Shawn Page wrote:
>
>
> I'm attempting to write some code to convert the output of an MS plugin.
> The plugin admittedly violates PKCS7 by outputting the signature in little
> endian.
>
> The question is how to access the signature itself, once having read what is
> a PKCS7 blob in every other respect, in order to change the signature to big
> endian, before verification.
>
There may be more than one signature...
You can get a STACK_OF(PKCS7_SIGNER_INFO) using
PKCS7_get_signer_info(p7).
Use sk_PKCS7_SIGNER_INFO_num() to find out how many there are and
sk_PKCS7_SIGNER_INFO_value(si, i) to get each one.
The signature is the enc_digest field of the PKCS7_SIGNER_INFO
structure: it is an ASN1_OCTET_STRING struture.
You can get its length with: ASN1_STRING_length(os) and the actual data
with ASN1_STRING_data(os).
If there's something like a countersignature in there you'll have to
manually decode and reencode it.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]