[openssl-users] PKCS7_sign conflict with PKCS7_decrypt?

Dr. Stephen Henson steve at openssl.org
Tue Jul 26 19:24:43 UTC 2016


On Tue, Jul 26, 2016, Jim Carroll wrote:

> After experimenting, I can confirm this is the same issue we're seeing,
> although experiencing it very differently from the MIT/Kerberos team.  I can
> confirm that right now PKCS7 sign/encrypt/decrypt is broken. I'd love to
> help fix it, but I'm not yet up to speed on bio_enc.c and evp_enc.c. For
> now, I think wait for a fix is the best approach. 
> 
> What is the accepted way for "the great unwashed" to follow tickets?  I got
> into the ticket system as a guest, but as guest I can't asked to be notified
> about status updates.  Is there a process to request a full account on
> rt.openssl.org?
> 
> Once the fix is ready, I'll submit a unittest to help with regression
> testing PKCS7 sign-encrypt-decrypt-verify. 
> 

A fix is currently being reviewed. It includes a test. It just happense that
the standard CMS/PKCS#7 tests use a very short content length. If it is a
little longer they trigger the bug.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list