thanks Mounir!
yes the 'write' thing was a typo. the second issue was the problem. sean your are right the pass in type should be a > Date: Sun, 4 Apr 2010 02:22:29 +0200 > From: mounir.idra...@idrix.net > To: openssl-users@openssl.org > Subject: Re: pkcs7 cert loading, why this code doesn't work? > > Hi, > > There are two bugs in your code: First, you only need calls to BIO_read > not BIO_write, and in order to avoid the crash you have to pass a > pointer equal to &inbuf instead of &inbuf directly because d2i_PKCS7 > increment the pointer internally. > So, a more correct version of the code will be : > > BIO *bio, *b64; > char inbuf[4096]; > int inlen = strlen(a); > char* ptr = &inbuf[0]; > b64 = BIO_new(BIO_f_base64()); > BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); > bio=BIO_new_mem_buf(a, -1); > bio = BIO_push(b64, bio); > > inlen=BIO_read(bio, inbuf, 4096); > > p7 = d2i_PKCS7(NULL, &ptr, inlen); > > I hope this will help. > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > > On 4/3/2010 3:06 AM, sean wang wrote: > > > > Hello, > > > > I have a pkcs7 encoded cert which i want to load. the following code block > > works fine: ( I am doing a base64 decoding first, will explain the reason > > in the second half): > > > > BIO *bio, *b64; > > PKCS7 * p7; > > b64 = BIO_new(BIO_f_base64()); > > BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); > > > > bio=BIO_new_mem_buf(a, -1); > > > > bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); > > bio = BIO_push(b64, bio); > > > > p7 = d2i_PKCS7_bio(bio, NULL); > > > > However, for some interface reasons, I need to pass pass in a base64 > > decoded blob to a legacy function, so i tried the following code: > > > > BIO *bio, *b64, *bio_out; > > char inbuf[4096]; > > int inlen = strlen(a); > > b64 = BIO_new(BIO_f_base64()); > > BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); > > bio=BIO_new_mem_buf(a, -1); > > bio_out= BIO_new_fp(stderr, BIO_NOCLOSE); > > bio = BIO_push(b64, bio); > > > > while((inlen=BIO_read(bio, inbuf, 4096))>0) > > BIO_write(bio_out, inbuf, inlen); > > > > p7 = d2i_PKCS7(NULL,&inbuf, inlen); > > > > now this code fails with a segment fault. > > > > So my question is, if i really need to get the based64 decoded blob of a > > pkcs 7 cert, what is the right way? > > (because the first code worked, I assume the base64 decoding worked fine, > > but I can't pull the data out of 'bio' variable, appears there the data is > > still base64 encoded. how can i get the correct decoded blob?) > > > > test cert I used: > > > > char cert[] = > > "MIIDCgYJKoZIhvcNAQcCoIIC+zCCAvcCAQExADALBgkqhkiG9w0BBwGgggLdMIIC\ > > 2TCCAkKgAwIBAgIJAILcTFTXHeLsMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\ > > AlVTMQswCQYDVQQIEwJXQTELMAkGA1UEChMCT00xCzAJBgNVBAsTAk9NMQ0wCwYD\ > > VQQDEwRzZWFuMSIwIAYJKoZIhvcNAQkBFhNzd2FuZzU0QGhvdG1haWwuY29tMB4X\ > > DTEwMDMyMjIxMTkzN1oXDTExMDMyMjIxMTkzN1oweTELMAkGA1UEBhMCVVMxCzAJ\ > > BgNVBAgTAldBMRAwDgYDVQQHEwdyZWRtb25kMQswCQYDVQQKEwJPTTELMAkGA1UE\ > > CxMCT00xDTALBgNVBAMTBHNlYW4xIjAgBgkqhkiG9w0BCQEWE3N3YW5nNTRAaG90\ > > bWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALKS/aKF9VjvokJZ\ > > dW4xkuqYFaRnNSYHNnmi4pIvbvf26QMnj9SerMw/c53LJTre1uQ/t1iAARY1LX4D\ > > wUCAijg/RN6zuW5NBcnJpgIYL6ZHciaL2qiDWIb6aoKy5hh0fb7psPI2n4/VO7pq\ > > 9fhjsiCosJvEUehezhEOWkCDEyw7AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI\ > > AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW\ > > BBScenB4QwEq0x5n/oSRa8CuW+TifzAfBgNVHSMEGDAWgBSEddm7LRw5ylO1uAkY\ > > ZPvI6WnNqjANBgkqhkiG9w0BAQUFAAOBgQCmxtc5DV9wA8U3GW8ZVy5wO9Kzmhpz\ > > aRMLsKXjmgR5T0x9AQnf3W4Y5JmHtpXeOpvYEUiKiLOb/aNya+Km3S/7LJv8ufjn\ > > kHIiE6bsus/3NgAkLLmdodfJXFve/1viBzibwDZm4FyTHFjEnsFL57eAH+w0ZGna\ > > OUP4KRvWhjC/AKEAMQA="; > > > > > > > > > > _________________________________________________________________ > > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with > > Hotmail. > > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org _________________________________________________________________ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
