File signing/encrypting upgrade from 1.0.2 to 1.1.0

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
Hello,

I'm using the openssl-libs for signing/encrypting files in PKCS#7
format. When trying to upgrade from 1.0.2 to 1.1.0 the code stops
working properly: Files are generated, but the formating is broken.
When trying to decrypt the generated files, I get:

Error in encoding
6252:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:crypto\asn1\asn1_lib.c:91:

(that's it, really).

Could you please point me to what I'm missing? I have tried to find
something useful in changslogs and docs, but I couldn't find a helping
hint (and I don't really know what t look for, too)

I have made a minimal working example as well as a small testfile and
test key/cert in the attached zip-file (should compile on all platforms
supported by openssl). But beware: absolutly *no* error-checking at all
in there, it is assumed, all is in the same place, testfile, key, cert,
and program.

Thanks a lot, and a happy weekend! :)

--
MfG Jan

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

TestCrypt.zip (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
Hi again,

Am Fri, 23 Mar 2018 18:03:17 +0100
schrieb Jan Kohnert <[hidden email]>:

> I'm using the openssl-libs for signing/encrypting files in PKCS#7
> format. When trying to upgrade from 1.0.2 to 1.1.0 the code stops
> working properly: Files are generated, but the formating is broken.
> When trying to decrypt the generated files, I get:
>
> Error in encoding
> 6252:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
> long:crypto\asn1\asn1_lib.c:91:

I just compiled the code on Linux (with the small changes to let it
compile and link), and it works for 1.1.0g, so it seems to be a
Windows-specific problem (I can reproduce that in 32 and 64bit Win).
Bug?

Best regards, Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

OpenSSL - User mailing list
How big is the file?  Could it be bigger than 32 vs 64 bit platforms?

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Sergio NNX
In reply to this post by Jan Kohnert-2

I've just built it (manually) on Windows and I don't see any error messages.


A few points/questions:


- Why cmake?

- I does not build/compile at all.

- Why is this line here: #include <openssl/applink.c> ? I get a compilation error! 😱

- Why are we adding these libraries: odbc32 advapi32 ?



CMake Error at CMakeLists.txt:9 (find_package):
  By not providing "FindOpenSSLSyn.cmake" in CMAKE_MODULE_PATH this project
  has asked CMake to find a package configuration file provided by
  "OpenSSLSyn", but CMake did not find one.

  Could not find a package configuration file provided by "OpenSSLSyn"
  (requested version 1.1.0) with any of the following names:

    OpenSSLSynConfig.cmake
    opensslsyn-config.cmake

  Add the installation prefix of "OpenSSLSyn" to CMAKE_PREFIX_PATH or set
  "OpenSSLSyn_DIR" to a directory containing one of the above files.  If
  "OpenSSLSyn" provides a separate development package or SDK, be sure it has
  been installed.


-- Configuring incomplete, errors occurred!




From: openssl-users <[hidden email]> on behalf of Jan Kohnert <[hidden email]>
Sent: Saturday, 24 March 2018 5:25 AM
To: [hidden email]
Subject: Re: [openssl-users] File signing/encrypting upgrade from 1.0.2 to 1.1.0
 
Hi again,

Am Fri, 23 Mar 2018 18:03:17 +0100
schrieb Jan Kohnert <[hidden email]>:

> I'm using the openssl-libs for signing/encrypting files in PKCS#7
> format. When trying to upgrade from 1.0.2 to 1.1.0 the code stops
> working properly: Files are generated, but the formating is broken.
> When trying to decrypt the generated files, I get:
>
> Error in encoding
> 6252:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
> long:crypto\asn1\asn1_lib.c:91:

I just compiled the code on Linux (with the small changes to let it
compile and link), and it works for 1.1.0g, so it seems to be a
Windows-specific problem (I can reproduce that in 32 and 64bit Win).
Bug?

Best regards, Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

OpenSSL - User mailing list
In reply to this post by OpenSSL - User mailing list
Did you specify the -md flag on either/both?
https://www.openssl.org/docs/faq.html#USER3



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Matt Caswell-2
In reply to this post by Jan Kohnert-2
Your minimal working example only does the encrypt side. Please could
you show the decrypt side too that demonstrates the error.

Matt


On 23/03/18 18:25, Jan Kohnert wrote:

> Hi again,
>
> Am Fri, 23 Mar 2018 18:03:17 +0100
> schrieb Jan Kohnert <[hidden email]>:
>
>> I'm using the openssl-libs for signing/encrypting files in PKCS#7
>> format. When trying to upgrade from 1.0.2 to 1.1.0 the code stops
>> working properly: Files are generated, but the formating is broken.
>> When trying to decrypt the generated files, I get:
>>
>> Error in encoding
>> 6252:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
>> long:crypto\asn1\asn1_lib.c:91:
>
> I just compiled the code on Linux (with the small changes to let it
> compile and link), and it works for 1.1.0g, so it seems to be a
> Windows-specific problem (I can reproduce that in 32 and 64bit Win).
> Bug?
>
> Best regards, Jan
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Matt Caswell-2
In reply to this post by Jan Kohnert-2


On 23/03/18 17:03, Jan Kohnert wrote:

> Hello,
>
> I'm using the openssl-libs for signing/encrypting files in PKCS#7
> format. When trying to upgrade from 1.0.2 to 1.1.0 the code stops
> working properly: Files are generated, but the formating is broken.
> When trying to decrypt the generated files, I get:
>
> Error in encoding
> 6252:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
> long:crypto\asn1\asn1_lib.c:91:
>
> (that's it, really).
>
> Could you please point me to what I'm missing? I have tried to find
> something useful in changslogs and docs, but I couldn't find a helping
> hint (and I don't really know what t look for, too)
>
> I have made a minimal working example as well as a small testfile and
> test key/cert in the attached zip-file (should compile on all platforms
> supported by openssl). But beware: absolutly *no* error-checking at all
> in there, it is assumed, all is in the same place, testfile, key, cert,
> and program.
>
> Thanks a lot, and a happy weekend! :)

Also what happens if you change this line:

   bioCryptedData = BIO_new_file("testfile.crypt", "w");

to

   bioCryptedData = BIO_new_file("testfile.crypt", "wb");


Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
In reply to this post by Matt Caswell-2
Hi,

Am Fri, 23 Mar 2018 21:14:30 +0000
schrieb Matt Caswell <[hidden email]>:

> Your minimal working example only does the encrypt side. Please could
> you show the decrypt side too that demonstrates the error.

The problem is on the encryption/signing side: the signed/encrypted
files are broken.

A test on the files generated by the demonstration code can be done via
the openssl binary:

openssl smime -decrypt -inform DER -in testfile.crypt -inkey local.key
-out test.s

fails with the reported error for encryption/signing done using the
provided code on the Windows platform for version 1.1.0.

Best regards Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
In reply to this post by OpenSSL - User mailing list
Hi,

Am Fri, 23 Mar 2018 18:32:28 +0000
schrieb "Salz, Rich via openssl-users" <[hidden email]>:

> How big is the file?  Could it be bigger than 32 vs 64 bit platforms?

the testfile in the zip is only a few bytes. The problem exists for
larger files, too (I didn't try *really* large files, though)

Best regards Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
In reply to this post by Matt Caswell-2
Am Fri, 23 Mar 2018 21:22:02 +0000
schrieb Matt Caswell <[hidden email]>:

> Also what happens if you change this line:
>
>    bioCryptedData = BIO_new_file("testfile.crypt", "w");
>
> to
>
>    bioCryptedData = BIO_new_file("testfile.crypt", "wb");

good point, thanks. I'll test that on Monday and report back.

Best regards Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
In reply to this post by Sergio NNX
Hi,

Am Fri, 23 Mar 2018 18:45:22 +0000
schrieb Sergio NNX <[hidden email]>:

> I've just built it (manually) on Windows and I don't see any error
> messages.

maybe I didn't make myself clear enough, so:
The code comiles just fine, the problem is the broken asn1 strucure in
the generated files. I managed the encryption part using "wb"
instead of "w" when finally writing the file, but the signing is still
broken with 1.1, and working with 1.0 using the same code on Windows. I
tested Linux using that code, and it works just fine.

> A few points/questions:
>
>
> - Why cmake?

Well, this is part of a larger software bundle, so a build environment
is needed. And I like cmake. :)

> - I does not build/compile at all.
>
> - Why is this line here: #include <openssl/applink.c> ? I get a
> compilation error! 😱

It's in there because it was documented to use it on windows. I manually
copied the file to the appropriate place after compiling/installing
openssl, but if it is not needed anymore, I can remove the line.

> - Why are we adding these libraries: odbc32 advapi32 ?

Again, larger bundle, I forgot to remove them for that small excerpt,
they're not needed here. (but don't change anything, too)..

> CMake Error at CMakeLists.txt:9 (find_package):
>   By not providing "FindOpenSSLSyn.cmake" in CMAKE_MODULE_PATH this
> project has asked CMake to find a package configuration file provided
> by "OpenSSLSyn", but CMake did not find one.
 
And, again: that should have read OpenSSL instead of OpenSSLSyn, and
the libs should read OpenSSL::Crypto. I have to use a special finder
to get the includes/libs to compile, but that's only a compile/link
issue...

Best regards, Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
In reply to this post by Jan Kohnert-2
Hi,

Am Sat, 24 Mar 2018 01:22:21 +0100
schrieb Jan Kohnert <[hidden email]>:

> Am Fri, 23 Mar 2018 21:22:02 +0000
> schrieb Matt Caswell <[hidden email]>:
>
> > Also what happens if you change this line:
> >
> >    bioCryptedData = BIO_new_file("testfile.crypt", "w");
> >
> > to
> >
> >    bioCryptedData = BIO_new_file("testfile.crypt", "wb");  
>
> good point, thanks. I'll test that on Monday and report back.

That one works for the encryption part,however, the signing is still
broken. Here's what I get trying to verify the decrypted generated file:

D:\Develop\TestCrypt\build>openssl smime -decrypt -inform DER -in
testfile.crypt -out testfile.sig -inkey local.key

D:\Develop\TestCrypt\build>openssl smime -verify -inform DER -in
testfile.sig -out testfile.txt_neu -CAfile local.cert
Error reading S/MIME message
4404:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:crypt o\asn1\asn1_lib.c:101:
4404:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object
header:cry pto\asn1\tasn_dec.c:1100:
4404:error:0D08303A:asn1 encoding
routines:asn1_template_noexp_d2i:nested asn1
error:crypto\asn1\tasn_dec.c:536:Field=cert, Type=PKCS7_SIGNED
4404:error:0D08303A:asn1 encoding
routines:asn1_template_noexp_d2i:nested asn1
error:crypto\asn1\tasn_dec.c:609: 4404:error:0D08403A:asn1 encoding
routines:asn1_template_ex_d2i:nested asn1
error:crypto\asn1\tasn_dec.c:460:Field=d.sign, Type=PKCS7

D:\Develop\TestCrypt\build>  

Best regards Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Viktor Dukhovni


> On Mar 27, 2018, at 1:36 PM, Jan Kohnert <[hidden email]> wrote:
>
> openssl smime -verify -inform DER -in
> testfile.sig -out testfile.txt_neu -CAfile local.cert

That looks odd. S/MIME is not usually DER encoded. What does
testfile.sig look like?    Why are you using S/MIME and not
CMS?

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Sergio NNX
In reply to this post by Jan Kohnert-2

> The code comiles just fine

Unfortunately, it does NOT compile fine on my system (and I guess the same occurs on several others!)


Can you fix all these various issues and post an updated zip file so I can test it again?


Cheers.





> A few points/questions:
>
>
> - Why cmake?

Well, this is part of a larger software bundle, so a build environment
is needed. And I like cmake. :)

> - I does not build/compile at all.
>
> - Why is this line here: #include <openssl/applink.c> ? I get a
> compilation error! 😱

It's in there because it was documented to use it on windows. I manually
copied the file to the appropriate place after compiling/installing
openssl, but if it is not needed anymore, I can remove the line.

> - Why are we adding these libraries: odbc32 advapi32 ?

Again, larger bundle, I forgot to remove them for that small excerpt,
they're not needed here. (but don't change anything, too)..

> CMake Error at CMakeLists.txt:9 (find_package):
>   By not providing "FindOpenSSLSyn.cmake" in CMAKE_MODULE_PATH this
> project has asked CMake to find a package configuration file provided
> by "OpenSSLSyn", but CMake did not find one.
 
And, again: that should have read OpenSSL instead of OpenSSLSyn, and
the libs should read OpenSSL::Crypto. I have to use a special finder
to get the includes/libs to compile, but that's only a compile/link
issue...

Best regards, Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
Hi,

Am Tue, 27 Mar 2018 18:24:25 +0000
schrieb Sergio NNX <[hidden email]>:

> > The code comiles just fine  
>
> Unfortunately, it does NOT compile fine on my system (and I guess the
> same occurs on several others!)

Good, updated the zip file, just tested on Linux here (the local
Windows maschine just installs VS for testing), giving the following
(correct output file format here):

jankoh@kohni-mobil ~/projects/te $ unzip TestCrypt.zip
Archive:  TestCrypt.zip
   creating: TestCrypt/
  inflating: TestCrypt/CMakeLists.txt  
  inflating: TestCrypt/local.cert    
  inflating: TestCrypt/local.key    
   creating: TestCrypt/src/
  inflating: TestCrypt/src/app.cpp  
   creating: TestCrypt/ssl/
  inflating: TestCrypt/ssl/test.conf  
 extracting: TestCrypt/testfile.txt  
jankoh@kohni-mobil ~/projects/te $ ls
TestCrypt  TestCrypt.zip
jankoh@kohni-mobil ~/projects/te $ cd TestCrypt
jankoh@kohni-mobil ~/projects/te/TestCrypt $ la
insgesamt 16K
   0 drwxr-xr-x 4 jankoh users   99 28. Mär 00:25 .
   0 drwxr-xr-x 3 jankoh users   42 28. Mär 00:29 ..
4,0K -rw-r--r-- 1 jankoh users  849 23. Mär 19:19 CMakeLists.txt
4,0K -rw-r--r-- 1 jankoh users 1,1K 23. Mär 12:08 local.cert
4,0K -rw-r--r-- 1 jankoh users 1,7K 23. Mär 12:04 local.key
   0 drwxr-xr-x 2 jankoh users   20 28. Mär 00:22 src
   0 drwxr-xr-x 2 jankoh users   22 23. Mär 12:19 ssl
4,0K -rw-r--r-- 1 jankoh users   27 23. Mär 10:48 testfile.txt
jankoh@kohni-mobil ~/projects/te/TestCrypt $ mkdir build
jankoh@kohni-mobil ~/projects/te/TestCrypt $ cd build/
jankoh@kohni-mobil ~/projects/te/TestCrypt/build $ cmake ..
-- The C compiler identification is GNU 7.3.0
-- The CXX compiler identification is GNU 7.3.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found OpenSSL: /usr/lib/libcrypto.so (found suitable exact version
"1.1.0g") -- Configuring done
-- Generating done
-- Build files have been written
to: /home/jankoh/projects/te/TestCrypt/build jankoh@kohni-mobil
~/projects/te/TestCrypt/build $ make /usr/bin/cmake
-H/home/jankoh/projects/te/TestCrypt
-B/home/jankoh/projects/te/TestCrypt/build --check-build-system
CMakeFiles/Makefile.cmake 0 /usr/bin/cmake -E
cmake_progress_start /home/jankoh/projects/te/TestCrypt/build/CMakeFiles /home/jankoh/projects/te/TestCrypt/build/CMakeFiles/progress.marks
make -f CMakeFiles/Makefile2 all make[1]: Verzeichnis
„/home/jankoh/projects/te/TestCrypt/build“ wird betreten make -f
CMakeFiles/TestCrypt.dir/build.make CMakeFiles/TestCrypt.dir/depend
make[2]: Verzeichnis „/home/jankoh/projects/te/TestCrypt/build“ wird
betreten cd /home/jankoh/projects/te/TestCrypt/build && /usr/bin/cmake
-E cmake_depends "Unix
Makefiles" /home/jankoh/projects/te/TestCrypt /home/jankoh/projects/te/TestCrypt /home/jankoh/projects/te/TestCrypt/build /home/jankoh/projects/te/TestCrypt/build /home/jankoh/projects/te/TestCrypt/build/CMakeFiles/TestCrypt.dir/DependInfo.cmake
--color= Scanning dependencies of target TestCrypt make[2]: Verzeichnis
„/home/jankoh/projects/te/TestCrypt/build“ wird verlassen make -f
CMakeFiles/TestCrypt.dir/build.make CMakeFiles/TestCrypt.dir/build
make[2]: Verzeichnis „/home/jankoh/projects/te/TestCrypt/build“ wird
betreten [ 50%] Building CXX object
CMakeFiles/TestCrypt.dir/src/app.cpp.o /usr/bin/c++     -o
CMakeFiles/TestCrypt.dir/src/app.cpp.o
-c /home/jankoh/projects/te/TestCrypt/src/app.cpp [100%] Linking CXX
executable TestCrypt /usr/bin/cmake -E cmake_link_script
CMakeFiles/TestCrypt.dir/link.txt --verbose=1 /usr/bin/c++
CMakeFiles/TestCrypt.dir/src/app.cpp.o  -o
TestCrypt /usr/lib/libcrypto.so make[2]: Verzeichnis
„/home/jankoh/projects/te/TestCrypt/build“ wird verlassen [100%] Built
target TestCrypt make[1]: Verzeichnis
„/home/jankoh/projects/te/TestCrypt/build“ wird
verlassen /usr/bin/cmake -E
cmake_progress_start /home/jankoh/projects/te/TestCrypt/build/CMakeFiles
0
jankoh@kohni-mobil ~/projects/te/TestCrypt/build $ cp ../testfile.txt .
jankoh@kohni-mobil ~/projects/te/TestCrypt/build $ cp ../local.* .
jankoh@kohni-mobil ~/projects/te/TestCrypt/build $ ./TestCrypt
jankoh@kohni-mobil ~/projects/te/TestCrypt/build $ openssl smime
-decrypt -inform DER -in testfile.crypt -inkey local.key -out
testfile.sig
jankoh@kohni-mobil ~/projects/te/TestCrypt/build $ openssl
smime -verify -inform DER -in testfile.sig -CAfile local.cert Kiss me,
I'm a test file. Verification successful
jankoh@kohni-mobil ~/projects/te/TestCrypt/build $

I removed that applink-thing, too...


Best regards Jan

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

TestCrypt.zip (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
In reply to this post by Viktor Dukhovni
Hi,

Am Tue, 27 Mar 2018 13:42:03 -0400
schrieb Viktor Dukhovni <[hidden email]>:

> > On Mar 27, 2018, at 1:36 PM, Jan Kohnert
> > <[hidden email]> wrote:
> >
> > openssl smime -verify -inform DER -in
> > testfile.sig -out testfile.txt_neu -CAfile local.cert  
>
> That looks odd. S/MIME is not usually DER encoded. What does
> testfile.sig look like?    Why are you using S/MIME and not
> CMS?

This is a German healthcare insurance thing; I have to use the given
input format (and send it the same way). Whould it be possible to use
cms with the same input format?

Best regards Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Viktor Dukhovni


> On Mar 27, 2018, at 6:50 PM, Jan Kohnert <[hidden email]> wrote:
>
> This is a German healthcare insurance thing; I have to use the given
> input format (and send it the same way). Whould it be possible to use
> cms with the same input format?

CMS is the next-generation S/MIME.  It support more than just email
(MIME) encapsulation.

You should check the syntax of the inner object, to make sure it is
what you expected.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
In reply to this post by Jan Kohnert-2
Am 2018-03-28 00:40, schrieb Jan Kohnert:

> Hi,
>
> Am Tue, 27 Mar 2018 18:24:25 +0000
> schrieb Sergio NNX <[hidden email]>:
>
>> > The code comiles just fine
>>
>> Unfortunately, it does NOT compile fine on my system (and I guess the
>> same occurs on several others!)
>
> Good, updated the zip file, just tested on Linux here (the local
> Windows maschine just installs VS for testing), giving the following
> (correct output file format here):
Next update after clean test on another Win32 maschine: there have to
be crypt32.lib and ws2_32.lib libs linked, besides that the code is
unchanged. As the code produces correct asn1 files on Linux (see
previous mail), it now looks even more like a bug in the
crypto-library on Windows...

Following output:
C:\Users\Alkes\Downloads\TestCrypt>dir
  Datenträger in Laufwerk C: ist OS
  Volumeseriennummer: 1E39-A7D1

  Verzeichnis von C:\Users\Alkes\Downloads\TestCrypt

29.03.2018  08:53    <DIR>          .
29.03.2018  08:53    <DIR>          ..
29.03.2018  08:52               877 CMakeLists.txt
29.03.2018  08:33             1.038 local.cert
29.03.2018  08:33             1.708 local.key
29.03.2018  08:33    <DIR>          src
29.03.2018  08:33    <DIR>          ssl
29.03.2018  08:33                27 testfile.txt
                4 Datei(en),          3.650 Bytes
                4 Verzeichnis(se), 276.550.766.592 Bytes frei

C:\Users\Alkes\Downloads\TestCrypt>mkdir build

C:\Users\Alkes\Downloads\TestCrypt>cd build

C:\Users\Alkes\Downloads\TestCrypt\build>cmake .. -G"NMake Makefiles"
-- The C compiler identification is MSVC 19.0.24215.1
-- The CXX compiler identification is MSVC 19.0.24215.1
-- Check for working C compiler: C:/Program Files (x86)/Microsoft
Visual Studio
14.0/VC/bin/cl.exe
-- Check for working C compiler: C:/Program Files (x86)/Microsoft
Visual Studio
14.0/VC/bin/cl.exe -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working CXX compiler: C:/Program Files (x86)/Microsoft
Visual Studi
o 14.0/VC/bin/cl.exe
-- Check for working CXX compiler: C:/Program Files (x86)/Microsoft
Visual Studi
o 14.0/VC/bin/cl.exe -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found OpenSSL: C:/Program Files (x86)/openssl/lib/libcrypto.lib
(found suitab
le exact version "1.1.0g")
-- Configuring done
-- Generating done
-- Build files have been written to:
C:/Users/Alkes/Downloads/TestCrypt/build

C:\Users\Alkes\Downloads\TestCrypt\build>nmake

Microsoft (R) Program Maintenance Utility, Version 14.00.24210.0
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.

         "C:\Program Files\CMake\bin\cmake.exe"
-HC:\Users\Alkes\Downloads\TestCr
ypt -BC:\Users\Alkes\Downloads\TestCrypt\build --check-build-system
CMakeFiles\M
akefile.cmake 0
         "C:\Program Files\CMake\bin\cmake.exe" -E cmake_progress_start
C:\Users\
Alkes\Downloads\TestCrypt\build\CMakeFiles
C:\Users\Alkes\Downloads\TestCrypt\bu
ild\CMakeFiles\progress.marks
         "C:\Program Files (x86)\Microsoft Visual Studio
14.0\VC\BIN\nmake.exe" -
f CMakeFiles\Makefile2 /nologo -                   all
         "C:\Program Files (x86)\Microsoft Visual Studio
14.0\VC\BIN\nmake.exe" -
f CMakeFiles\TestCrypt.dir\build.make /nologo -L                  
CMakeFiles\Tes
tCrypt.dir\depend
         "C:\Program Files\CMake\bin\cmake.exe" -E cmake_depends "NMake
Makefiles
" C:\Users\Alkes\Downloads\TestCrypt C:\Users\Alkes\Downloads\TestCrypt
C:\Users
\Alkes\Downloads\TestCrypt\build
C:\Users\Alkes\Downloads\TestCrypt\build C:\Use
rs\Alkes\Downloads\TestCrypt\build\CMakeFiles\TestCrypt.dir\DependInfo.cmake
--c
olor=
Scanning dependencies of target TestCrypt
         "C:\Program Files (x86)\Microsoft Visual Studio
14.0\VC\BIN\nmake.exe" -
f CMakeFiles\TestCrypt.dir\build.make /nologo -L                  
CMakeFiles\Tes
tCrypt.dir\build
[ 50%] Building CXX object CMakeFiles/TestCrypt.dir/src/app.cpp.obj
         C:\PROGRA~2\MICROS~1.0\VC\bin\cl.exe
@C:\Users\Alkes\AppData\Local\Temp\
nm2433.tmp
app.cpp
[100%] Linking CXX executable TestCrypt.exe
         "C:\Program Files\CMake\bin\cmake.exe" -E vs_link_exe
--intdir=CMakeFile
s\TestCrypt.dir --manifests  -- C:\PROGRA~2\MICROS~1.0\VC\bin\link.exe
/nologo @
CMakeFiles\TestCrypt.dir\objects1.rsp
@C:\Users\Alkes\AppData\Local\Temp\nm2618.
tmp
[100%] Built target TestCrypt
         "C:\Program Files\CMake\bin\cmake.exe" -E cmake_progress_start
C:\Users\
Alkes\Downloads\TestCrypt\build\CMakeFiles 0

C:\Users\Alkes\Downloads\TestCrypt\build>cp ..\testfile.txt .
Der Befehl "cp" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.

C:\Users\Alkes\Downloads\TestCrypt\build>copy ..\testfile.txt .
         1 Datei(en) kopiert.

C:\Users\Alkes\Downloads\TestCrypt\build>copy ..\local.cert .
         1 Datei(en) kopiert.

C:\Users\Alkes\Downloads\TestCrypt\build>copy ..\local.key .
         1 Datei(en) kopiert.

C:\Users\Alkes\Downloads\TestCrypt\build>.\TestCrypt.exe

C:\Users\Alkes\Downloads\TestCrypt\build>.\TestCrypt.exe

C:\Users\Alkes\Downloads\TestCrypt\build>openssl smime -decrypt -inform
DER -in
testfile.crypt -inkey local.key -out testfile.sig

C:\Users\Alkes\Downloads\TestCrypt\build>openssl smime -verify -inform
DER -in t
estfile.sig -CAfile local.cert
Error reading S/MIME message
4592:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:crypt
o\asn1\asn1_lib.c:101:
4592:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object
header:cry
pto\asn1\tasn_dec.c:1100:
4592:error:0D08303A:asn1 encoding
routines:asn1_template_noexp_d2i:nested asn1 e
rror:crypto\asn1\tasn_dec.c:536:Field=cert, Type=PKCS7_SIGNED
4592:error:0D08303A:asn1 encoding
routines:asn1_template_noexp_d2i:nested asn1 e
rror:crypto\asn1\tasn_dec.c:609:
4592:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested
asn1 erro
r:crypto\asn1\tasn_dec.c:460:Field=d.sign, Type=PKCS7

C:\Users\Alkes\Downloads\TestCrypt\build>

Best regards Jan

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

TestCrypt.zip (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: File signing/encrypting upgrade from 1.0.2 to 1.1.0

Jan Kohnert-2
Am 2018-03-29 09:07, schrieb Jan Kohnert:
> Next update after clean test on another Win32 maschine: there have to
> be crypt32.lib and ws2_32.lib libs linked, besides that the code is
> unchanged. As the code produces correct asn1 files on Linux (see
> previous mail), it now looks even more like a bug in the
> crypto-library on Windows...
>
> Following output:

[...]

> C:\Users\Alkes\Downloads\TestCrypt\build>openssl smime -decrypt -inform
> DER -in
> testfile.crypt -inkey local.key -out testfile.sig
>
> C:\Users\Alkes\Downloads\TestCrypt\build>openssl smime -verify -inform
> DER -in t
> estfile.sig -CAfile local.cert
> Error reading S/MIME message

Damnit! Problem exists between keyboard and chair. Command should have
been:
openssl smime -verify -inform DER -in t estfile.sig -binary -CAfile
local.cert
                                                     ^^^^^^^
It was the decrypting messing up the asn1-structure on Win when not
using the
binary option (-outform DER whould have worked, too).

So the code works in Win and Linux. :) Thread closed.

--
Best regards Jan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users