Massimiliano Ziccardi wrote:
> I'm sure OpenSSL is able to parse more than one counter signature per
> signature.
>
> Can pleas some OpenSSL expert tell me how to do it? I think the code I
> sent in the previous
> e-mail should be close to the solution. I just need to know how to get
> the other counter signatures
> (I already did in Java with Bouncycastle, and it has been straightforward).
>
> I've searched through the net for some documentation, but, as stated on
> the site, the OpenSSL documentation
> is very incomplete, and I couldn't find any useful information.
>
> Many thanks for your help.
> Massimiliano Ziccardi
>


I see that PKCS7_get_attribute() retrieves the first attribute matching
the nid. Maybe something like below will do the trick.


STACK_OF(X509_ATTRIBUTE) *unauth = PKCS7_get_attributes(si);
/* go thru each elem in unauth */
foreach attr in unauth {
if(attr->object->nid == NID_pkcs9_countersignature){
/* do something here */
}
}

> On Tue, May 20, 2008 at 9:25 AM, Massimiliano Ziccardi
> > > wrote:
>


[snip]

>
> #include
> #include
> #include
> #include
>
> void parse(char *pszFileName)
> {
> // Parsing PKCS#7 file
> BIO *foo = BIO_new_file(pszFileName, "rb");
>
> PKCS7* pP7 = d2i_PKCS7_bio(foo,NULL);
>
> STACK_OF(X509) *pSigners = PKCS7_get0_signers(pP7, NULL, 0);
>
> STACK_OF(PKCS7_SIGNER_INFO) *pSignerInfos =
> PKCS7_get_signer_info(pP7);
>
> // Looping through the signatures
> for (int i = 0; i < sk_PKCS7_SIGNER_INFO_num(pSignerInfos); i++)
> {
> PKCS7_SIGNER_INFO *si =
> sk_PKCS7_SIGNER_INFO_value(pSignerInfos, i);
> X509* pSignerCert = sk_X509_value(pSigners, i);
>
> printf ("FOUND SIGNATURE : %p\n", si);
> // Parsing counter signatures
> ASN1_TYPE *pCounterSignatureAttribute =
> PKCS7_get_attribute(si, NID_pkcs9_countersignature);
>
> ASN1_STRING *pSequence =
> pCounterSignatureAttribute->value.sequence;
>
> if (pSequence != NULL)
> {
> unsigned char *ps = NULL;
> ps = pSequence->data;
>
> PKCS7_SIGNER_INFO *cs = d2i_PKCS7_SIGNER_INFO(NULL,
> (const unsigned char**)&ps, pSequence->length);
> printf ("FOUND COUNTER SIGNATURE: %p\n", si);
> }
> }
> }
>
> Regards,
> Massimiliano Ziccardi
>


-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org