DSA_verify(...) method FIPS compliant?

? If so, will moving to FOM 1.2.3 help? Cheers, -Chang Lee

Re: Convert ASN1_OCTET_STRING contents to ASN1 Sequence

...@informatik.hu-berlin.de wrote: Am 21.09.2011 23:27, schrieb Chang Lee: Does anyone know of a way to take an ASN1_OCTET_STRING that contains a DER encoded Sequence and extract the contents of the Sequence as an ASN1_STRING. Essentially, I want to construct an ASN1 object of the Sequence. I

Re: Convert ASN1_OCTET_STRING contents to ASN1 Sequence

= d2i_AUTHENTICODE_CONTENT(NULL, (const unsigned char**)content-data, content-length); ... d2i_AUTHENTICODE_CONTENT(...) errors out. -Clee On Thu, Sep 22, 2011 at 10:07 AM, Dr. Stephen Henson st...@openssl.orgwrote: On Thu, Sep 22, 2011, Chang Lee wrote

Re: Convert ASN1_OCTET_STRING contents to ASN1 Sequence

Thanks for the info. I'll try to get it to work using ASN1_get_object(). Just for my edification, was my approach using the templates and macros not a viable option? On Thu, Sep 22, 2011 at 12:22 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Thu, Sep 22, 2011, Chang Lee wrote: I'm

Re: Convert ASN1_OCTET_STRING contents to ASN1 Sequence

ASN1_get_object() got the job done. Thanks. On Thu, Sep 22, 2011 at 1:34 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Thu, Sep 22, 2011, Chang Lee wrote: Thanks for the info. I'll try to get it to work using ASN1_get_object(). Just for my edification, was my approach using

Re: Convert ASN1_OCTET_STRING contents to ASN1 Sequence

Nice tip. I'll look into that. On Thu, Sep 22, 2011 at 4:19 AM, Frank Morgner frankmorg...@gmx.de wrote: On Thursday, September 22 at 08:41AM, Dominik Oepen wrote: Am 21.09.2011 23:27, schrieb Chang Lee: Does anyone know of a way to take an ASN1_OCTET_STRING that contains a DER

Convert ASN1_OCTET_STRING contents to ASN1 Sequence

Does anyone know of a way to take an ASN1_OCTET_STRING that contains a DER encoded Sequence and extract the contents of the Sequence as an ASN1_STRING. Essentially, I want to construct an ASN1 object of the Sequence. I guess I could manually parse the Sequence (and deal with the different types

PKCS7_verify() implementation incomplete?

. This implementation would be wrong. Is this a bug or do have I stayed up too long looking at this code. I'm using 0.9.8r. -Chang Lee

Re: PKCS7_verify() implementation incomplete?

to be interpreted as an OCTET STRING. -Chang On Mon, Aug 15, 2011 at 12:27 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Mon, Aug 15, 2011, Chang Lee wrote: Has anyone been able to use PKCS7_verify(...) to verify a SignedData signature with authenticated attributes? I've looked through

Re: PKCS7_verify() implementation incomplete?

, 2011 at 2:03 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Mon, Aug 15, 2011, Chang Lee wrote: I appreciate the timely response. So it is as I suspected then. PKSC_signatureVerify() is not digesting all of the authenticated attribute value SET, only the messagedigest