[openssl-users] CMS questions

Dr. Stephen Henson steve at openssl.org
Tue Feb 24 15:10:22 UTC 2015

On Tue, Feb 24, 2015, Richard Welty wrote:

> On 2/24/15 9:21 AM, Dr. Stephen Henson wrote:
> >
> > Typically you'd write the signed content to a memory BIO and then decrypt
> > that. Precisely how you decrypt the enveloped data depends on the format. It
> > might be in MIME format in which case you'd pass it through the MIME parser.
> > Alternatively it could be enveloped data content type in which case you'd
> > decode it as BER form.
> >
> > There are shortcuts you can make if, for example, you know the signed content
> > is not detached and in BER form.
> >
> it will not be detached, and will be in BER form. shortcuts (as long as
> they're
> in a documented API) are welcome as this is in a path that should be fast.

So the embedded content type will be enveloped data?

If so first you can check that type using CMS_get0_eContentType().

Then you can use CMS_get0_content() to retrieve the embedded content as a
pointer to an OCTET STRING pointer. You should check that content is not NULL
and then retrieve the encoding of the content using ASN1_STRING_data and

Once you have those you can decode using d2i_CMS_ContentInfo().

A couple of those functions are currently undocumented (that will be fixed) but
nothing in that involves using structure internals.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list