CMS routines:CMS_add1_signer:no default digest

When using `openssl cms` to sign a file, it fails with `40E7DCBC0B770000:error:17000080:CMS routines:CMS_add1_signer:no default digest:crypto/cms/cms_sd.c:390:pkey nid=6` unless the `-md` option is specified.

1. Create TPM-backed CMS cert & key (I used [a script](https://gitlab.archlinux.org/archlinux/testing-release-tpm-stuff/-/blob/master/.gitlab/ci/make_codesigning_keys.sh)). 
2. Sign a file:
```sh
$ echo 1 > testdata
$ openssl cms -sign -provider tpm2 -provider default -propquery '?provider=tpm2' -binary -nocerts -noattr -outform DER -out testdata.cms.sig -in testdata -signer testcert.pem -inkey testkey.pem
```
```
40E7DCBC0B770000:error:17000080:CMS routines:CMS_add1_signer:no default digest:crypto/cms/cms_sd.c:390:pkey nid=6
```

This does not happen with non-TPM keys and the digest algorithm of the key is correctly used.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CMS routines:CMS_add1_signer:no default digest #117

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CMS routines:CMS_add1_signer:no default digest #117

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions