Hello OpenSSL masters,
Can someone please try to reproduce the below issue?
Thanks,
Alon
On Sat, 13 Feb 2021 at 23:23 Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:
Hello,I am trying to resign a CMS using the openssl tool.When I use RSA-PKCS1 everything is working fine.When I use RSA-PSS it seems like the asn1 is produced corrupted, I do not see the signature in asn1dump.I prepared a demo[1] to help people reproduce the issue, tested with openssl-1.1.1i.The script output pasted below shows that CMS resign without PSS works correctly, while the same sequence with PSS produces a corrupted CMS file.What am I doing wrong?Regards,Alon Bar-Lev---===============
CMS without PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
hello world
Verification successful
===============
CMS with PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
Error reading S/MIME message
140438977062208:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:../crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:614:Field=signerInfos, Type=CMS_SignedData
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:
140438977062208:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
FATAL: verify 2.cms failed
