Problem decoding a PKCS7 structure
Hello! I have a PKCS#7 that I can't parse with Openssl, I've tried to parse it with other libraries such as IAIK and CAPICOM and it works, but with Openssl after executing d2i_PKCS7, when I am doing PKCS7_dataInit, it crashes. I don't know if there is a bug or the PKCS#7 created the other library is not correct. I have checked the structure with openssl asn1parse and it parses it correctly but it doesn't work with openssl pkcs7. Could you guide me, please? Thanks in advance, Regards, Antonio. p7Unautenticated.der Description: application/x509-ca-cert
Re: Problem decoding a PKCS7 structure
On Sat, Sep 18, 2004, Antonio Ruiz Martínez wrote: Hello! I have a PKCS#7 that I can't parse with Openssl, I've tried to parse it with other libraries such as IAIK and CAPICOM and it works, but with Openssl after executing d2i_PKCS7, when I am doing PKCS7_dataInit, it crashes. I don't know if there is a bug or the PKCS#7 created the other library is not correct. I have checked the structure with openssl asn1parse and it parses it correctly but it doesn't work with openssl pkcs7. Presumably d2i_PKCS7() returns NULL indicating a parsing error and you didn't check for that? The structure from the other library is malformed: it contains an illegal garbage EOC tagged onto the end, and you can't jut delete it because the lengths wouldn't match. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem decoding a PKCS7 structure
Hello! Dr. Stephen Henson wrote: On Sat, Sep 18, 2004, Antonio Ruiz Martnez wrote: Hello! I have a PKCS#7 that I can't parse with Openssl, I've tried to parse it with other libraries such as IAIK and CAPICOM and it works, but with Openssl after executing d2i_PKCS7, when I am doing PKCS7_dataInit, it crashes. I don't know if there is a bug or the PKCS#7 created the other library is not correct. I have checked the structure with openssl asn1parse and it parses it correctly but it doesn't work with openssl pkcs7. Presumably d2i_PKCS7() returns NULL indicating a parsing error and you didn't check for that? I'll check it, it may be The structure from the other library is malformed: it contains an illegal garbage EOC tagged onto the end, and you can't jut delete it because the lengths wouldn't match. Thanks for your explanation of this question, I can understand that the asn.1 structure is bad built in spite of not knowing what the garbage EOC tagged is, but this is not important, I'll see in an asn.1 manual ;) Regards, Antonio.
Re: Problem decoding a PKCS7 structure
On Sat, Sep 18, 2004, Antonio Ruiz Martínez wrote: Hello! Dr. Stephen Henson wrote: The structure from the other library is malformed: it contains an illegal garbage EOC tagged onto the end, and you can't jut delete it because the lengths wouldn't match. Thanks for your explanation of this question, I can understand that the asn.1 structure is bad built in spite of not knowing what the garbage EOC tagged is, but this is not important, I'll see in an asn.1 manual ;) Two bogus zero bytes at the end. If you look at the asn1parse output it says EOC. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_add_attribute
On Thu, Sep 16, 2004, Antonio Ruiz Martínez wrote: I tried to put the sequence in an octet_string and with that way there is no problem but I would like to use the SEQUENCE directley if it is possible. I tried that test file and it chokes several asn1 parsing tools. It looks like the attribute is added OK and then things go badly amiss after it. This would be the case if you'd added the PKCS#7 structure along with some trailing data, for example if the length was wrong you passed to ASN1_STRING_set(). Could you send or post the octet string version: it is much easier to confirm that's the case with that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]