Sorry to repost this, but I didn't see a reply and though it might have
gotten lost in the shuffle of recent server changes.
I saw the message below on the mailing list. I have run into a situation
where I have a CMS using the PSS padding and I wanted to see if this might
be implemented by now in CMS_verify.
If not, I have some experience working with the openssl source code, but
some pointers would be appreciated.
--
Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
Hi,
we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
dump),
the verification fails.
Below is a part of the stack trace, it looks like openssl still thinks
the algorithm
is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING:
CMS_verify() {
cms_signerinfo_verify() {
EVP_DigestVerifyInit() {
do_sigver_init() {
EVP_PKEY_CTX_set_signature_md() {
...
pkey_rsa_ctrl() {
// type == EVP_PKEY_CTRL_DIGESTINIT
EVP_DigestVerifyFinal() {
...
pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) {
RSA_PKEY_CTX *rctx = ctx-data;
// rctx-pad_mode == RSA_PKCS1_PADDING (???)
// and EVP_MD_type(rctx-md) = NID_sha256 (OK)
Someone knows if the problem is with the encoding of the signature algo
in the file, or with openssl itself?
... [show rest of
quotehttp://openssl.6102.n7.nabble.com/id-RSASSA-PSS-question-td18729.html#
]
OpenSSL HEAD only supports PSS and only for certificates, not CMS.
Can you include the DER format message itself instead of the ASN1 dump?
This
will be very useful when CMS+PSS is implemented.
Steve.
--
Chris Bare
