RE: Convert PKCS7_decrypt output to char*

Tue, 03 Jul 2012 19:19:59 -0700 

>From: owner-openssl-us...@openssl.org On Behalf Of Mohammad khodaei
>Sent: Monday, 02 July, 2012 10:05

>I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). 
>I use this procedure to encrypt so that I can retreive the encrypted buffer

>into a char* (and not into a file). Here is the code:

>    p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
>    if (!p7)
>        return 0;
        
>    char* chTest = new char[1000];
>    BIO* memorybio = BIO_new(BIO_s_mem());
>    BIO* base64bio = BIO_new(BIO_f_base64());
>    BIO* outbio = BIO_push(base64bio, memorybio);
        
>    /* Copy PKCS#7 */
>    long ll = i2d_PKCS7_bio(outbio, p7);
>    BIO_flush(outbio);
>    BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
>    BIO_get_mem_data(memorybio, &chTest);
>    cout << chTest << "\n";

BIO_get_mem_data discards the pointer value (and thus 
leaks your new char[1000] above. It changes chTest to point 
to the internal memory buffer, which I don't  believe is 
guaranteed to be null-terminated (although you may be lucky).

>Now, when I want to do the reverse, I do as follows:

>    BIO* memorybio = BIO_new(BIO_s_mem());
>    int iLength = BIO_puts(memorybio, chEnc);
            
>    BIO* base64bio = BIO_new(BIO_f_base64());
>    BIO* inbio = BIO_push(base64bio, memorybio);
        
>    BIO_flush(inbio);
>    BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY);

You can replace all of the memorybio steps and 
eliminate the copy with one BIO_new_mem_buf.

>    p7 = d2i_PKCS7_bio(inbio, &p7);

You don't check this succeeded; in this situation 
it should, but it's better to make certain.
I assume/hope p7 was previously set to null, 
or to the result of a successful PKCS7_new().
If it was uninitialized that could cause all 
sorts of problems (some not clearly indicated).

>    if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
        return 0;

>The problem is that the PKCS7_decrypt does not work 
>and it is not derypting correctly. Any idea how to solve it?

first *diagnose* what openssl disklikes 
http://www.openssl.org/support/faq.html#PROG6
and if applicable
http://www.openssl.org/support/faq.html#PROG7
http://www.openssl.org/support/faq.html#PROG8

then you can probably correct it.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to