RE: Convert PKCS7_decrypt output to char*
_ From: Mohammad khodaei [mailto:m_khod...@yahoo.com] Sent: Wednesday, 04 July, 2012 07:12 To: openssl-users@openssl.org; dthomp...@prinpay.com Subject: Re: Convert PKCS7_decrypt output to char* Thanks a lot for the response. I applied the feedbacks you gave me. Now I changed the parts you mentioned in the previous post. I also checked the error messages and they exactly show up after line: p7 = d2i_PKCS7_bio(in, NULL); The error messages are: 140258883262112:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 140258883262112:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7 For the sake of completeness, I just copy the entire function here so that it would be easier to see what I have done so far. I said BIO_new_mem_buf replaces the memBIO steps -- NOT the b64BIO steps, you still need those. In detail: _new_mem_buf creates a memBIO prefilled with your (b64) data; then you instantiate _f_base64 and push on the memBIO; then you d2i_x_bio from the composite.
Re: Convert PKCS7_decrypt output to char*
Thanks a lot for the response. I applied the feedbacks you gave me. Now I
changed the parts you mentioned in the previous post. I also checked the error
messages and they exactly show up after line:
p7 = d2i_PKCS7_bio(in, NULL);
The error messages are:
140258883262112:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1319:
140258883262112:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:tasn_dec.c:381:Type=PKCS7
For the sake of completeness, I just copy the entire function here so that it
would be easier to see what I have done so far. The corresponding lines are
being bold as below:
int decrypt(char* chEnc, int iLength) {
> BIO *in = NULL, *out = NULL, *tbio = NULL;
> X509 *rcert = NULL;
> EVP_PKEY *rkey = NULL;
> PKCS7 *p7 = NULL;
> int ret = 1;
>
>
> OpenSSL_add_all_algorithms();
> ERR_load_crypto_strings();
>
>
> /* Read in recipient certificate and private key */
> tbio = BIO_new_file("signer.pem", "r");
>
>
> if (!tbio) {
> fprintf(stderr, "Error Decrypting Data\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
>
>
> rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
> BIO_reset(tbio);
> rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
> if (!rcert || !rkey) {
> fprintf(stderr, "Error Decrypting Data\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
> in = BIO_new_mem_buf(chEnc, iLength);
> BIO_flush(in);
>
>
> p7 = d2i_PKCS7_bio(in, NULL);
> if (!p7) {
> fprintf(stderr, "Error in d2i_PKCS7_bio.\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
>
>
> if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) {
> fprintf(stderr, "Error Decrypting Data, PKCS7_decrypt\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
> ret = 0;
> if (ret) {
> fprintf(stderr, "Error Signing Data\n");
> ERR_print_errors_fp(stderr);
> }
> if (p7)
> PKCS7_free(p7);
> if (rcert)
> X509_free(rcert);
> if (rkey)
> EVP_PKEY_free(rkey);
> if (in)
> BIO_free(in);
> if (out)
> BIO_free(out);
> if (tbio)
> BIO_free(tbio);
> return ret;
>}
Any idea about the problem?
From: Dave Thompson
To: openssl-users@openssl.org
Sent: Wednesday, July 4, 2012 4:17 AM
Subject: RE: Convert PKCS7_decrypt output to char*
>From: owner-openssl-us...@openssl.org On Behalf Of Mohammad khodaei
>Sent: Monday, 02 July, 2012 10:05
>I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt().
>I use this procedure to encrypt so that I can retreive the encrypted buffer
>into a char* (and not into a file). Here is the code:
> p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
> if (!p7)
> return 0;
> char* chTest = new char[1000];
> BIO* memorybio = BIO_new(BIO_s_mem());
> BIO* base64bio = BIO_new(BIO_f_base64());
> BIO* outbio = BIO_push(base64bio, memorybio);
> /* Copy PKCS#7 */
> long ll = i2d_PKCS7_bio(outbio, p7);
> BIO_flush(outbio);
> BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
> BIO_get_mem_data(memorybio, &chTest);
> cout << chTest << "\n";
BIO_get_mem_data discards the pointer value (and thus
leaks your new char[1000] above. It changes chTest to point
to the internal memory buffer, which I don't believe is
guaranteed to be null-terminated (although you may be lucky).
>Now, when I want to do the reverse, I do as follows:
> BIO* memorybio = BIO_new(BIO_s_mem());
> int iLength = BIO_puts(memorybio, chEnc);
> BIO* base64bio = BIO_new(BIO_f_base64());
> BIO* inbio = BIO_push(base64bio, memorybio);
> BIO_flush(inbio);
> BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY);
You can replace all of the memorybio steps and
eliminate the copy with one BIO_new_mem_buf.
> p7 = d2i_PKCS7_bio(inbio, &p7);
You don't check this succeeded; in this situation
it should, but it's better to make certain.
I assume/hope p7 was previously set to null,
or to the result of a successful PKCS7_new().
If it was uninitialized that could cause all
sorts of problems (some not clearly indicated).
> if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
return 0;
>The problem is that the PKCS7_decrypt does not work
>and it is not derypting correctly. Any idea how to solve it?
first *diagnose* what openssl disklikes
http://www.openssl.org/support/faq.html#PROG6
and if applicable
http://www.openssl.org/support/faq.html#PROG7
http://www.openssl.org/support/faq.html#PROG8
then you can probably correct it.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Convert PKCS7_decrypt output to char*
>From: owner-openssl-us...@openssl.org On Behalf Of Mohammad khodaei >Sent: Monday, 02 July, 2012 10:05 >I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). >I use this procedure to encrypt so that I can retreive the encrypted buffer >into a char* (and not into a file). Here is the code: >p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); >if (!p7) >return 0; >char* chTest = new char[1000]; >BIO* memorybio = BIO_new(BIO_s_mem()); >BIO* base64bio = BIO_new(BIO_f_base64()); >BIO* outbio = BIO_push(base64bio, memorybio); >/* Copy PKCS#7 */ >long ll = i2d_PKCS7_bio(outbio, p7); >BIO_flush(outbio); >BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); >BIO_get_mem_data(memorybio, &chTest); >cout << chTest << "\n"; BIO_get_mem_data discards the pointer value (and thus leaks your new char[1000] above. It changes chTest to point to the internal memory buffer, which I don't believe is guaranteed to be null-terminated (although you may be lucky). >Now, when I want to do the reverse, I do as follows: >BIO* memorybio = BIO_new(BIO_s_mem()); >int iLength = BIO_puts(memorybio, chEnc); >BIO* base64bio = BIO_new(BIO_f_base64()); >BIO* inbio = BIO_push(base64bio, memorybio); >BIO_flush(inbio); >BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY); You can replace all of the memorybio steps and eliminate the copy with one BIO_new_mem_buf. >p7 = d2i_PKCS7_bio(inbio, &p7); You don't check this succeeded; in this situation it should, but it's better to make certain. I assume/hope p7 was previously set to null, or to the result of a successful PKCS7_new(). If it was uninitialized that could cause all sorts of problems (some not clearly indicated). >if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) return 0; >The problem is that the PKCS7_decrypt does not work >and it is not derypting correctly. Any idea how to solve it? first *diagnose* what openssl disklikes http://www.openssl.org/support/faq.html#PROG6 and if applicable http://www.openssl.org/support/faq.html#PROG7 http://www.openssl.org/support/faq.html#PROG8 then you can probably correct it. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Convert PKCS7_decrypt output to char*
Hello,
I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). I use
this procedure to encrypt so that I can retreive the encrypted buffer into a
char* (and not into a file). Here is the code:
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!p7)
return 0;
char* chTest = new char[1000];
BIO* memorybio = BIO_new(BIO_s_mem());
BIO* base64bio = BIO_new(BIO_f_base64());
BIO* outbio = BIO_push(base64bio, memorybio);
/* Copy PKCS#7 */
long ll = i2d_PKCS7_bio(outbio, p7);
BIO_flush(outbio);
BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
BIO_get_mem_data(memorybio, &chTest);
cout << chTest << "\n";
Now, when I want to do the reverse, I do as follows:
BIO* memorybio = BIO_new(BIO_s_mem());
int iLength = BIO_puts(memorybio, chEnc);
BIO* base64bio = BIO_new(BIO_f_base64());
BIO* inbio = BIO_push(base64bio, memorybio);
/* Copy PKCS#7 */
BIO_flush(inbio);
BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY);
p7 = d2i_PKCS7_bio(inbio, &p7);
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
return 0;
The problem is that the PKCS7_decrypt does not work and it is not derypting
correctly. Any idea how to solve it?
Looking forward to your suggestions and comments.
Thanks
From: Florian Rüchel
To: openssl-users@openssl.org
Sent: Monday, June 25, 2012 3:32 PM
Subject: Re: Convert PKCS7_encrypt output to char*
Hi,
A good idea might be to use the following sequence to create a base64
encoded output (safe to send over network):
memorybio = BIO_new(BIO_s_mem());
base64bio = BIO_new(BIO_f_base64());
outbio = BIO_push(base64bio, memorybio);
/* Copy PKCS#7 */
i2d_PKCS7_bio(outbio, s->request_p7);
BIO_flush(outbio);
BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
s->request_len = BIO_get_mem_data(memorybio, &s->request_payload);
I took this from a software called "sscep" just for reference.
It base64 encodes the data and sends it over the network. On the other
side it is easy to base64 decode it. As such it gives you the guarantee
it is decoded correctly.
On the other side you should of course also have the reverse chain, but
I don't have an example at hand for that.
Regards
On 25.06.2012 15:04, Mohammad Khodaei wrote:
> Hello,
>
> I want to encrypt a small data using recipient public key and decrypt
> it on the receiver side using recipient private key. I chose
> "PKCS7_encrypt" and "PKCS7_decrypt" api to do so. Are they the
> correct
> functions? Is there any other alternative?
>
> Now my problem is that I want to convert the encrypted output of
> "PKCS7_encrypt" to char* to send it over TCP. I used
> "i2d_PKCS7_fp", "d2i_PKCS7_bio" and "d2i_PKCS7_fp" to first write
> them in the file and later on read them and send them. Here is the
> procedure to encrypt:
>
>> P7 = PKCS7_ENCRYPT(RECIPS, IN, EVP_DES_EDE3_CBC(), FLAGS);
>>
>> IF (!P7)
>>
>> GOTO ERR;
>>
>> FILE *FP = NULL;
>>
>> CHAR *FILE = "HELLO";
>>
>> SIZE_T LEN = 0;
>>
>> FP = FOPEN(FILE, "W");
>>
>> IF (FP == NULL) {
>>
>> PRINTF("ERROR IN OPENING A FILE..", FILE);
>>
>> }
>>
>> I2D_PKCS7_FP(FP, P7);
>>
>> FCLOSE(FP);
>
> And here is the code to decrypt? Is the procedure to convert is
> correct?
>
>> FILE *P = NULL;
>>
>> CHAR *FILE = "HELLO";
>>
>> P = FOPEN(FILE, "R");
>>
>> IF (P == NULL) {
>>
>> PRINTF("ERROR IN OPENING A FILE..", FILE);
>>
>> }
>>
>> D2I_PKCS7_FP(P, &P7);
>>
>> FCLOSE(P);
>>
>> IF (!P7)
>>
>> GOTO ERR;
>>
>> BIO* OUT;
>>
>> D2I_PKCS7_BIO(OUT, &P7);
>>
>>
>>
>> IF (!(&OUT2))
>>
>> GOTO ERR;
>>
>> /* DECRYPT S/MIME MESSAGE */
>>
>> IF (!PKCS7_DECRYPT(P7, RKEY, RCERT, &OUT, 0))
>>
>> GOTO ERR;
>
> It does not work and even the "out" is not initialized. Any
> suggestion?
>
> Thanks a lot
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
