On 02/09/2016 16:39, Dr. Stephen Henson wrote:
> On Tue, Aug 30, 2016, David wrote:
>> How can I obtain the length of the overall sequence which contains PKCS7
>> signed data? This is important because the length I already have may be
>> longer than the actual PKCS7 data.
>>
> I'm curious: why do you want that information?
I am loading PKCS7 data from Windows Portable Executable files which is
used for code signing ("Authenticode").
The file structure itself gives a length for the relevant data that I
pass to d2i_PKCS7(). However there may be trailing data which does not
relate to the PKCS7 structure.
My requirement for the length is to spot errors or abuse by comparing
the length parsed by OpenSSL to the PE specific headers, e.g. to detect
issues like MS13-098 [1].
> If you want the entire length of the parsed data you can use d2i_PKCS7() to
> parse the buffer: the passed pointer is then incremented to immediately follow
> the PKCS7 structure. You can then get the length by subtracting the
> start of the buffer.
Thank you - this works fine.
David
1 - https://technet.microsoft.com/en-gb/library/security/2915720
