Hi,
I think I have solved. Maybe you can write better and in fewer lines anyway this attached code works.
AntonioI think I have solved. Maybe you can write better and in fewer lines anyway this attached code works.
2017-12-20 11:07 GMT+01:00 Antonio Iacono <antiac@xxxxxxxxx>:
AntonioHi,Thanks,
assuming I have the following:
- data.txt
- data.p7s (the detached signature)
Can I generate the bundled (p7m) signed file ?
I tried:
content = BIO_new_file("data.txt", "rb");
signature = BIO_new_file("data.p7s", "rb");
p7 = d2i_PKCS7_bio(signature, NULL);
PKCS7_set_detached(p7, 0);
bundled = BIO_new_file("bundled.p7m", "wb");
i2d_PKCS7_bio_stream(bundled, p7, content, 0);
but the generated file (bundled.p7m) is identical to the signature file (data.p7s)
#include <stdio.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/err.h>
int
main (int argc, char *argv[])
{
PKCS7 *p7, *p7signature;
PKCS7_SIGNER_INFO *si;
char buf[1024 * 4];
char **args;
char *infile = NULL;
char *signaturefile = NULL;
char *outfile = NULL;
char *cont;
BIO *data, *p7bio, *out = NULL, *signature = NULL;
int badarg = 0;
long contlen;
STACK_OF (X509) * certs = NULL;
STACK_OF (PKCS7_SIGNER_INFO) * sinfos;
ASN1_OCTET_STRING *os = NULL;
#ifndef NO_SHA256
EVP_add_digest (EVP_sha256 ());
#endif
#ifndef NO_SHA1
EVP_add_digest (EVP_sha1 ());
#endif
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp (*args, "-p7s"))
{
if (args[1])
{
args++;
signaturefile = *args;
}
else
badarg = 1;
}
else if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
}
else
badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else
badarg = 1;
}
else
badarg = 1;
args++;
}
if (badarg || argc < 2)
{
printf ("%s", "\nUse: \n\n");
printf ("%s",
"-in content_file \n-p7s signature_p7s \n-out file_p7m\n\n");
return 1;
}
data = BIO_new (BIO_s_file ());
if (!BIO_read_filename (data, infile))
goto err;
if (!(out = BIO_new_file (outfile, "w")))
goto err;
p7 = PKCS7_new ();
PKCS7_set_type (p7, NID_pkcs7_signed);
signature = BIO_new_file (signaturefile, "r");
if (!signature)
goto err;
p7signature = d2i_PKCS7_bio (signature, NULL);
certs = p7signature->d.sign->cert;
for (int c = 0; c < sk_X509_num (certs); c++)
{
X509 *cert = sk_X509_value (certs, c);
PKCS7_add_certificate (p7, cert);
}
sinfos = p7signature->d.sign->signer_info;
for (int i = 0; i < sk_PKCS7_SIGNER_INFO_num (sinfos); i++)
{
si = sk_PKCS7_SIGNER_INFO_value (sinfos, i);
PKCS7_add_signer (p7, si);
}
PKCS7_content_new (p7, NID_pkcs7_data);
if ((p7bio = PKCS7_dataInit (p7, NULL)) == NULL)
goto err;
for (;;)
{
int i = BIO_read (data, buf, sizeof (buf));
if (i <= 0)
break;
BIO_write (p7bio, buf, i);
}
contlen = BIO_get_mem_data (p7bio, &cont);
os = p7->d.sign->contents->d.data;
ASN1_STRING_set0 (os, (unsigned char *) cont, contlen);
i2d_PKCS7_bio (out, p7);
PKCS7_free (p7);
BIO_free (p7bio);
BIO_free_all (out);
return 0;
err:
ERR_load_crypto_strings ();
ERR_print_errors_fp (stderr);
return 1;
}
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
