On Wed, Jan 12, 2005, Dmitry Belyavsky wrote: > Hello! > > I found out that openssl smime puts > micalg: sha1 > either message is hashed with sha1 or any other algorithm. It is hardcoded > into current snapshot (20050112) of 0.9.8 version > (crypto/pkcs7/pk7_mime.c). > > RFC 2633 (http://www.ietf.org/rfc/rfc2633.txt) says: > _______________________ > The micalg parameter allows for one-pass processing when the > signature is being verified. The value of the micalg parameter is > dependent on the message digest algorithm(s) used in the calculation > of the Message Integrity Check. If multiple message digest algorithms > are used they MUST be separated by commas per [MIME-SECURE]. The > values to be placed in the micalg parameter SHOULD be from the > following: > > Algorithm Value > used > > MD5 md5 > SHA-1 sha1 > Any other unknown > ----------------------- > > So, is the hard-coded value a bug or a feature? >
It's a missing feature :-) I've never seen anything other than sha1 in there so this might not be a problem in practice. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]