Thanks! Those functions and the CMS_get0_content() are what I was missing. Here's what I've got now.
PKCS7Type determine_pkcs7_type(CMS_ContentInfo* cms) { int nid = OBJ_obj2nid(CMS_get0_type(cms)); switch( nid ) { case NID_pkcs7_data: return PKCS7Type_Data; case NID_id_smime_ct_compressedData: return PKCS7Type_CompData; case NID_id_smime_ct_authData: return PKCS7Type_AuthData; case NID_pkcs7_enveloped: case NID_pkcs7_encrypted: return PKCS7Type_EncData; case NID_pkcs7_digest: return PKCS7Type_Digest; case NID_pkcs7_signed: { ASN1_OCTET_STRING** data = CMS_get0_content(cms); if( data && *data ) return PKCS7Type_SignedData; STACK_OF(CMS_SignerInfo)* signer_infos = CMS_get0_SignerInfos(cms); if( signer_infos && sk_CMS_SignerInfo_num(signer_infos) > 0 ) return PKCS7Type_Signature; // TODO: Call CMS_get1_certs() and CMS_get1_crls(); return PKCS7Type_UNKNOWN if # certs + # crls == 0. return PKCS7Type_Certs; } } Thanks, Phillip On Thu, May 23, 2013 at 5:29 AM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Wed, May 22, 2013, Phillip Hellewell wrote: > > > I'm in the process of refactoring my code to use the new CMS API instead > of > > PKCS7. > > > > In my code before I was able to determine the type of pkcs7, and even > > distinguish between a signed data (.p7m), signature (.p7s) and cert chain > > (.p7b), using this function: > > > > PKCS7Type determine_pkcs7_type(PKCS7* p7) > > { > > int nid = OBJ_obj2nid(p7->type); > > switch( nid ) { > > case NID_pkcs7_data: > > return PKCS7Type_Data; > > case NID_pkcs7_enveloped: > > case NID_pkcs7_encrypted: > > return PKCS7Type_EncData; > > case NID_pkcs7_digest: > > return PKCS7Type_Digest; > > case NID_pkcs7_signed: > > if( p7->d.sign->contents && > > OBJ_obj2nid(p7->d.sign->contents->type) == NID_pkcs7_data && > > p7->d.sign->contents->d.data != NULL ) > > return PKCS7Type_SignedData; > > if( sk_PKCS7_SIGNER_INFO_num(p7->d.sign->signer_info) > > 0 ) > > return PKCS7Type_Signature; > > if( sk_X509_num(p7->d.sign->cert) > 0 || > > sk_X509_CRL_num(p7->d.sign->crl) > 0 ) > > return PKCS7Type_Certs; > > return PKCS7Type_UNKNOWN; > > } > > return PKCS7Type_UNKNOWN; > > } > > > > Now I am trying to do the same thing with CMS, but the struct contents > are > > encapsulated from me (yes yes, that is good I know), so I'm currently at > a > > loss as to how to differentiate the types, see below: > > > > PKCS7Type determine_pkcs7_type(CMS_ContentInfo* cms) > > { > > int nid = OBJ_obj2nid(CMS_get0_type(cms)); > > switch( nid ) { > > case NID_pkcs7_data: > > return PKCS7Type_Data; > > case NID_id_smime_ct_compressedData: > > return PKCS7Type_CompData; > > case NID_pkcs7_enveloped: > > case NID_pkcs7_encrypted: > > return PKCS7Type_EncData; > > case NID_pkcs7_digest: > > return PKCS7Type_Digest; > > case NID_pkcs7_signed: > > { > > // HELP!! How can I tell if this is a signed data, or > just > > a signature (i.e., a .p7s with no data), or it is a cert chain (i.e., a > > .p7b with just certs) > > } > > } > > return PKCS7Type_UNKNOWN; > > } > > > > You can use CMS_get0_SignerInfos(), CMS_get1_certs() and CMS_get1_crls(). > The > latter two need to be freed up after use. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >