Has anyone been able to use PKCS7_verify(...) to verify a SignedData signature with authenticated attributes? I've looked through the code and it seems PKCS7_signatureVerify() checks for the existence of authenticated attributes and calls PKCS7_digest_from_attributes() which, along with the embedded comment /* mdc is the digest ctx that we want, unless there are attributes, * in which case the digest is the signed attributes */, gave the impression that it computed the digest of the attributes. Looking at the code, PKCS7_digest_from_attributes() just returns the MessageDigest attribute. This implementation would be wrong. Is this a bug or do have I stayed up too long looking at this code. I'm using 0.9.8r.
-Chang Lee
