Re: PKCS7_add_attribute

Wed, 15 Sep 2004 10:54:37 -0700 

Hello!

Peter Sylvester wrote:

You may try a routine like the following by replacing all occurences of
ESS_SIGNING_CERTIFICATE by PKCS7
and change the nid to the PKCS9 V2 defined one.
Or to consider to (mis)use 

  id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1) member-body(2)
  us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) aa(2) 14 }



Ok you're right, I thought to use that identifier when I have the timeStampToken but at this moment I only want to make some test so as to know if it is possible to use it.

The difference I see is that the i2d is done before setting the attribute.




Ok I agree with you, that is the only difference with my code and it is the only thing that I can see different.
Thanks for your help.
Regards,
Antonio.

int ESS_add_attrib_signcert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERTIFICATE *sc) {
        ASN1_STRING *seq;
        unsigned char *p, *pp ;
        int len;

        len = i2d_ESS_SIGNING_CERTIFICATE(sc, NULL);
        if (!(pp = (unsigned char *) OPENSSL_malloc(len)))
                {
                ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
                return 0;
                }
        p = pp;
        i2d_ESS_SIGNING_CERTIFICATE(sc, &p);

if(!(seq = ASN1_STRING_new())) {
OPENSSL_free(pp);
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
if(!ASN1_STRING_set (seq, pp, len)) {
ASN1_STRING_free(seq);
OPENSSL_free(pp);
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
OPENSSL_free(pp); return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq);
}

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]






--
------------------------------------------------------
Antonio Ruiz Martínez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
e-mail: [EMAIL PROTECTED] or arm [at] dif [dot] um [dot] es
------------------------------------------------------

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to