I saw the message below which indicates that as of 9/2011 CMS_verify does
not support RSA_PKCS1_PSS_PADDING. Has this been fixed since then?
I have a CMS on a secure ID card which uses PSS. If this is not fixed, I
could send the CMS if that would be useful.
I also have some experience with the openssl code, and could try to fix it
myself, but pointers would be helpful.
-- Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
> Hi,
>
> we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
> out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
>
> But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
> dump),
> the verification fails.
> Below is a part of the stack trace, it looks like openssl still thinks
> the algorithm
> is RSA_PKCS1_PADDING instead of RSA_PKCS1_PSS_PADDING:
>
> CMS_verify() {
> cms_signerinfo_verify() {
> EVP_DigestVerifyInit() {
> do_sigver_init() {
> EVP_PKEY_CTX_set_signature_md() {
> ...
> pkey_rsa_ctrl() {
> // type == EVP_PKEY_CTRL_DIGESTINIT
>
> EVP_DigestVerifyFinal() {
> ...
> pkey_rsa_verify(EVP_PKEY_CTX *ctx, ...) {
> RSA_PKEY_CTX *rctx = ctx->data;
> // rctx->pad_mode == RSA_PKCS1_PADDING (???)
> // and EVP_MD_type(rctx->md) = NID_sha256 (OK)
>
> Someone knows if the problem is with the encoding of the signature algo
> in the file, or with openssl itself?
>
OpenSSL HEAD only supports PSS and only for certificates, not CMS.
Can you include the DER format message itself instead of the ASN1 dump? This
will be very useful when CMS+PSS is implemented.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
