openssl cms resign with RSA-PSS corrupts the CMS(?)

Alon Bar-Lev alon.barlev at gmail.com
Fri Feb 19 19:10:02 UTC 2021


Thanks!
Was about to write... I tested both 1.1 and master branches and result is
the same.


On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <
thulasi.goriparthi at gmail.com> wrote:

> I am able to reproduce this issue with 1.1.1j too.
>
> openssl version -a
>
> OpenSSL 1.1.1j  16 Feb 2021
>
> built on: Fri Feb 19 18:56:06 2021 UTC
>
> platform: darwin64-x86_64-cc
>
> options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
>
> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC
> -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
> -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
> -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM
> -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT
> -DNDEBUG
>
> OPENSSLDIR: "/usr/local/ssl"
>
> ENGINESDIR: "/usr/local/lib/engines-1.1"
>
> Seeding source: os-specific
>
> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt
> rsa_padding_mode:pss
>
> openssl cms -verify -in 1.cms -CAfile ca.pem
>
> Content-Type: text/plain
>
>
> hello world
>
> Verification successful
>
> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt
> rsa_padding_mode:pss
>
> openssl cms -verify -in 2.cms -CAfile ca.pem
>
> Error reading S/MIME message
>
> 4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field
> missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
>
> 4757167552:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm,
> Type=CMS_SignerInfo
>
> 4757167552:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData
>
> 4757167552:error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1
> error:crypto/asn1/tasn_dec.c:646:
>
> 4757167552:error:0D08403A:asn1 encoding
> routines:asn1_template_ex_d2i:nested asn1
> error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
>
> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode
> error:crypto/asn1/asn_mime.c:143:
>
> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig
> parse error:crypto/asn1/asn_mime.c:451:
>
>
> Thanks,
>
> Thulasi.
>
> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <openssl-users at dukhovni.org>
> wrote:
>
>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>>
>> > I am able to reproduce this issue with 1.1.1i
>>
>> OpenSSL 1.1.1j has been released.  Do you still see the problem with
>> 1.1.1j?
>>
>> --
>>     Viktor.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210219/7768c879/attachment-0001.html>


More information about the openssl-users mailing list