Steve,
Thanks for the reply. I was able to verify the signature using
"openssl smime" like you suggested, and the d2i_PKCS7_fp function is
returning a non-null value.
I'm thinking now that the problem may be in the BIO structures I'm
creating and passing to the verify function. Here's what I have:
int ret;
FILE *fp = fopen("pt2.out","rb");
int fd = open("data.out",O_RDONLY);
BIO *In, *Out;
PKCS7 *p7 = NULL;
p7 = d2i_PKCS7_fp(fp,NULL);
In = BIO_new_fd(fd,BIO_NOCLOSE);
Out = BIO_new(BIO_s_null());
ret = PKCS7_verify(p7,NULL,NULL,In,Out,0);
printf("Call returned %d\n",ret);
where 'fd' is a file descriptor to a file containing the data
(detached) for the signature I wish to verify. As the code stands, the
PKCS7_verify is segfaulting.
My apologies if this is basic stuff; I'm still a beginner with OpenSSL
coding and having a hard time finding docs to explain the usage of the
calls and how the calls all tie together.
Thanks again,
Fred
On 7/7/05, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Thu, Jul 07, 2005, Fred Anderson wrote:
>
> > I have a binary file with a DER-encoded SignedData structure in it. I
> > can use the following command:
> >
> > $ openssl pkcs7 -inform DER -in pt2.out -print_certs -text
> >
> > and I get all sorts of expected information about the certificate in
> > the structure, which indicates to me that the file's in the right
> > format.
> >
> > I'm trying to load the SignedData into a PKCS7, so I can use the
> > PKCS7_verify function to verify the signature in it. To do that, I'm
> > calling d2i_PKCS7_fp. I receive no errors, but my PKCS7 is still
> > empty.
> >
> > Here's the code I'm using:
> >
> > FILE *fp = fopen("pt2.out","rb");
> > PKCS7 *p7 = NULL;
> >
> > ERR_load_PKCS7_strings();
> > ERR_load_X509_strings();
> >
> > p7 = d2i_PKCS7_fp(fp,NULL);
> >
> > (I've also tried "p7 = d2i_PKCS7_fp(fp,&p7);" with the same results)
> >
> > Printing p7->detached and p7->length both show a zero. Calling
> > PKCS7_verify with p7 gives a segmentation fault, while calling it with
> > NULL returns a 0 (failure).
> >
> > I can't seem to find any real documentation on using the d2i_PKCS7_fp
> > function, so I suspect I'm just doing something wrong. Can someone
> > point me to something that gives a little explanation on using the
> > function, or show me an example of using it?
> >
>
> If you get a non-NULL return from d2i_PKCS7_fp() the structure should be
> basically OK. How are you calling PKCS7_verify?
>
> You can perform this operation using the 'openssl smime' for example:
>
> openssl smime -verify -inform DER -in whatever.der
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
