unable to verify PKCS#7 objects signed with BC(CMS) - Openssl

This is a discussion on unable to verify PKCS#7 objects signed with BC(CMS) - Openssl ; So a developer at my company is having a problem. When our business partner signs a data object using Bouncy Castle (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that works fine, but when we try ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: unable to verify PKCS#7 objects signed with BC(CMS)

  1. unable to verify PKCS#7 objects signed with BC(CMS)

    So a developer at my company is having a problem.

    When our business partner signs a data object using Bouncy Castle
    (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
    works fine, but when we try to get the data out of it, we're getting a
    null string.

    My hunch is that PKCS7_dataDecode(p7, NULL, NULL, NULL) is returning
    null, but our library code is not throwing an exception.

    Does anyone have any experience with OpenSSL being unable to parse
    PKCS#7 objects created by BouncyCastle?
    --
    Crypto ergo sum. https://www.subspacefield.org/~travis/
    Truth does not fear scrutiny or competition, only lies do.
    If you are a spammer, please email john@subspacefield.org to get blacklisted.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. No NID for SHA2 (was Re: unable to verify PKCS#7 objects signed with BC(CMS))

    On Tue, May 27, 2008 at 03:23:27PM -0500, travis+ml-users@subspacefield.org wrote:
    > So a developer at my company is having a problem.
    >
    > When our business partner signs a data object using Bouncy Castle
    > (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
    > works fine, but when we try to get the data out of it, we're getting a
    > null string.
    >
    > My hunch is that PKCS7_dataDecode(p7, NULL, NULL, NULL) is returning
    > null, but our library code is not throwing an exception.
    >
    > Does anyone have any experience with OpenSSL being unable to parse
    > PKCS#7 objects created by BouncyCastle?


    Problem is that remote peer is using DIGEST::SHA256.

    EVP_get_digestbynid() is failing, apparently lacking support for SHA256.

    I examined the latest OpenSSL distro and can't find any reference to
    SHA256 in object.h; does anyone know if this is supported?

    --
    Crypto ergo sum. https://www.subspacefield.org/~travis/
    Truth does not fear scrutiny or competition, only lies do.
    If you are a spammer, please email john@subspacefield.org to get blacklisted.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: No NID for SHA2 (was Re: unable to verify PKCS#7 objects signed with BC(CMS))

    On Wed, May 28, 2008 at 02:23:44PM -0500, travis+ml-users@subspacefield.org wrote:

    > On Tue, May 27, 2008 at 03:23:27PM -0500, travis+ml-users@subspacefield.org wrote:
    > > So a developer at my company is having a problem.
    > >
    > > When our business partner signs a data object using Bouncy Castle
    > > (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
    > > works fine, but when we try to get the data out of it, we're getting a
    > > null string.
    > >
    > > My hunch is that PKCS7_dataDecode(p7, NULL, NULL, NULL) is returning
    > > null, but our library code is not throwing an exception.
    > >
    > > Does anyone have any experience with OpenSSL being unable to parse
    > > PKCS#7 objects created by BouncyCastle?

    >
    > Problem is that remote peer is using DIGEST::SHA256.
    >
    > EVP_get_digestbynid() is failing, apparently lacking support for SHA256.
    >
    > I examined the latest OpenSSL distro and can't find any reference to
    > SHA256 in object.h; does anyone know if this is supported?


    You need 0.9.8 and SSL_library_init() is not sufficient, this adds only
    the SSL algorithms, you need to also call:

    void OpenSSL_add_all_algorithms(void);
    OR
    void OpenSSL_add_all_digests(void);

    --
    Viktor.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread