On Thu, Sep 22, 2011, Chang Lee wrote: > I'm trying to parse the content of an ASN1_OCTET_STRING, which I know/expect > to be a DER encoded SEQUENCE, into an object. I need to do this because I'm > trying to verify an Authenticode signature. I need to generate a digest of > the contents of the signedData sans the type & length bytes. Now generating > the object via d2i_PKCS7 results in the > p7->d.sign->contents->d.other->value.octet_string containing the contents of > the ContentInfo.content [0] which is itself a SEQUENCE > (SpcIndirectDataContent). Unfortunately, Authenticode needs the digest of > the content of SpcIndirectDataContent. Therein lies the reason why I'm > trying to 'peel' off one layer to get at the data. I was initially hunting > for a generic SEQUENCE object that I could parse the data but I couldn't > find one. > I have attempted to create a SEQUENCE from the template but have yet to get > it to work. This is what I've tried: >
Ah OK. So you've got the data into an ASN1_OCTET_STRING whose contents are a SEQUENCE and you want the content octets of that SEQUENCE but without the SEQUENCE tag+length octets? Well there isn't anything which does that directly. You can get the DER buffer using ASN1_STRING_length(os) and ASN1_STRING_data(os). That will give you the SEQUENCE tag at the start and the content included. If you want to skip over the tag+length octets of that buffer you need to do some lower level stuff. If you use ASN1_get_object() it will tell you the length of the sequence and skip the header. So the updated pointer will be that start of the SEQUENCE contents and the length will be the length of that content. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
