openssl cms resign with RSA-PSS corrupts the CMS(?)

Thulasi Goriparthi thulasi.goriparthi at gmail.com
Fri Feb 19 20:02:51 UTC 2021 

With PSS,  for the first signature, PSS alg ID and params are encoded
correctly, but not for the second signature(resign).

2542:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities

 2553:d=7  hl=2 l= 108 cons: SET

 2555:d=8  hl=2 l= 106 cons: SEQUENCE

 2557:d=9  hl=2 l=  11 cons: SEQUENCE

 2559:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc

 2570:d=9  hl=2 l=  11 cons: SEQUENCE

 2572:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc

 2583:d=9  hl=2 l=  11 cons: SEQUENCE

 2585:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc

 2596:d=9  hl=2 l=  10 cons: SEQUENCE

 2598:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc

 2608:d=9  hl=2 l=  14 cons: SEQUENCE

 2610:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2620:d=10 hl=2 l=   2 prim: INTEGER           :80

 2624:d=9  hl=2 l=  13 cons: SEQUENCE

 2626:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2636:d=10 hl=2 l=   1 prim: INTEGER           :40

 2639:d=9  hl=2 l=   7 cons: SEQUENCE

 2641:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc

 2648:d=9  hl=2 l=  13 cons: SEQUENCE

 2650:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2660:d=10 hl=2 l=   1 prim: INTEGER           :28

 2663:d=5  hl=2 l=   0 cons: SEQUENCE

 2665:d=5  hl=2 l=   0 prim: OCTET STRING

 2667:d=4  hl=4 l= 723 cons: SEQUENCE

 2671:d=5  hl=2 l=   1 prim: INTEGER           :01

 2674:d=5  hl=3 l= 149 cons: SEQUENCE

 2677:d=6  hl=3 l= 143 cons: SEQUENCE

 2680:d=7  hl=2 l=  11 cons: SET

 2682:d=8  hl=2 l=   9 cons: SEQUENCE

 2684:d=9  hl=2 l=   3 prim: OBJECT            :countryName

 2689:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :IN

 2693:d=7  hl=2 l=  11 cons: SET
==multiple lines truncated==

2949:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities

 2960:d=7  hl=2 l= 108 cons: SET

 2962:d=8  hl=2 l= 106 cons: SEQUENCE

 2964:d=9  hl=2 l=  11 cons: SEQUENCE

 2966:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc

 2977:d=9  hl=2 l=  11 cons: SEQUENCE

 2979:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc

 2990:d=9  hl=2 l=  11 cons: SEQUENCE

 2992:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc

 3003:d=9  hl=2 l=  10 cons: SEQUENCE

 3005:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc

 3015:d=9  hl=2 l=  14 cons: SEQUENCE

 3017:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3027:d=10 hl=2 l=   2 prim: INTEGER           :80

 3031:d=9  hl=2 l=  13 cons: SEQUENCE

 3033:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3043:d=10 hl=2 l=   1 prim: INTEGER           :40

 3046:d=9  hl=2 l=   7 cons: SEQUENCE

 3048:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc

 3055:d=9  hl=2 l=  13 cons: SEQUENCE

 3057:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3067:d=10 hl=2 l=   1 prim: INTEGER           :28

 3070:d=5  hl=2 l=  62 cons: SEQUENCE

 3072:d=6  hl=2 l=   9 prim: OBJECT            :rsassaPss

 3083:d=6  hl=2 l=  49 cons: SEQUENCE

 3085:d=7  hl=2 l=  13 cons: cont [ 0 ]

 3087:d=8  hl=2 l=  11 cons: SEQUENCE

 3089:d=9  hl=2 l=   9 prim: OBJECT            :sha256

 3100:d=7  hl=2 l=  26 cons: cont [ 1 ]

 3102:d=8  hl=2 l=  24 cons: SEQUENCE

 3104:d=9  hl=2 l=   9 prim: OBJECT            :mgf1

 3115:d=9  hl=2 l=  11 cons: SEQUENCE

 3117:d=10 hl=2 l=   9 prim: OBJECT            :sha256

 3128:d=7  hl=2 l=   4 cons: cont [ 2 ]

 3130:d=8  hl=2 l=   2 prim: INTEGER           :DE

 3134:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX
DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF31
23B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007


Thanks,

Thulasi.


On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <alon.barlev at gmail.com> wrote:

> Thanks!
> Was about to write... I tested both 1.1 and master branches and result is
> the same.
>
>
> On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <
> thulasi.goriparthi at gmail.com> wrote:
>
>> I am able to reproduce this issue with 1.1.1j too.
>>
>> openssl version -a
>>
>> OpenSSL 1.1.1j  16 Feb 2021
>>
>> built on: Fri Feb 19 18:56:06 2021 UTC
>>
>> platform: darwin64-x86_64-cc
>>
>> options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
>>
>> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC
>> -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
>> -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
>> -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM
>> -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT
>> -DNDEBUG
>>
>> OPENSSLDIR: "/usr/local/ssl"
>>
>> ENGINESDIR: "/usr/local/lib/engines-1.1"
>>
>> Seeding source: os-specific
>>
>> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt
>> rsa_padding_mode:pss
>>
>> openssl cms -verify -in 1.cms -CAfile ca.pem
>>
>> Content-Type: text/plain
>>
>>
>> hello world
>>
>> Verification successful
>>
>> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt
>> rsa_padding_mode:pss
>>
>> openssl cms -verify -in 2.cms -CAfile ca.pem
>>
>> Error reading S/MIME message
>>
>> 4757167552:error:0D078079:asn1 encoding
>> routines:asn1_item_embed_d2i:field
>> missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
>>
>> 4757167552:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm,
>> Type=CMS_SignerInfo
>>
>> 4757167552:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData
>>
>> 4757167552:error:0D08303A:asn1 encoding
>> routines:asn1_template_noexp_d2i:nested asn1
>> error:crypto/asn1/tasn_dec.c:646:
>>
>> 4757167552:error:0D08403A:asn1 encoding
>> routines:asn1_template_ex_d2i:nested asn1
>> error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
>>
>> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode
>> error:crypto/asn1/asn_mime.c:143:
>>
>> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig
>> parse error:crypto/asn1/asn_mime.c:451:
>>
>>
>> Thanks,
>>
>> Thulasi.
>>
>> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <openssl-users at dukhovni.org>
>> wrote:
>>
>>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>>>
>>> > I am able to reproduce this issue with 1.1.1i
>>>
>>> OpenSSL 1.1.1j has been released.  Do you still see the problem with
>>> 1.1.1j?
>>>
>>> --
>>>     Viktor.
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210220/476b02dd/attachment-0001.html>

More information about the openssl-users mailing list