On Mon, Sep 12, 2011, Stef Hoeben wrote:
> Hi,
>
> we have an SOD (a CMS for e-passports and e-ID cards) file that we can read
> out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
>
> But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
> dump),
> the verification fails.
> Below is a part of the stack trace, it looks like openssl still thinks
> the algorithm
> is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING:
>
> CMS_verify() {
> cms_signerinfo_verify() {
> EVP_DigestVerifyInit() {
> do_sigver_init() {
> EVP_PKEY_CTX_set_signature_md() {
> ...
> pkey_rsa_ctrl() {
> // type == EVP_PKEY_CTRL_DIGESTINIT
>
> EVP_DigestVerifyFinal() {
> ...
> pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) {
> RSA_PKEY_CTX *rctx = ctx->data;
> // rctx->pad_mode == RSA_PKCS1_PADDING (???)
> // and EVP_MD_type(rctx->md) = NID_sha256 (OK)
>
> Someone knows if the problem is with the encoding of the signature algo
> in the file, or with openssl itself?
>
OpenSSL HEAD only supports PSS and only for certificates, not CMS.
Can you include the DER format message itself instead of the ASN1 dump? This
will be very useful when CMS+PSS is implemented.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
