[openssl-users] Obtaining PKCS7 data length

David lists at edeca.net
Tue Aug 30 18:27:51 UTC 2016


I have some PKCS7 data which I can read like this with OpenSSL:

$ openssl asn1parse -i -inform der -in data.dat
0:d=0  hl=4 l=16208 cons: SEQUENCE
4:d=1  hl=2 l=    9 prim:  OBJECT            :pkcs7-signedData
.. more ..

I can load it in code like so:

// buf contains the raw data, len the length
BIO *bio = BIO_new_mem_buf(buf, len);

PKCS7 *pkcs7 = d2i_PKCS7_bio(bio, NULL);
if (!pkcs7) {
    // die

This works fine and I can successfully obtain signer information etc.
However I'd like to obtain the length value as parsed from the input
data. In my example this was 16208, seen in the second line of the ASN1

I noticed there is a length attribute to the PKCS7 structure (see
include/openssl/pkcs7.h) but pkcs7->length is always zero when I print it.

How can I obtain the length of the overall sequence which contains PKCS7
signed data?  This is important because the length I already have may be
longer than the actual PKCS7 data.


More information about the openssl-users mailing list