Done[1]
[1] https://github.com/openssl/openssl/issues/14257
On Fri, Feb 19, 2021 at 11:09 PM Dmitry Belyavsky wrote:
>
> Would you mind to raise the issue on GitHub with the reproduction?
>
> On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, wrote:
>>
>> Hi,
>>
>> I am trying to analyze openssl sources,
Would you mind to raise the issue on GitHub with the reproduction?
On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, wrote:
> Hi,
>
> I am trying to analyze openssl sources, and it looks like the resign
> is implemented in an naive path that does not handle all cases.
>
> In other words, the CMS resign i
Hi,
I am trying to analyze openssl sources, and it looks like the resign
is implemented in an naive path that does not handle all cases.
In other words, the CMS resign is not working in any case other than
the default execution path.
For example the -noattr is also not working.
I updated my rep
Thanks.
I managed to narrow this, it is not related to pss also if I pass pkcs1 I
can reproduce. It has something to do with CMS_KEY_PARAM flag and add
signer.
On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi <
thulasi.goripar...@gmail.com> wrote:
> With PSS, for the first signature, PSS alg ID a
With PSS, for the first signature, PSS alg ID and params are encoded
correctly, but not for the second signature(resign).
2542:d=7 hl=2 l= 9 prim: OBJECT:S/MIME Capabilities
2553:d=7 hl=2 l= 108 cons: SET
2555:d=8 hl=2 l= 106 cons: SEQUENCE
2557:d=9 hl=2 l= 11 cons: SEQUE
Thanks!
Was about to write... I tested both 1.1 and master branches and result is
the same.
On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <
thulasi.goripar...@gmail.com> wrote:
> I am able to reproduce this issue with 1.1.1j too.
>
> openssl version -a
>
> OpenSSL 1.1.1j 16 Feb 2021
>
> built
I am able to reproduce this issue with 1.1.1j too.
openssl version -a
OpenSSL 1.1.1j 16 Feb 2021
built on: Fri Feb 19 18:56:06 2021 UTC
platform: darwin64-x86_64-cc
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL
On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
> I am able to reproduce this issue with 1.1.1i
OpenSSL 1.1.1j has been released. Do you still see the problem with
1.1.1j?
--
Viktor.
For OpenSSL 1.0.2:
Are you asking how to get a DNS Subject Alternative Name extension into the
certificate?
You would need to edit an openssl.cnf file and add the proper stuff to get this
extension. Check the man page for x509v3_config.
The item you want to put in the config file is
subjectAltN
Hi Alon,
I am able to reproduce this issue with 1.1.1i
echo "hello world" > msg
/* pkcs1 */
openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms
openssl cms -verify -in 1.cms -CAfile ca.pem
openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms
openssl cms -verify -in 2.cms -CAf
10 matches
Mail list logo
