On Tue, Feb 24, 2015, Richard Welty wrote: > On 2/24/15 9:21 AM, Dr. Stephen Henson wrote: > > > > Typically you'd write the signed content to a memory BIO and then decrypt > > that. Precisely how you decrypt the enveloped data depends on the format. It > > might be in MIME format in which case you'd pass it through the MIME parser. > > Alternatively it could be enveloped data content type in which case you'd > > decode it as BER form. > > > > There are shortcuts you can make if, for example, you know the signed content > > is not detached and in BER form. > > > it will not be detached, and will be in BER form. shortcuts (as long as > they're > in a documented API) are welcome as this is in a path that should be fast. > So the embedded content type will be enveloped data? If so first you can check that type using CMS_get0_eContentType(). Then you can use CMS_get0_content() to retrieve the embedded content as a pointer to an OCTET STRING pointer. You should check that content is not NULL and then retrieve the encoding of the content using ASN1_STRING_data and ASN1_STRING_length. Once you have those you can decode using d2i_CMS_ContentInfo(). A couple of those functions are currently undocumented (that will be fixed) but nothing in that involves using structure internals. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
