SMIME decrypt: header too long

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

SMIME decrypt: header too long

Beat Jucker
I have an intermediate SMIME decrypting problem. I'm using following
commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11):

  cat email | openssl smime -decrypt -inkey mykey -recip mycert

This works usually without problems. But Emails from one particular
address I can decrypt only most of the time. Sometimes I'll get
following error message:

openssl-0.9.6b:

  Error reading S/MIME message
  27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
  27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
  27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:

same effect with openssl-0.9.7-beta6:

  Error reading S/MIME message
  13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240:
  13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
  13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:

When I'll try the same command later it might or might not get decrypted successful ...
What does "header too long" mean in the context of SMIME decrypt (or "not enough data")?

Thanks,
-- Beat
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SMIME decrypt: header too long

Victor B. Wagner
On 2005.06.01 at 13:07:31 +0200, Beat Jucker wrote:

> I have an intermediate SMIME decrypting problem. I'm using following
> commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11):
>
>   cat email | openssl smime -decrypt -inkey mykey -recip mycert
>
> This works usually without problems. But Emails from one particular
> address I can decrypt only most of the time. Sometimes I'll get
> following error message:
>
> openssl-0.9.6b:
>
>   Error reading S/MIME message
>   27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:

Once I've got simular problem with opaque signed message (DER format)
which was attached to the E-Mail and used Quoted-Printable transfer
encoding. Thus all end-of-lines inside message data was converted from
CRLF to LF by some intermediate mail server.

So, investigating transport envelope of problematic messages can be
helpful.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SMIME decrypt: header too long

Peter Cope
In reply to this post by Beat Jucker
Try using the asn1parser (an option with openssl).  If this doesn't complete without an error then you may have a problem with the way your originator is producing ASN.1 (we did here and I had to solve it by producing a bit of code to act as a 'filter' to correct the problem!).
 
Peter

Beat Jucker <[hidden email]> wrote:
I have an intermediate SMIME decrypting problem. I'm using following
commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11):

cat email | openssl smime -decrypt -inkey mykey -recip mycert

This works usually without problems. But Emails from one particular
address I can decrypt only most of the time. Sometimes I'll get
following error message:

openssl-0.9.6b:

Error reading S/MIME message
27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:

same effect with openssl-0.9.7-beta6:

Error reading S/MIME message
13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240:
13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:

When I'll try the same command later it might or might not get decrypted successful ...
What does "header too long" mean in the context of SMIME decrypt (or "not enough data")?

Thanks,
-- Beat
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SMIME decrypt: header too long

Beat Jucker
On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote:
> Try using the asn1parser (an option with openssl).  

no problem: asn1parse tells me

    0:d=0  hl=2 l=inf  cons: SEQUENCE
    2:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-envelopedData
    ...

But I'm realy confused because exactly the same message sometimes
might/mightnot decrypt. Could it have something todo with openssl
initialisation? Therefor I'm interested to know the possible reasons of

  openssl-0.9.6: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
  openssl-0.9.7: error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240:

Thanks
-- Beat

> I have an intermediate SMIME decrypting problem. I'm using following
> commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11):
>
> cat email | openssl smime -decrypt -inkey mykey -recip mycert
>
> This works usually without problems. But Emails from one particular
> address I can decrypt only most of the time. Sometimes I'll get
> following error message:
>
> openssl-0.9.6b:
>
> Error reading S/MIME message
> 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
> 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
>
> same effect with openssl-0.9.7-beta6:
>
> Error reading S/MIME message
> 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240:
> 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
>
> When I'll try the same command later it might or might not get decrypted successful ...
> What does "header too long" mean in the context of SMIME decrypt (or "not enough data")?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SMIME decrypt: header too long (--> ASN1 structure problem?)

Beat Jucker
> On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote:
> > Try using the asn1parser (an option with openssl).  
>
> no problem: asn1parse tells me
>
>     0:d=0  hl=2 l=inf  cons: SEQUENCE
>     2:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-envelopedData
>     ...

When I parse the encoded message only newer openssl versions
report errors (> 0.9.7d). There is indeed a problem with the
ASN1 structure of the encoded S/MIME message (in the script
I was using an absolute path but manually I was using the
version found by PATH variable therefor I got different
results).

Only openssl-0.9.7d doesn't report an error when I decode the
message. All other versions I have (0.9.5a, 0.9.6b, 0.9.7-beta6,
0.9.8-beta4) report decoding errors. Older openssl versions
doesn't report asn1 error at all (older than some kind of 0.9.7d).

Why this different behaviour? Where is the reason of the
problem? I don't know what kind of software our partner is
using for preparing S/MIME messages (definitifely not openssl)
but nly a few of them can't get decoded.

Here is the asn1parse output of an example we can't decode
(the first lines are all the same):

------------------------------------------------------------
*NO* asn1 error *AND* decoded successful: cat message | openssl-0.9.7d asn1parse -i 2>&1
  ...
  634:d=4  hl=2 l=   9 prim:     OBJECT            :pkcs7-data
  645:d=4  hl=2 l=  26 cons:     SEQUENCE
  647:d=5  hl=2 l=   8 prim:      OBJECT            :rc2-cbc
  657:d=5  hl=2 l=  14 cons:      SEQUENCE
  659:d=6  hl=2 l=   2 prim:       INTEGER           :A0
  663:d=6  hl=2 l=   8 prim:       OCTET STRING
  673:d=4  hl=2 l=inf  cons:     cont [ 0 ]
  675:d=5  hl=4 l=2048 prim:      OCTET STRING
 2727:d=5  hl=4 l=2048 prim:      OCTET STRING
 4779:d=5  hl=4 l= 512 prim:      OCTET STRING
 5295:d=5  hl=2 l=   0 prim:      EOC
 5297:d=4  hl=2 l=   0 prim:     EOC
 5299:d=3  hl=2 l=   0 prim:    EOC
 5301:d=2  hl=2 l=   0 prim:   EOC
 5303:d=1  hl=2 l=   0 prim:  EOC
------------------------------------------------------------
*NO* asn1 error *BUT NOT* decoded successful: cat message | openssl-0.9.6b asn1parse -i 2>&1
  ...
  632:d=3  hl=2 l=inf  cons:    SEQUENCE
  634:d=4  hl=2 l=   9 prim:     OBJECT            :pkcs7-data
  645:d=4  hl=2 l=  26 cons:     SEQUENCE
  647:d=5  hl=2 l=   8 prim:      OBJECT            :rc2-cbc
  657:d=5  hl=2 l=  14 cons:      SEQUENCE
  659:d=6  hl=2 l=   2 prim:       INTEGER           :A0
  663:d=6  hl=2 l=   8 prim:       OCTET STRING
  673:d=4  hl=2 l=inf  cons:     cont [ 0 ]
  675:d=5  hl=4 l=2048 prim:      OCTET STRING
 2727:d=5  hl=4 l=2048 prim:      OCTET STRING
 4779:d=5  hl=4 l= 512 prim:      OCTET STRING
------------------------------------------------------------
asn1 error and not decoded successful: cat message | openssl-0.9.8-beta4 asn1parse -i 2>&1
  ...
  632:d=3  hl=2 l=inf  cons:    SEQUENCE
  634:d=4  hl=2 l=   9 prim:     OBJECT            :pkcs7-data
  645:d=4  hl=2 l=  26 cons:     SEQUENCE
  647:d=5  hl=2 l=   8 prim:      OBJECT            :rc2-cbc
  657:d=5  hl=2 l=  14 cons:      SEQUENCE
  659:d=6  hl=2 l=   2 prim:       INTEGER           :A0
  663:d=6  hl=2 l=   8 prim:       OCTET STRING      [HEX DUMP]:BAA1DF8EAEA83325
  673:d=4  hl=2 l=inf  cons:     cont [ 0 ]
  675:d=5  hl=4 l=2048 prim:      OCTET STRING      [HEX DUMP]:62AE5340C8B07966F23C6EFC87E810E45DA42366D4ED0
D83D2DC557AF4F5B15DF53D5E2E64FD0B7D2CE145E44E5EEF36BB04FF968BE0CFA15400F4B93DEAE75C1B9DCD36871BBE139C0A14CFD
...
8DAE7868857C2410700074D35DE4D5CE52301CAE65E47C7D274053A6A8490A17E0C65D182B65C7B841E23C0533369EEB38941F633F7A
97117F2DB34F492CE2C5F43D32324033:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:1
42:
9E7F27EA52212FE04BA9C460AC8E2B08A18A92C764D8207DDBA7F73DE8E7FAB91DA7486471E7A51BAFDC6EBD851B5265D939FEC670F8
...
F7B66C55A2772DF6541CF03429639C1C3818527F3B77E4DBF179AEA5C37645495488353BD97A37A68BC277BDB7FF4E6E46FD25EED682
4B9B21A82CCAA9484F9353EF1CA1
 2727:d=5  hl=4 l=2048 prim:      OCTET STRING      [HEX DUMP]:187CFAED2A4E669FFCA28089379087770A50287640EB5
E7A242961D087C3157A1A29701946A57EE821591686C653304CC82C245B8F56CD953D15E704224B879D737C66D117AB8234A1CE5D123
...
39DD42164E90B2417476D27CE9FBD93914AD3C861278277221B68A8F4133B3486C9AB15EF40F8FBB31854051DDDCDF7FE01483DD1C1F
64CE1C56C949A8B330169EF643F87F600B997199523715628900E1F
Error in encoding
------------------------------------------------------------

Tanks for any help
-- Beat

> > I have an intermediate SMIME decrypting problem. I'm using following
> > commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11):
> >
> > cat email | openssl smime -decrypt -inkey mykey -recip mycert
> >
> > This works usually without problems. But Emails from one particular
> > address I can decrypt only most of the time. Sometimes I'll get
> > following error message:
> >
> > openssl-0.9.6b:
> >
> > Error reading S/MIME message
> > 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
> > 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> > 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
> >
> > same effect with openssl-0.9.7-beta6:
> >
> > Error reading S/MIME message
> > 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240:
> > 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> > 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
> >
> > When I'll try the same command later it might or might not get decrypted successful ...
> > What does "header too long" mean in the context of SMIME decrypt (or "not enough data")?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SMIME decrypt: header too long (--> ASN1 structure problem?)

Peter Cope
This looks very much like the problem I had.  If the sender is using Chilkat software (I think they produce a plugin for Visual Studio) ... then this had (has) a feature that produced wrong ASN.1.  If you look at the raw SMTP message you can sometimes see what mail client of software was used to create it. 
 
We have told our business partner to fix the problem (and they have approached Chilkat) ... in the meantime I wrote some C to fix it locally (and I'm not a developer). 
 
Peter
 
 


Beat Jucker <[hidden email]> wrote:
> On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote:
> > Try using the asn1parser (an option with openssl).
>
> no problem: asn1parse tells me
>
> 0:d=0 hl=2 l=inf cons: SEQUENCE
> 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData
> ...

When I parse the encoded message only newer openssl versions
report errors (> 0.9.7d). There is indeed a problem with the
ASN1 structure of the encoded S/MIME message (in the script
I was using an absolute path but manually I was using the
version found by PATH variable therefor I got different
results).

Only openssl-0.9.7d doesn't report an error when I decode the
message. All other versions I have (0.9.5a, 0.9.6b, 0.9.7-beta6,
0.9.8-beta4) report decoding errors. Older openssl versions
doesn't report asn1 error at all (older than some ki nd of 0.9.7d).

Why this different behaviour? Where is the reason of the
problem? I don't know what kind of software our partner is
using for preparing S/MIME messages (definitifely not openssl)
but nly a few of them can't get decoded.

Here is the asn1parse output of an example we can't decode
(the first lines are all the same):

------------------------------------------------------------
*NO* asn1 error *AND* decoded successful: cat message | openssl-0.9.7d asn1parse -i 2>&1
...
634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
645:d=4 hl=2 l= 26 cons: SEQUENCE
647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
657:d=5 hl=2 l= 14 cons: SEQUENCE
659:d=6 hl=2 l= 2 prim: INTEGER :A0
663:d=6 hl=2 l= 8 prim: OCTET STRING
673:d=4 hl=2 l=inf cons: cont [ 0 ]
675:d=5 hl=4 l=2048 prim: OCTET STRING
2727:d=5 hl=4 l=2048 prim: OCTET STRING
4779:d=5 hl=4 l= 512 prim: OCTET STRING
5295:d=5 hl=2 l= 0 prim: EOC
5297:d=4 hl=2 l= 0 prim: EOC
5299:d=3 hl=2 l= 0 prim: EOC
5301:d=2 hl=2 l= 0 prim: EOC
5303:d=1 hl=2 l= 0 prim: EOC
------------------------------------------------------------
*NO* asn1 error *BUT NOT* decoded successful: cat message | openssl-0.9.6b asn1parse -i 2>&1
...
632:d=3 hl=2 l=inf cons: SEQUENCE
634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
645:d=4 hl=2 l= 26 cons: SEQUENCE
647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
657:d=5 hl=2 l= 14 cons: SEQUENCE
659:d=6 hl=2 l= 2 prim: INTEGER :A0
663:d=6 hl=2 l= 8 prim: OCTET STRING
673:d=4 hl=2 l=inf cons: cont [ 0 ]
675:d=5 hl=4 l=2048 prim: OCTET STRING
2727:d=5 hl=4 l=2048 prim: OCTET STRING
4779:d=5 hl=4 l= 512 prim: OCTET STRING
------------------------------------------------------------
asn1 error and not decoded successful: cat message | openssl-0.9.8-beta4 asn1parse -i 2>&1
...
632:d=3 hl=2 l=inf cons: SEQUENCE
634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
645:d=4 hl= 2 l= 26 cons: SEQUENCE
647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
657:d=5 hl=2 l= 14 cons: SEQUENCE
659:d=6 hl=2 l= 2 prim: INTEGER :A0
663:d=6 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:BAA1DF8EAEA83325
673:d=4 hl=2 l=inf cons: cont [ 0 ]
675:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:62AE5340C8B07966F23C6EFC87E810E45DA42366D4ED0
D83D2DC557AF4F5B15DF53D5E2E64FD0B7D2CE145E44E5EEF36BB04FF968BE0CFA15400F4B93DEAE75C1B9DCD36871BBE139C0A14CFD
...
8DAE7868857C2410700074D35DE4D5CE52301CAE65E47C7D274053A6A8490A17E0C65D182B65C7B841E23C0533369EEB38941F633F7A
97117F2DB34F492CE2C5F43D32324033:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:1
42:
9E7F27EA52212FE04BA9C460AC8E2B08A18A92C764D8207DDBA7F73DE8E7FAB91DA7486471E7A51BAFDC6EBD851B5265D939FEC670F8
...
F7B66C55A2772DF6541CF03429639C1C3818527F3B77E4DBF179AEA5C37645495488353BD97A37A68BC277BDB7FF4E6E46FD25EED682
4B9B21A82CCAA9484F9353EF1CA1
2727:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:187CFAED2A4E669FFCA28089379087770A50287640EB5
E7A242961D087C3157A1A29701946A57EE821591686C653304CC82C245B8F56CD953D15E704224B879D737C66D117AB8234A1CE5D123
...
39DD42164E90B2417476D27CE9FBD93914AD3C861278277221B68A8F4133B3486C9AB15EF40F8FBB31854051DDDCDF7FE01483DD1C1F
64CE1C56C949A8B330169EF643F87F600B997199523715628900E1F
Error in encoding
------------------------------------------------------------

Tanks for any help
-- Beat

> > I have an intermediate SMIME decrypting problem. I'm using following
> > commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11):
> >
> > cat email | openssl smime -decrypt -inkey mykey -recip mycert
> >
> > This works usually without problems. But Emails from one particular
> > address I can decrypt only most of the time. Sometimes I'll get
> > following error message:
> >
> > openssl-0.9.6b:
> >

> > Error reading S/MIME message
> > 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
> > 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> > 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
> >
> > same effect with openssl-0.9.7-beta6:
> >
> > Error reading S/MIME message
> > 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240:
> > 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> > 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
> >
> > When I'll try the same command later it might or might not get decrypted successful ...
> > What does "header too long" mean in the context of SMIME decrypt (or "not enough data")?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]