Any timeframe for the 1.1.1c release?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Any timeframe for the 1.1.1c release?

Tomas Mraz-2
Hi OpenSSL developers,

when is the 1.1.1c expected to be released? There were plenty of bug
fixes committed to the 1.1.1 branch since the 1.1.1b release. Is the
1.1.1c release imminent?

Regards,
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: Any timeframe for the 1.1.1c release?

Matt Caswell-2


On 02/05/2019 10:39, Tomas Mraz wrote:
> Hi OpenSSL developers,
>
> when is the 1.1.1c expected to be released? There were plenty of bug
> fixes committed to the 1.1.1 branch since the 1.1.1b release. Is the
> 1.1.1c release imminent?

There are no plans at the moment.

Matt

Reply | Threaded
Open this post in threaded view
|

Re: Any timeframe for the 1.1.1c release?

Viktor Dukhovni
> On May 2, 2019, at 12:09 PM, Matt Caswell <[hidden email]> wrote:
>
>> when is the 1.1.1c expected to be released? There were plenty of bug
>> fixes committed to the 1.1.1 branch since the 1.1.1b release. Is the
>> 1.1.1c release imminent?
>
> There are no plans at the moment.

There should perhaps be a 1.1.1c soonish...  There are indeed many useful
improvements committed, but not yet released.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

How to Sign and Encrypt in CMS ?

Dr. Pala
In reply to this post by Matt Caswell-2

Hi All,

small question - I was playing around with the CMS interface and I was wondering what is the right way to generate a signed and encrypted CMS. In particular, for PKCS#7, you could use the signed_and_encrypted choice... but in CMS, there is the envelopedData ... but that does not allow for signing... ??? And for the signed data, there is the signedData type... but that does not allow for encryption... The EncryptedData is for use with PSK - not a case I am interested into...

So... what is the right way of doing it ?

And when you receive such CMS, how do you extract the encryption algorithm from the EnvelopedData/EncryptedContentInfo (I can not find the helper function...) ?

Cheers,
Max

--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
Reply | Threaded
Open this post in threaded view
|

Re: How to Sign and Encrypt in CMS ?

Wim Lewis-3

On May 5, 2019, at 7:13 PM, Dr. Pala <[hidden email]> wrote:
> small question - I was playing around with the CMS interface and I was wondering what is the right way to generate a signed and encrypted CMS. In particular, for PKCS#7, you could use the signed_and_encrypted choice... but in CMS, there is the envelopedData ... but that does not allow for signing... ??? And for the signed data, there is the signedData type... but that does not allow for encryption... The EncryptedData is for use with PSK - not a case I am interested into...

There are two common approaches that I know of:

- You can combine a SignedData and an EnvelopedData. Depending on your use case you may want to sign first and then envelop(e), or envelope first and then sign. (IIRC, one of the RFCs suggests sign-envelop-sign, though I can't find that text right now.)

- You can use the AuthenticatedEnvelopedData type from RFC5083, with an AEAD cipher mode. (This does not provide a signature, but it does provide an integrity check which may be sufficient for your needs. You can also combine it with SignedData, of course.)

Note that SignedAndEnvelopedData is part of PKCS#7 but wasn't included in CMS; even PKCS#7 (RFC2315) suggests that "the sequential combination of signed-data and enveloped-data content types is generally preferable to the SignedAndEnvelopedData content type" unless you need it for compatibility reasons.

Also, last time I tried, OpenSSL's API made it kind of tricky to produce a correctly formed sign-envelop or envelop-sign message; that may have improved since then, though.


Reply | Threaded
Open this post in threaded view
|

Re: How to Sign and Encrypt in CMS ?

Antonio Iacono
In reply to this post by Dr. Pala


I was playing around with the CMS interface and I was wondering what is the right way to generate a signed and encrypted CMS.




iijkmgiafamdaajo.png (4K) Download Attachment