I saw the message below on the mailing list. I have run into a situation
where I have a CMS using the PSS padding and I wanted to see if this
might be implemented by now in CMS_verify.
If not, I have some experience working with the openssl source code, but
some pointers would be appreciated.
--
Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
> Hi,
>
> we have an SOD (a CMS for e-passports and e-ID cards) file that we
can read
> out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
>
> But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
> dump),
> the verification fails.
> Below is a part of the stack trace, it looks like openssl still thinks
> the algorithm
> is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING:
>
> CMS_verify() {
> cms_signerinfo_verify() {
> EVP_DigestVerifyInit() {
> do_sigver_init() {
> EVP_PKEY_CTX_set_signature_md() {
> ...
> pkey_rsa_ctrl() {
> // type == EVP_PKEY_CTRL_DIGESTINIT
>
> EVP_DigestVerifyFinal() {
> ...
> pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) {
> RSA_PKEY_CTX *rctx = ctx->data;
> // rctx->pad_mode == RSA_PKCS1_PADDING (???)
> // and EVP_MD_type(rctx->md) = NID_sha256 (OK)
>
> Someone knows if the problem is with the encoding of the signature algo
> in the file, or with openssl itself?
>
... [show rest of quote
<http://openssl.6102.n7.nabble.com/id-RSASSA-PSS-question-td18729.html#>]
OpenSSL HEAD only supports PSS and only for certificates, not CMS.
Can you include the DER format message itself instead of the ASN1 dump?
This
will be very useful when CMS+PSS is implemented.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
