Massimiliano Ziccardi wrote:
I'm sure OpenSSL is able to parse more than one counter signature per
signature.
Can pleas some OpenSSL expert tell me how to do it? I think the code I
sent in the previous
e-mail should be close to the solution. I just need to know how to get
the other counter signatures
(I already did in Java with Bouncycastle, and it has been straightforward).
I've searched through the net for some documentation, but, as stated on
the site, the OpenSSL documentation
is very incomplete, and I couldn't find any useful information.
Many thanks for your help.
Massimiliano Ziccardi
I see that PKCS7_get_attribute() retrieves the first attribute matching
the nid. Maybe something like below will do the trick.
STACK_OF(X509_ATTRIBUTE) *unauth = PKCS7_get_attributes(si);
/* go thru each elem in unauth */
foreach attr in unauth {
if(attr->object->nid == NID_pkcs9_countersignature){
/* do something here */
}
}
On Tue, May 20, 2008 at 9:25 AM, Massimiliano Ziccardi
<[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
[snip]
#include <openssl/pkcs7.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
void parse(char *pszFileName)
{
// Parsing PKCS#7 file
BIO *foo = BIO_new_file(pszFileName, "rb");
PKCS7* pP7 = d2i_PKCS7_bio(foo,NULL);
STACK_OF(X509) *pSigners = PKCS7_get0_signers(pP7, NULL, 0);
STACK_OF(PKCS7_SIGNER_INFO) *pSignerInfos =
PKCS7_get_signer_info(pP7);
// Looping through the signatures
for (int i = 0; i < sk_PKCS7_SIGNER_INFO_num(pSignerInfos); i++)
{
PKCS7_SIGNER_INFO *si =
sk_PKCS7_SIGNER_INFO_value(pSignerInfos, i);
X509* pSignerCert = sk_X509_value(pSigners, i);
printf ("FOUND SIGNATURE : %p\n", si);
// Parsing counter signatures
ASN1_TYPE *pCounterSignatureAttribute =
PKCS7_get_attribute(si, NID_pkcs9_countersignature);
ASN1_STRING *pSequence =
pCounterSignatureAttribute->value.sequence;
if (pSequence != NULL)
{
unsigned char *ps = NULL;
ps = pSequence->data;
PKCS7_SIGNER_INFO *cs = d2i_PKCS7_SIGNER_INFO(NULL,
(const unsigned char**)&ps, pSequence->length);
printf ("FOUND COUNTER SIGNATURE: %p\n", si);
}
}
}
Regards,
Massimiliano Ziccardi
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]