename(detached,argv[1])) goto err; argc-=1; argv+=1; } else break; } pp = argv[0]; printf("\nbefore BIO_read_filename!!");fflush(stdout); if (!BIO_read_filename(data,argv[0])) goto err; if(!keyfile) { fprintf(stderr, "No private key file specified\n"); goto err; } if ((in=BIO_new_file(keyfile,"r")) == NULL) { printf("\nBIO_new_file error!!");fflush(stdout); goto err; } printf("\nbefore PEM_read_bio_X509 ");fflush(stdout); if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) { printf("\nPEM_read_bio_x509 error!!");fflush(stdout); goto err; } BIO_reset(in); printf("\nbefore PEM_read_bio_PrivateKey");fflush(stdout); if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; BIO_free(in); printf("\nbefore BIO_set_fp(data,stdin,BIO_NOCLOSE) ");fflush(stdout); if (pp == NULL) { printf("\npp == NULL ");fflush(stdout); BIO_set_fp(data,stdin,BIO_NOCLOSE); } printf("\nbefore PEM_read_bio_PKCS7 ");fflush(stdout); /* Load the PKCS7 object from a file */ if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) { printf("\nPEM_read_bio_PKCS7 error");fflush(stdout); goto err; } printf("\nbefore setup for certificate verification");fflush(stdout); /* This stuff is being setup for certificate verification. * When using SSL, it could be replaced with a * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ cert_store=X509_STORE_new(); X509_STORE_set_default_paths(cert_store); X509_STORE_load_locations(cert_store,NULL,"../../certs"); X509_STORE_set_verify_cb_func(cert_store,verify_callback); ERR_clear_error(); /* We need to process the data */ /* We cannot support detached encryption */ p7bio=PKCS7_dataDecode(p7,pkey,detached,x509); if (p7bio == NULL) { printf("problems decoding\n"); goto err; } /* We now have to 'read' from p7bio to calculate digests etc. */ fw = fopen( "test.txt", "wb"); for (;;) { i=BIO_read(p7bio,buf,sizeof(buf)); /* print it? */ if (i <= 0) break; //fwrite(buf,1, i, stdout); fwrite(buf,1,i, fw); } fclose(fw); /* We can now verify signatures */ sk=PKCS7_get_signer_info(p7); if (sk == NULL) { fprintf(stderr, "there are no signatures on this data\n"); } else { /* Ok, first we need to, for each subject entry, * see if we can verify */ ERR_clear_error(); for (i=0; i<sk_num(sk); i++) //for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++) { si=(PKCS7_SIGNER_INFO *)sk_value(sk,i); //si=sk_PKCS7_SIGNER_INFO_value(sk,i); i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); if (i <= 0) goto err; else fprintf(stderr,"Signature verified\n"); } } X509_STORE_free(cert_store); exit(0); err: printf("\n!error!!");fflush(stdout); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); } /* should be X509 * but we can just have them as char *. */ int verify_callback(int ok, X509_STORE_CTX *ctx) { char buf[256]; X509 *err_cert; int err,depth; printf("\nverify_callback function....."); fflush(stdout); err_cert=X509_STORE_CTX_get_current_cert(ctx); err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { BIO_printf(bio_err,"verify error:num=%d:%s\n",err, X509_verify_cert_error_string(err)); if (depth < 6) { ok=1; X509_STORE_CTX_set_error(ctx,X509_V_OK); } else { ok=0; X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG); } } switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: BIO_printf(bio_err,"notBefore="); ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); BIO_printf(bio_err,"\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: BIO_printf(bio_err,"notAfter="); ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); BIO_printf(bio_err,"\n"); break; } BIO_printf(bio_err,"verify return:%d\n",ok); return(ok); } ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]