Thanks for the info. I'll try to get it to work using ASN1_get_object(). Just for my edification, was my approach using the templates and macros not a viable option?
On Thu, Sep 22, 2011 at 12:22 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Thu, Sep 22, 2011, Chang Lee wrote: > > > I'm trying to parse the content of an ASN1_OCTET_STRING, which I > know/expect > > to be a DER encoded SEQUENCE, into an object. I need to do this because > I'm > > trying to verify an Authenticode signature. I need to generate a digest > of > > the contents of the signedData sans the type & length bytes. Now > generating > > the object via d2i_PKCS7 results in the > > p7->d.sign->contents->d.other->value.octet_string containing the contents > of > > the ContentInfo.content [0] which is itself a SEQUENCE > > (SpcIndirectDataContent). Unfortunately, Authenticode needs the digest > of > > the content of SpcIndirectDataContent. Therein lies the reason why I'm > > trying to 'peel' off one layer to get at the data. I was initially > hunting > > for a generic SEQUENCE object that I could parse the data but I couldn't > > find one. > > I have attempted to create a SEQUENCE from the template but have yet to > get > > it to work. This is what I've tried: > > > > Ah OK. So you've got the data into an ASN1_OCTET_STRING whose contents are > a > SEQUENCE and you want the content octets of that SEQUENCE but without the > SEQUENCE tag+length octets? > > Well there isn't anything which does that directly. You can get the DER > buffer > using ASN1_STRING_length(os) and ASN1_STRING_data(os). That will give you > the > SEQUENCE tag at the start and the content included. > > If you want to skip over the tag+length octets of that buffer you need to > do > some lower level stuff. If you use ASN1_get_object() it will tell you the > length of the sequence and skip the header. So the updated pointer will be > that start of the SEQUENCE contents and the length will be the length of > that > content. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
