unable to verify PKCS#7 objects signed with BC(CMS)

So a developer at my company is having a problem.

When our business partner signs a data object using Bouncy Castle
(PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
works fine, but when we try to get the data out of it, we're getting a
null string.

My hunch is that PKCS7_dataDecode(p7, NULL, NULL, NULL) is returning
null, but our library code is not throwing an exception.

Does anyone have any experience with OpenSSL being unable to parse
PKCS#7 objects created by BouncyCastle?
--
Crypto ergo sum. https://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email john@subspacefield.org to get blacklisted.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

On Tue, May 27, 2008 at 03:23:27PM -0500, travis+ml-users@subspacefield.org wrote:
> So a developer at my company is having a problem.
>
> When our business partner signs a data object using Bouncy Castle
> (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
> works fine, but when we try to get the data out of it, we're getting a
> null string.
>
> My hunch is that PKCS7_dataDecode(p7, NULL, NULL, NULL) is returning
> null, but our library code is not throwing an exception.
>
> Does anyone have any experience with OpenSSL being unable to parse
> PKCS#7 objects created by BouncyCastle?

Problem is that remote peer is using DIGEST::SHA256.

EVP_get_digestbynid() is failing, apparently lacking support for SHA256.

I examined the latest OpenSSL distro and can't find any reference to
SHA256 in object.h; does anyone know if this is supported?

--
Crypto ergo sum. https://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email john@subspacefield.org to get blacklisted.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

On Wed, May 28, 2008 at 02:23:44PM -0500, travis+ml-users@subspacefield.org wrote:

> On Tue, May 27, 2008 at 03:23:27PM -0500, travis+ml-users@subspacefield.org wrote:
> > So a developer at my company is having a problem.
> >
> > When our business partner signs a data object using Bouncy Castle
> > (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
> > works fine, but when we try to get the data out of it, we're getting a
> > null string.
> >
> > My hunch is that PKCS7_dataDecode(p7, NULL, NULL, NULL) is returning
> > null, but our library code is not throwing an exception.
> >
> > Does anyone have any experience with OpenSSL being unable to parse
> > PKCS#7 objects created by BouncyCastle?
>
> Problem is that remote peer is using DIGEST::SHA256.
>
> EVP_get_digestbynid() is failing, apparently lacking support for SHA256.
>
> I examined the latest OpenSSL distro and can't find any reference to
> SHA256 in object.h; does anyone know if this is supported?

You need 0.9.8 and SSL_library_init() is not sufficient, this adds only
the SSL algorithms, you need to also call:

void OpenSSL_add_all_algorithms(void);
OR
void OpenSSL_add_all_digests(void);

--
Viktor.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

unable to verify PKCS#7 objects signed with BC(CMS) - Openssl

Thread: unable to verify PKCS#7 objects signed with BC(CMS)

LinkBack

Tools

unable to verify PKCS#7 objects signed with BC(CMS)

No NID for SHA2 (was Re: unable to verify PKCS#7 objects signed with BC(CMS))

Re: No NID for SHA2 (was Re: unable to verify PKCS#7 objects signed with BC(CMS))