Ok. Thanks for the clarification. I went over the code again and I now see why it's failing. The calculated messagedigest doen't match the messagedigest in the signature. It seems OpenSSL peels off only the [0] EXPLICT tag of ContentInfo.content but leaves the type & length field on the inner content. The PKCS#7 reference states: "9.3 Message-digesting process
The message-digesting process computes a message digest on either the content being signed or the content together with the signer's authenticated attributes. In either case, the initial input to the message-digesting process is the "value" of the content being signed. Specifically, the initial input is the contents octets of the DER encoding of the contentfield of the ContentInfo value to which the signing process is applied. Only the contents octets of the DER encoding of that field are digested, not the identifier octets or the length octets." This is a bit vague as it could be interpreted to mean to either to skip over the T & V of the [0] tag or to skip over the T & V of the [0] content. CMS on the other hand states: "5.4. Message Digest Calculation Process The message digest calculation process computes a message digest on either the content being signed or the content together with the signed attributes. In either case, the initial input to the message digest calculation process is the "value" of the encapsulated content being signed. Specifically, the initial input is the encapContentInfo eContent OCTET STRING to which the signing process is applied. Only the octets comprising the value of the eContent OCTET STRING are input to the message digest algorithm, not the tag or the length octets." This is less ambiguous since it states that the T & V of the content of the [0] tag should be excluded from the calculation. This method of calculation produces the correct results with my signature which was extracted from a commercial product. I have also manually verified this as well. Would you agree with my conclusion or am I missing something? -Chang On Mon, Aug 15, 2011 at 2:03 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Mon, Aug 15, 2011, Chang Lee wrote: > > > I appreciate the timely response. So it is as I suspected then. > > PKSC_signatureVerify() is not digesting all of the authenticated > attribute > > value SET, only the messagedigest. Will this be scheduled to be fixed? > > > > No it is digesting the whole SET. The function ASN1_item_i2d() generates > the > encoding of the authenticated attributes and EVP_Verify*() verifies their > digital signature. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
