Also I would not recommend SHA1.
On Sun, Jan 13, 2019 at 8:58 PM Michal Sudolsky <sudols...@gmail.com> wrote:
> Hi,
>
> From attached cpp file:
>
> ```
>
> unsigned char* p7Buf = (unsigned char*) malloc(p7Len);
>
> unsigned char *p;
>
> p=p7Buf;
>
> if (p7Buf != NULL) {
>
> int len = i2d_PKCS7(p7, &p);
>
> printf("%i", len);
>
> std::cout << "p7Buf filled";
>
> }
>
> PKCS7_free(p7);
>
> //std::cout << "buffer value"<<p7Buf<< std::endl;
>
> printf("%x\n", *p);
> return (char *) p;
> ```
>
> 1. Function i2d_PKCS7 returns DER bytes which can contain null bytes so it
> cannot be treated as C++ null terminated string here "PdfData
> sigData(ossl->signature());". You will need also length returned from
> i2d_PKCS7 and call different constructor "PdfData sigData(signature_data,
> signature_len);".
>
> 2. From docs about i2d_PKCS7 "
> https://www.openssl.org/docs/man1.1.0/crypto/i2d_PKCS7.html": "i2d_TYPE()
> encodes the structure pointed to by a into DER format. If ppout is not
> NULL, it writes the DER encoded data to the buffer at *ppout, and
> increments it to point after the data just written.". So p which is here
> returned will actually point at the end of DER bytes. Maybe better would be
> to return p7Buf from function "signature".
>
> There can be other problems and there are memory leaks.
>
> You can look at stackoverflow or some open source code how to properly use
> it.
>
> Look at "PKCS7_sign" (after is pkcs7 done you can use i2d_PKCS7 instead of
> BIO):
> https://github.com/openssl/openssl/blob/master/crypto/pkcs7/pk7_smime.c
> https://github.com/openssl/openssl/blob/master/apps/smime.c
>
> I see that your code is "similar" to this "
> https://gist.github.com/diorahman/d91fd79c939e2bd3ee89";.
>
> You can use i2d_PKCS7 in this way (you do not need to allocate memory, let
> openssl do it and call it only once):
>
> ```
> unsigned char *signature = NULL;
> int len = i2d_PKCS7(p7, &signature);
>
> PdfData sigData(signature, len); // PdfData will copy it
>
> OPENSSL_free(signature);
> PKCS7_free(p7);
>
> // use sigData
> ```
>
> On Sun, Jan 13, 2019 at 7:09 PM Susheela S <susheela...@gmail.com> wrote:
>
>> Hi,
>>
>> I have tried to sign PDF document using latest version of PoDoFo 0.9.6
>> and openssl has been used for reading the certificate. I have attached the
>> .ccp file which has the code. The PDF file get created, but when it shows
>> "invalid signature' on mouse over the signature field. "Error encountered
>> while BER decoding:Error during signature verification" is shown on
>> clicking the signature in the PDF document.
>>
>> Can you please help me to fix this issue?
>>
>> I have also attached PDF created with signature from the attached code.
>>
>>
>> Thanks,
>> Susheela
>> _______________________________________________
>> Podofo-users mailing list
>> Podofo-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/podofo-users
>>
>
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
