On Fri, Feb 18, 2011, [email protected] wrote:

> Hello
> I have a problem with the order of the SEQUENCE in the signed attributes:
> 
> I read with the function
>      cms = d2i_CMS_bio(in, NULL);
> a signed file that has the signed attributes in this order:
>      - content type
>     - message digest
>     - signing certificate v2
>     - signing Time
> 
> when I write it in output with the function:
>      i2d_CMS_bio (or i2d_CMS_bio_stream)
> the output file presents ALWAYS the SEQUENCE in this order
>     - content type
>     - signing Time
>     - message digest
>     - signing certificate v2
> 
> This reordering invalidates the hash of the structure.
> Is it possible to hold the same order present in input?
> 

It isn't actually a SEQUENCE it is a SET OF which should be sorted lexically:
if they get reordered it is an indication that the original message didn't
order them properly.

There is a workaround in the PKCS#7 code which treats the signed attributes as
unordered on receive and reorders them only when signing. This for some reason
wasn't totally implemented in the CMS code.

The fix is simple, in crypto/cms/cms_asn1.c in the line:

ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),

Change SET to SEQUENCE.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]

Reply via email to