Re: PKCS7_add_attribute

[Antonio Ruiz Martínez]

Hello! Dr. Stephen Henson wrote: On Wed, Sep 15, 2004, Antonio Ruiz Martínez wrote: Hello! Thanks for your answer, it has been very useful when I use an octect string but not when but I have got a problem when I'm using a sequence. I think I am not doing something properly because I don't get the desired result. I've tried the following options: 1) ASN1_OCTET_STRING *oct=NULL; oct=ASN1_STRING_new(); ASN1_STRING_set(oct,p7_2,lenp7_2) where p7_2 -> coding in DER of a signed PKCS#7 PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct); i2d_PKC7 ..... This way when I try to decode the result of the coding I get an error, It seems the structure is not correct. However, if I try with PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_OCTET_STRING,(void *)oct) it works but I've an attribute which is an octet string that contains a DER coded PKCS7 but I would like that the attribute was directly the PKCS7 2) p7_2=d2i_PKCS7(NULL,&tsp,lenTSP); PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)p7_2); i2d_PKC7 ..... This way I can decode the encoded PKCS7 but the PKCS7 is not inserted properly as an attribute. How can I solve the problem? Could you help me another time, please? My guess is that there's a problem with the generation of the encoding of the attribute: what code did you use for that?     oct=ASN1_STRING_new();     if (!ASN1_STRING_set(oct,p72,lenP72)) {         lReturn=-50;         goto err;     }     p7=PKCS7_new();     if (p7==NULL) {         lReturn=-20;         goto err;     } //add certificate and keys... ...   //get the signer info...     PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct);     //insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal... //ENCODE in DER ... .... Any idea? You can put totally unstructured garbage data in an OCTET_STRING and the result will still parse until you try to decode the contents. If however you try that with the V_ASN1_SEQUENCE it will choke the parser when you try d2i_PKCS7() on the outer structure. I tried to put the sequence in an octet_string and with that way there is no problem but I would like to use the SEQUENCE directley if it is possible. Regards, Antonio.