<div dir="ltr"><div dir="ltr">Hi Alon,<div><br></div><div>I am able to reproduce this issue with 1.1.1i</div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">echo "hello world" > msg</span></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><br></span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">/* pkcs1 */</span></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms </span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">openssl cms -verify -in 1.cms -CAfile ca.pem</span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms</span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">openssl cms -verify -in 2.cms -CAfile ca.pem </span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:16px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:16px">/* pss */<span style="font-variant-ligatures:no-common-ligatures"></span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss</span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">openssl cms -verify -in 1.cms -CAfile ca.pem</span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss</span></p>
<p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo"><span style="font-variant-ligatures:no-common-ligatures"><font color="#ff0000">openssl cms -verify -in 2.cms -CAfile ca.pem</font></span></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo"><br></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo"><span style="font-variant-ligatures:no-common-ligatures"><font color="#000000"><br></font></span></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo"><span style="font-variant-ligatures:no-common-ligatures"><font color="#000000">Thanks,</font></span></p><p style="margin:0px;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo"><span style="font-variant-ligatures:no-common-ligatures"><font color="#000000">Thulasi.</font></span></p></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 19 Feb 2021 at 13:16, Alon Bar-Lev <<a href="mailto:alon.barlev@gmail.com">alon.barlev@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="auto">Hello OpenSSL masters,</div><div dir="auto"><br></div><div dir="auto">Can someone please try to reproduce the below issue?</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Alon</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 13 Feb 2021 at 23:23 Alon Bar-Lev <<a href="mailto:alon.barlev@gmail.com" target="_blank">alon.barlev@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div dir="ltr"><div>Hello,</div><div><br></div><div>I am trying to resign a CMS using the openssl tool.</div><div><br></div><div>When I use RSA-PKCS1 everything is working fine.</div><div><br></div><div>When I use RSA-PSS it seems like the asn1 is produced corrupted, I do not see the signature in asn1dump. <br></div><div><br></div><div>I prepared a demo[1] to help people reproduce the issue, tested with openssl-1.1.1i.</div><div><br></div><div>The script output pasted below shows that CMS resign without PSS works correctly, while the same sequence with PSS produces a corrupted CMS file.</div><div><br></div><div>What am I doing wrong?</div><div><br></div><div>Regards,</div><div>Alon Bar-Lev<br></div><div><br></div><div>
<div>[1] <a href="https://github.com/alonbl/openssl-cms-pss" target="_blank">https://github.com/alonbl/openssl-cms-pss</a></div>

</div><div><br></div><div>---</div><div><br></div><div>===============<br>CMS without PSS<br>===============<br>cms -sign 1.cms<br>cms -verify 1.cms<br>hello world<br>Verification successful<br>cms -resign 1.cms to 2.cms<br>cms -verify 2.cms<br>hello world<br>Verification successful<br>===============<br>CMS with PSS<br>===============<br>cms -sign 1.cms<br>cms -verify 1.cms<br>hello world<br>Verification successful<br>cms -resign 1.cms to 2.cms<br>cms -verify 2.cms<br>Error reading S/MIME message<br>140438977062208:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:../crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR<br>140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo<br>140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:614:Field=signerInfos, Type=CMS_SignedData<br>140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:<br>140438977062208:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo<br>FATAL: verify 2.cms failed</div><div><br></div><div><br></div></div>
</blockquote></div></div>
</blockquote></div>