On Fri Mar 14 20:04:42 2014, flevionn...@gmail.com wrote:
> Hello,
>
> I'm working on CMS rsassa-pss signature validation. I'm using the source
> code from the trunk repository of openssl to do so. I've found that there
> is a problem when the signature algorithm identifier is
> sha1withRSAEncryption instead of RSAEncryption (a bouncy castle signature
> for exemple).
>
> this comes from the function
> rsa_ameth.c - l701:
>
> static int rsa_cms_verify(CMS_SignerInfo *si)
> {
> int nid;
> X509_ALGOR *alg;
> EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
> CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
> nid = OBJ_obj2nid(alg->algorithm);
> if (nid == NID_rsaEncryption)
> return 1;
> if (nid == NID_rsassaPss)
> return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
> return 0;
> }
>
> i think it should be:
>
> static int rsa_cms_verify(CMS_SignerInfo *si)
> {
> int nid;
> X509_ALGOR *alg;
> EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
> CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
> nid = OBJ_obj2nid(alg->algorithm);
> if (nid == NID_rsassaPss)
> return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
> return 1;
> }
>
>
> I'm at your disposal if you need sample of such signature.
>I don't think that signature format is valid but I've no objections to adding a workaround so the CMS code tolerates it. I'd say we should check the NID corresponds to an RSA signature algorithm instead of letting everything through though. An example would be useful. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
