Re: Parsing counter signatures - HELP - (UPDATED)

Tue, 20 May 2008 08:58:45 -0700 

Massimiliano Ziccardi wrote:
I'm sure OpenSSL is able to parse more than one counter signature per signature. 


Can pleas some OpenSSL expert tell me how to do it? I think the code I 
sent in the previous
e-mail should be close to the solution. I just need to know how to get 
the other counter signatures

(I already did in Java with Bouncycastle, and it has been straightforward).


I've searched through the net for some documentation, but, as stated on 
the site, the OpenSSL documentation

is very incomplete, and I couldn't find any useful information.

Many thanks for your help.
Massimiliano Ziccardi




I see that PKCS7_get_attribute() retrieves the first attribute matching 
the nid. Maybe something like below will do the trick.



STACK_OF(X509_ATTRIBUTE) *unauth = PKCS7_get_attributes(si);
/* go thru each elem in unauth */
foreach attr in unauth {
        if(attr->object->nid == NID_pkcs9_countersignature){
                /* do something here */
        }
}


    On Tue, May 20, 2008 at 9:25 AM, Massimiliano Ziccardi
    <[EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>> wrote:



[snip]



        #include <openssl/pkcs7.h>
        #include <openssl/bio.h>
        #include <openssl/err.h>
        #include <openssl/x509.h>

        void parse(char *pszFileName)
        {
            // Parsing PKCS#7 file
            BIO *foo = BIO_new_file(pszFileName, "rb");

            PKCS7* pP7 = d2i_PKCS7_bio(foo,NULL);

            STACK_OF(X509) *pSigners = PKCS7_get0_signers(pP7, NULL, 0);

            STACK_OF(PKCS7_SIGNER_INFO) *pSignerInfos =
        PKCS7_get_signer_info(pP7);

            // Looping through the signatures
            for (int i = 0; i < sk_PKCS7_SIGNER_INFO_num(pSignerInfos); i++)
            {
                PKCS7_SIGNER_INFO *si =
        sk_PKCS7_SIGNER_INFO_value(pSignerInfos, i);
                X509* pSignerCert = sk_X509_value(pSigners, i);

                printf ("FOUND SIGNATURE : %p\n", si);
                // Parsing counter signatures
                ASN1_TYPE *pCounterSignatureAttribute =
        PKCS7_get_attribute(si, NID_pkcs9_countersignature);

                ASN1_STRING *pSequence =
        pCounterSignatureAttribute->value.sequence;

                if (pSequence != NULL)
                {
                    unsigned char *ps = NULL;
                    ps = pSequence->data;

                    PKCS7_SIGNER_INFO *cs = d2i_PKCS7_SIGNER_INFO(NULL,
        (const unsigned char**)&ps, pSequence->length);
                    printf ("FOUND COUNTER SIGNATURE: %p\n", si);
                }
            }
        }

        Regards,
        Massimiliano Ziccardi



-jb
--
Real computer scientists don't comment their code.  The identifiers are
so long they can't afford the disk space.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to