Message ID | 20180824123345.24247-1-Denis.Osterland@diehl.com |
---|---|
State | Accepted |
Headers | show |
Series | signature: fix signature verify failed with openssl-1.1.0 | expand |
On 24/08/2018 14:34, Denis OSTERLAND wrote: > OpenSSL 1.1.0 fails to verify sw-description signature, > when using documented "openssl cms -sign ... -binary" to generate it. > This patch add CMS_BINARY to verify call. > > Signed-off-by: Denis Osterland <Denis.Osterland@diehl.com> > --- > corelib/verify_signature.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/corelib/verify_signature.c b/corelib/verify_signature.c > index 664f680..5bb433b 100644 > --- a/corelib/verify_signature.c > +++ b/corelib/verify_signature.c > @@ -298,7 +298,8 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile, > } > > /* Then try to verify signature */ > - if (!CMS_verify(cms, NULL, dgst->certs, content_bio, NULL, 0)) { > + if (!CMS_verify(cms, NULL, dgst->certs, content_bio, > + NULL, CMS_BINARY)) { > ERR_print_errors_fp(stderr); > ERROR("Signature verification failed"); > status = -EBADMSG; > Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/corelib/verify_signature.c b/corelib/verify_signature.c index 664f680..5bb433b 100644 --- a/corelib/verify_signature.c +++ b/corelib/verify_signature.c @@ -298,7 +298,8 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile, } /* Then try to verify signature */ - if (!CMS_verify(cms, NULL, dgst->certs, content_bio, NULL, 0)) { + if (!CMS_verify(cms, NULL, dgst->certs, content_bio, + NULL, CMS_BINARY)) { ERR_print_errors_fp(stderr); ERROR("Signature verification failed"); status = -EBADMSG;
OpenSSL 1.1.0 fails to verify sw-description signature, when using documented "openssl cms -sign ... -binary" to generate it. This patch add CMS_BINARY to verify call. Signed-off-by: Denis Osterland <Denis.Osterland@diehl.com> --- corelib/verify_signature.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)