[openssl-users] PKCS7_sign conflict with PKCS7_decrypt?
Dr. Stephen Henson
steve at openssl.org
Tue Jul 26 19:24:43 UTC 2016
On Tue, Jul 26, 2016, Jim Carroll wrote:
> After experimenting, I can confirm this is the same issue we're seeing,
> although experiencing it very differently from the MIT/Kerberos team. I can
> confirm that right now PKCS7 sign/encrypt/decrypt is broken. I'd love to
> help fix it, but I'm not yet up to speed on bio_enc.c and evp_enc.c. For
> now, I think wait for a fix is the best approach.
> What is the accepted way for "the great unwashed" to follow tickets? I got
> into the ticket system as a guest, but as guest I can't asked to be notified
> about status updates. Is there a process to request a full account on
> Once the fix is ready, I'll submit a unittest to help with regression
> testing PKCS7 sign-encrypt-decrypt-verify.
A fix is currently being reviewed. It includes a test. It just happense that
the standard CMS/PKCS#7 tests use a very short content length. If it is a
little longer they trigger the bug.
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users