Re: attribute certificate in PKCS#7 (CMS)

Wed, 23 Nov 2005 23:26:19 -0800 

Nikolay Elenkov wrote:

> I am trying to patch the PKCS#7 code to (partially) handle CMS ver 3.
> What I need is to parse a CMS structure that has an attribute
> certificate in the certificates field of SignedData.
> 
...
> 
> typedef struct certificate_choices_st {
>     int type;
>     union {
>         X509* certificate;
>         X509AC* attrCert;
>     } value;
> } CERTIFICATE_CHOICES;
> 
> DECLARE_ASN1_FUNCTIONS(CERTIFICATE_CHOICES)
> 
> typedef struct pkcs7_signed_st
>     {
>     ASN1_INTEGER            *version;   /* version 1 */
>     STACK_OF(X509_ALGOR)        *md_algs;   /* md used */
>     STACK_OF(CERTIFICATE_CHOICES)           *cert;      /* [ 0 ] */
>     STACK_OF(X509_CRL)      *crl;       /* [ 1 ] */
>     STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
> 
>     struct pkcs7_st         *contents;
>     } PKCS7_SIGNED;
> 

To answer my own question, changing

ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
   ...
    ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
    ...
} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)

to

ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
   ...
    ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, CERTIFICATE_CHOICES, 0),
    ...
} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)

and adding

ASN1_CHOICE(CERTIFICATE_CHOICES) = {
    ASN1_SIMPLE(CERTIFICATE_CHOICES, value.certificate, X509),
    ASN1_IMP(CERTIFICATE_CHOICES, value.attrCert, X509AC, 1)
} ASN1_CHOICE_END(CERTIFICATE_CHOICES)

IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATE_CHOICES)

to pk7_asn1.c did the trick.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to