Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks!
Was about to write... I tested both 1.1 and master branches and result is the same. 


On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <thulasi.goriparthi@xxxxxxxxx> wrote:
I am able to reproduce this issue with 1.1.1j too.

openssl version -a

OpenSSL 1.1.1j  16 Feb 2021

built on: Fri Feb 19 18:56:06 2021 UTC

platform: darwin64-x86_64-cc

options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 

compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG

OPENSSLDIR: "/usr/local/ssl"

ENGINESDIR: "/usr/local/lib/engines-1.1"

Seeding source: os-specific


openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 1.cms -CAfile ca.pem

Content-Type: text/plain


hello world

Verification successful

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 2.cms -CAfile ca.pem

Error reading S/MIME message

4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:

4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo

4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:

4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:


Thanks,

Thulasi.


On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:

> I am able to reproduce this issue with 1.1.1i

OpenSSL 1.1.1j has been released.  Do you still see the problem with
1.1.1j?

--
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux