On Mon, Sep 20, 2004, Antonio Ruiz Martínez wrote: > Dr. Stephen Henson wrote: > > >On Thu, Sep 16, 2004, Antonio Ruiz Martínez wrote: > > > > > >>I tried to put the sequence in an octet_string and with that way there > >>is no problem but I would like to use the SEQUENCE directley if it is > >>possible. > >> > >> > >> > > > >I tried that test file and it chokes several asn1 parsing tools. It looks > >like > >the attribute is added OK and then things go badly amiss after it. This > >would > >be the case if you'd added the PKCS#7 structure along with some trailing > >data, > >for example if the length was wrong you passed to ASN1_STRING_set(). > > > >Could you send or post the octet string version: it is much easier to > >confirm > >that's the case with that. > > > > > Thanks for your comments, here you're the octet string version.The > content inside de octet string is the same the length of the file. This > file is generated with the same code that use to the previous files the > only difference is that for this version I'm using > PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_OCTET_STRING,(void > *)oct) instead of using > PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct). > >
The length should be the length of the relevant ASN1 structure not the length of the file: unless you are sure the file only contains valid data. Your test file confirms my earlier hypothesis: there is trailing data which is not part of the PKCS#7 structure tagged on the end. In that example the PKCS#7 length is 1194 bytes but the actual amount of data is 1452 bytes. The non-ASN1 data on the end is what's choking the V_ASN1_SEQUENCE version. There are a couple of ways to workout the true length. One is to call d2i_PKCS7() on it and see how far the pointer is advanced, this will also syntax check the PKCS#7 structure too. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]