openssl cms resign with RSA-PSS corrupts the CMS(?)

Thulasi Goriparthi thulasi.goriparthi at gmail.com
Fri Feb 19 19:04:06 UTC 2021 

I am able to reproduce this issue with 1.1.1j too.

openssl version -a

OpenSSL 1.1.1j  16 Feb 2021

built on: Fri Feb 19 18:56:06 2021 UTC

platform: darwin64-x86_64-cc

options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)

compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT
-DNDEBUG

OPENSSLDIR: "/usr/local/ssl"

ENGINESDIR: "/usr/local/lib/engines-1.1"

Seeding source: os-specific

openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt
rsa_padding_mode:pss

openssl cms -verify -in 1.cms -CAfile ca.pem

Content-Type: text/plain


hello world

Verification successful

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt
rsa_padding_mode:pss

openssl cms -verify -in 2.cms -CAfile ca.pem

Error reading S/MIME message

4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field
missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR

4757167552:error:0D08303A:asn1 encoding
routines:asn1_template_noexp_d2i:nested asn1
error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm,
Type=CMS_SignerInfo

4757167552:error:0D08303A:asn1 encoding
routines:asn1_template_noexp_d2i:nested asn1
error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData

4757167552:error:0D08303A:asn1 encoding
routines:asn1_template_noexp_d2i:nested asn1
error:crypto/asn1/tasn_dec.c:646:

4757167552:error:0D08403A:asn1 encoding
routines:asn1_template_ex_d2i:nested asn1
error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo

4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode
error:crypto/asn1/asn_mime.c:143:

4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig
parse error:crypto/asn1/asn_mime.c:451:


Thanks,

Thulasi.

On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:

> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>
> > I am able to reproduce this issue with 1.1.1i
>
> OpenSSL 1.1.1j has been released.  Do you still see the problem with
> 1.1.1j?
>
> --
>     Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210220/1ee6c639/attachment.html>

More information about the openssl-users mailing list