read data from a BIO into a ContentInfo
BIO *data, int flags);
reads data and puts it into the appropriate content
field of p7 itself or of its appropriate substructure,
which can be of type SignedData,
DigestedData, or arbitrary data. The
PKCS7_dataFinal(3) manual explains which field exactly the data is
The following flags are recognized:
- Copy the data verbatim without changing any bytes. By default, line
endings are replaced with two-byte "\r\n" sequences (ASCII
CR+LF). If this flag is set,
- Prepend "Content-Type: text/plain" followed by a blank line to
the data. This flag is ignored if
PKCS7_BINARYis also set.
If any other bits are set in flags, for
PKCS7_PARTIAL, they are ignored, allowing to pass
the same flags argument that was already passed to
is most commonly used to finalize a p7 object returned
from a call to PKCS7_sign(3) that used flags including
PKCS7_STREAM. With these flags,
PKCS7_sign(3) ignores its data argument. The
partial p7 object returned can then be customized, for
example setting up multiple signers or non-default digest algorithms with
PKCS7_sign_add_signer(3), before calling
can be used to finalize a p7 object returned from a
call to PKCS7_encrypt(3) that used flags
starts by calling
PKCS7_dataInit(3) internally, using it to finalize a
p7 object containing
DigestedData, or arbitrary data requires the setup
described in the
PKCS7_dataInit(3) manual. For SignedData and
EnvelopedData, such manual setup is also feasible, but
it is more easily performed with
is only one among several functions that can be used to finalize
p7; alternatives include
PKCS7_final() returns 1 on success or 0 on
Possible reasons for failure include:
- p7 is
- The content field of p7 is empty.
- The contentType of p7 is unsupported.
- Signing or digesting is requested and p7 is not configured to store a detached signature, but does not contain the required field to store the content either.
- At least one signer lacks a usable digest algorithm.
- A cipher is required but none is configured.
- Any required operation fails, for example signing or digesting.
- Memory allocation fails.
Signers lacking private keys do not cause failure but are silently skipped.
BIO_new(3), i2d_PKCS7_bio_stream(3), PEM_write_bio_PKCS7_stream(3), PKCS7_add_attribute(3), PKCS7_dataFinal(3), PKCS7_dataInit(3), PKCS7_encrypt(3), PKCS7_new(3), PKCS7_sign(3), SMIME_write_PKCS7(3)
PKCS7_final() first appeared in OpenSSL
1.0.0 and has been available since OpenBSD 4.9.
This function does not support EncryptedData.