Thanks a lot for the response. I applied the feedbacks you gave me. Now I
changed the parts you mentioned in the previous post. I also checked the error
messages and they exactly show up after line:
p7 = d2i_PKCS7_bio(in, NULL);
The error messages are:
140258883262112:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1319:
140258883262112:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:tasn_dec.c:381:Type=PKCS7
For the sake of completeness, I just copy the entire function here so that it
would be easier to see what I have done so far. The corresponding lines are
being bold as below:
int decrypt(char* chEnc, int iLength) {
> BIO *in = NULL, *out = NULL, *tbio = NULL;
> X509 *rcert = NULL;
> EVP_PKEY *rkey = NULL;
> PKCS7 *p7 = NULL;
> int ret = 1;
>
>
> OpenSSL_add_all_algorithms();
> ERR_load_crypto_strings();
>
>
> /* Read in recipient certificate and private key */
> tbio = BIO_new_file("signer.pem", "r");
>
>
> if (!tbio) {
> fprintf(stderr, "Error Decrypting Data\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
>
>
> rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
> BIO_reset(tbio);
> rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
> if (!rcert || !rkey) {
> fprintf(stderr, "Error Decrypting Data\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
> in = BIO_new_mem_buf(chEnc, iLength);
> BIO_flush(in);
>
>
> p7 = d2i_PKCS7_bio(in, NULL);
> if (!p7) {
> fprintf(stderr, "Error in d2i_PKCS7_bio.\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
>
>
> if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) {
> fprintf(stderr, "Error Decrypting Data, PKCS7_decrypt\n");
> ERR_print_errors_fp(stderr);
> return 0;
> }
> ret = 0;
> if (ret) {
> fprintf(stderr, "Error Signing Data\n");
> ERR_print_errors_fp(stderr);
> }
> if (p7)
> PKCS7_free(p7);
> if (rcert)
> X509_free(rcert);
> if (rkey)
> EVP_PKEY_free(rkey);
> if (in)
> BIO_free(in);
> if (out)
> BIO_free(out);
> if (tbio)
> BIO_free(tbio);
> return ret;
>}
Any idea about the problem?
________________________________
From: Dave Thompson <dthomp...@prinpay.com>
To: openssl-users@openssl.org
Sent: Wednesday, July 4, 2012 4:17 AM
Subject: RE: Convert PKCS7_decrypt output to char*
>From: owner-openssl-us...@openssl.org On Behalf Of Mohammad khodaei
>Sent: Monday, 02 July, 2012 10:05
>I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt().
>I use this procedure to encrypt so that I can retreive the encrypted buffer
>into a char* (and not into a file). Here is the code:
> p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
> if (!p7)
> return 0;
> char* chTest = new char[1000];
> BIO* memorybio = BIO_new(BIO_s_mem());
> BIO* base64bio = BIO_new(BIO_f_base64());
> BIO* outbio = BIO_push(base64bio, memorybio);
> /* Copy PKCS#7 */
> long ll = i2d_PKCS7_bio(outbio, p7);
> BIO_flush(outbio);
> BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
> BIO_get_mem_data(memorybio, &chTest);
> cout << chTest << "\n";
BIO_get_mem_data discards the pointer value (and thus
leaks your new char[1000] above. It changes chTest to point
to the internal memory buffer, which I don't believe is
guaranteed to be null-terminated (although you may be lucky).
>Now, when I want to do the reverse, I do as follows:
> BIO* memorybio = BIO_new(BIO_s_mem());
> int iLength = BIO_puts(memorybio, chEnc);
> BIO* base64bio = BIO_new(BIO_f_base64());
> BIO* inbio = BIO_push(base64bio, memorybio);
> BIO_flush(inbio);
> BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY);
You can replace all of the memorybio steps and
eliminate the copy with one BIO_new_mem_buf.
> p7 = d2i_PKCS7_bio(inbio, &p7);
You don't check this succeeded; in this situation
it should, but it's better to make certain.
I assume/hope p7 was previously set to null,
or to the result of a successful PKCS7_new().
If it was uninitialized that could cause all
sorts of problems (some not clearly indicated).
> if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
return 0;
>The problem is that the PKCS7_decrypt does not work
>and it is not derypting correctly. Any idea how to solve it?
first *diagnose* what openssl disklikes
http://www.openssl.org/support/faq.html#PROG6
and if applicable
http://www.openssl.org/support/faq.html#PROG7
http://www.openssl.org/support/faq.html#PROG8
then you can probably correct it.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
