On Tue, Nov 22, 2016, Harald Koch wrote: > Hello, > > I???m facing a critical situation in my application when creating a signed > SMIME message using SHA1 as message digest algorithm. In openSSL 1.0.2 (i.e. > 1.0.2h), the following command worked as expected: > > /opt/openssl-1.0.2h/bin/openssl smime -sign -in original_message -signer > cert_key.pem -md sha1 > > The message output contains a header using sha1: > > Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; > micalg="sha1"; boundary="??????7E9FFA1842442B7192D83A53D8D35C89" > > > With openSSL 1.1.0c, I get a segmentation fault with the same command. Using > md5 or sha256 (or even not providing the parameter ???-md???, resultig in > sha256) the command works as expected. Trying to determine where the > segmentation fault happen, I used my C program to step through every function > call, it turns out that ???SMIME_write_PKCS7??? seems to be the critical > point. > > I???m sure I???m using the correct LD_LIBRARY_PATH environment variable value > for every test in Linux. The platforms I tested are Linux 32bit & 64bit, Mac > OS 10.12.1. >
It's a bug in OpenSSL 1.1.0. Fix is: https://github.com/openssl/openssl/pull/1985 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users