Ok. Thanks for the clarification. I went over the code again and I now see
why it's failing. The calculated messagedigest doen't match the
messagedigest in the signature. It seems OpenSSL peels off only the [0]
EXPLICT tag of ContentInfo.content but leaves the type & length field on the
inner c
On Mon, Aug 15, 2011, Chang Lee wrote:
> I appreciate the timely response. So it is as I suspected then.
> PKSC_signatureVerify() is not digesting all of the authenticated attribute
> value SET, only the messagedigest. Will this be scheduled to be fixed?
>
No it is digesting the whole SET. Th
I appreciate the timely response. So it is as I suspected then.
PKSC_signatureVerify() is not digesting all of the authenticated attribute
value SET, only the messagedigest. Will this be scheduled to be fixed?
I believe there is also a bug in the PKCS7_get_octet_string() static
function in pk7_d
On Mon, Aug 15, 2011, Chang Lee wrote:
> Has anyone been able to use PKCS7_verify(...) to verify a SignedData
> signature with authenticated attributes? I've looked through the code and
> it seems PKCS7_signatureVerify() checks for the existence of authenticated
> attributes and calls PKCS7_dige
Hi,
I've gotten OpenSSL to work for me using examples from the Network
Security with OpenSSL book.
I've got two questions that I know are very basic - Mr Google was not
very helpful here
1) how do I set SO_REUSEADDR option on my OpenSSL server?
2) when a client connects to the my server, how c
Has anyone been able to use PKCS7_verify(...) to verify a SignedData
signature with authenticated attributes? I've looked through the code and
it seems PKCS7_signatureVerify() checks for the existence of authenticated
attributes and calls PKCS7_digest_from_attributes() which, along with the
embed
