openssl cms resign with RSA-PSS corrupts the CMS(?)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl cms resign with RSA-PSS corrupts the CMS(?)

alon.barlev (Bugzilla)
Hello,

I am trying to resign a CMS using the openssl tool.

When I use RSA-PKCS1 everything is working fine.

When I use RSA-PSS it seems like the asn1 is produced corrupted, I do not see the signature in asn1dump.

I prepared a demo[1] to help people reproduce the issue, tested with openssl-1.1.1i.

The script output pasted below shows that CMS resign without PSS works correctly, while the same sequence with PSS produces a corrupted CMS file.

What am I doing wrong?

Regards,
Alon Bar-Lev


---

===============
CMS without PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
hello world
Verification successful
===============
CMS with PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
Error reading S/MIME message
140438977062208:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:../crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:614:Field=signerInfos, Type=CMS_SignedData
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:
140438977062208:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
FATAL: verify 2.cms failed


Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Quanah Gibson-Mount


--On Saturday, February 13, 2021 11:23 PM +0200 Alon Bar-Lev
<[hidden email]> wrote:


> I prepared a demo[1] to help people reproduce the issue, tested with
> openssl-1.1.1i.

Maybe <https://github.com/openssl/openssl/issues/13931> ?

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

alon.barlev (Bugzilla)
In reply to this post by alon.barlev (Bugzilla)
On Sat, Feb 13, 2021 at 11:34 PM Quanah Gibson-Mount <[hidden email]> wrote:
> --On Saturday, February 13, 2021 11:23 PM +0200 Alon Bar-Lev
> <[hidden email]> wrote:
>
> > I prepared a demo[1] to help people reproduce the issue, tested with
> > openssl-1.1.1i.
>
> Maybe <https://github.com/openssl/openssl/issues/13931> ?
>

Thanks Quanah,
I tested OpenSSL_1_1_1-stable branch which should have fixed the
issue, the result is the same.
Regards,
Alon
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

alon.barlev (Bugzilla)
In reply to this post by alon.barlev (Bugzilla)
Hello OpenSSL masters,

Can someone please try to reproduce the below issue?

Thanks,
Alon

On Sat, 13 Feb 2021 at 23:23 Alon Bar-Lev <[hidden email]> wrote:
Hello,

I am trying to resign a CMS using the openssl tool.

When I use RSA-PKCS1 everything is working fine.

When I use RSA-PSS it seems like the asn1 is produced corrupted, I do not see the signature in asn1dump.

I prepared a demo[1] to help people reproduce the issue, tested with openssl-1.1.1i.

The script output pasted below shows that CMS resign without PSS works correctly, while the same sequence with PSS produces a corrupted CMS file.

What am I doing wrong?

Regards,
Alon Bar-Lev


---

===============
CMS without PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
hello world
Verification successful
===============
CMS with PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
Error reading S/MIME message
140438977062208:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:../crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:614:Field=signerInfos, Type=CMS_SignedData
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:
140438977062208:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
FATAL: verify 2.cms failed


Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Thulasi Goriparthi
Hi Alon,

I am able to reproduce this issue with 1.1.1i

echo "hello world" > msg


/* pkcs1 */

openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms 

openssl cms -verify -in 1.cms -CAfile ca.pem

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms

openssl cms -verify -in 2.cms -CAfile ca.pem 


/* pss */

openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 1.cms -CAfile ca.pem

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 2.cms -CAfile ca.pem



Thanks,

Thulasi.


On Fri, 19 Feb 2021 at 13:16, Alon Bar-Lev <[hidden email]> wrote:
Hello OpenSSL masters,

Can someone please try to reproduce the below issue?

Thanks,
Alon

On Sat, 13 Feb 2021 at 23:23 Alon Bar-Lev <[hidden email]> wrote:
Hello,

I am trying to resign a CMS using the openssl tool.

When I use RSA-PKCS1 everything is working fine.

When I use RSA-PSS it seems like the asn1 is produced corrupted, I do not see the signature in asn1dump.

I prepared a demo[1] to help people reproduce the issue, tested with openssl-1.1.1i.

The script output pasted below shows that CMS resign without PSS works correctly, while the same sequence with PSS produces a corrupted CMS file.

What am I doing wrong?

Regards,
Alon Bar-Lev


---

===============
CMS without PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
hello world
Verification successful
===============
CMS with PSS
===============
cms -sign 1.cms
cms -verify 1.cms
hello world
Verification successful
cms -resign 1.cms to 2.cms
cms -verify 2.cms
Error reading S/MIME message
140438977062208:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:../crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:614:Field=signerInfos, Type=CMS_SignedData
140438977062208:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:
140438977062208:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
FATAL: verify 2.cms failed


Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Viktor Dukhovni
On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:

> I am able to reproduce this issue with 1.1.1i

OpenSSL 1.1.1j has been released.  Do you still see the problem with
1.1.1j?

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Thulasi Goriparthi
I am able to reproduce this issue with 1.1.1j too.

openssl version -a

OpenSSL 1.1.1j  16 Feb 2021

built on: Fri Feb 19 18:56:06 2021 UTC

platform: darwin64-x86_64-cc

options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 

compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG

OPENSSLDIR: "/usr/local/ssl"

ENGINESDIR: "/usr/local/lib/engines-1.1"

Seeding source: os-specific


openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 1.cms -CAfile ca.pem

Content-Type: text/plain


hello world

Verification successful

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 2.cms -CAfile ca.pem

Error reading S/MIME message

4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:

4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo

4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:

4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:


Thanks,

Thulasi.


On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <[hidden email]> wrote:
On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:

> I am able to reproduce this issue with 1.1.1i

OpenSSL 1.1.1j has been released.  Do you still see the problem with
1.1.1j?

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

alon.barlev (Bugzilla)
Thanks!
Was about to write... I tested both 1.1 and master branches and result is the same. 


On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <[hidden email]> wrote:
I am able to reproduce this issue with 1.1.1j too.

openssl version -a

OpenSSL 1.1.1j  16 Feb 2021

built on: Fri Feb 19 18:56:06 2021 UTC

platform: darwin64-x86_64-cc

options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 

compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG

OPENSSLDIR: "/usr/local/ssl"

ENGINESDIR: "/usr/local/lib/engines-1.1"

Seeding source: os-specific


openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 1.cms -CAfile ca.pem

Content-Type: text/plain


hello world

Verification successful

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 2.cms -CAfile ca.pem

Error reading S/MIME message

4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:

4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo

4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:

4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:


Thanks,

Thulasi.


On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <[hidden email]> wrote:
On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:

> I am able to reproduce this issue with 1.1.1i

OpenSSL 1.1.1j has been released.  Do you still see the problem with
1.1.1j?

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Thulasi Goriparthi
With PSS,  for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign).

2542:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities

 2553:d=7  hl=2 l= 108 cons: SET

 2555:d=8  hl=2 l= 106 cons: SEQUENCE

 2557:d=9  hl=2 l=  11 cons: SEQUENCE

 2559:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc

 2570:d=9  hl=2 l=  11 cons: SEQUENCE

 2572:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc

 2583:d=9  hl=2 l=  11 cons: SEQUENCE

 2585:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc

 2596:d=9  hl=2 l=  10 cons: SEQUENCE

 2598:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc

 2608:d=9  hl=2 l=  14 cons: SEQUENCE

 2610:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2620:d=10 hl=2 l=   2 prim: INTEGER           :80

 2624:d=9  hl=2 l=  13 cons: SEQUENCE

 2626:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2636:d=10 hl=2 l=   1 prim: INTEGER           :40

 2639:d=9  hl=2 l=   7 cons: SEQUENCE

 2641:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc

 2648:d=9  hl=2 l=  13 cons: SEQUENCE

 2650:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2660:d=10 hl=2 l=   1 prim: INTEGER           :28

 2663:d=5  hl=2 l=   0 cons: SEQUENCE

 2665:d=5  hl=2 l=   0 prim: OCTET STRING

 2667:d=4  hl=4 l= 723 cons: SEQUENCE

 2671:d=5  hl=2 l=   1 prim: INTEGER           :01

 2674:d=5  hl=3 l= 149 cons: SEQUENCE

 2677:d=6  hl=3 l= 143 cons: SEQUENCE

 2680:d=7  hl=2 l=  11 cons: SET

 2682:d=8  hl=2 l=   9 cons: SEQUENCE

 2684:d=9  hl=2 l=   3 prim: OBJECT            :countryName

 2689:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :IN

 2693:d=7  hl=2 l=  11 cons: SET

==multiple lines truncated==

2949:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities

 2960:d=7  hl=2 l= 108 cons: SET

 2962:d=8  hl=2 l= 106 cons: SEQUENCE

 2964:d=9  hl=2 l=  11 cons: SEQUENCE

 2966:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc

 2977:d=9  hl=2 l=  11 cons: SEQUENCE

 2979:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc

 2990:d=9  hl=2 l=  11 cons: SEQUENCE

 2992:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc

 3003:d=9  hl=2 l=  10 cons: SEQUENCE

 3005:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc

 3015:d=9  hl=2 l=  14 cons: SEQUENCE

 3017:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3027:d=10 hl=2 l=   2 prim: INTEGER           :80

 3031:d=9  hl=2 l=  13 cons: SEQUENCE

 3033:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3043:d=10 hl=2 l=   1 prim: INTEGER           :40

 3046:d=9  hl=2 l=   7 cons: SEQUENCE

 3048:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc

 3055:d=9  hl=2 l=  13 cons: SEQUENCE

 3057:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3067:d=10 hl=2 l=   1 prim: INTEGER           :28

 3070:d=5  hl=2 l=  62 cons: SEQUENCE

 3072:d=6  hl=2 l=   9 prim: OBJECT            :rsassaPss

 3083:d=6  hl=2 l=  49 cons: SEQUENCE

 3085:d=7  hl=2 l=  13 cons: cont [ 0 ]

 3087:d=8  hl=2 l=  11 cons: SEQUENCE

 3089:d=9  hl=2 l=   9 prim: OBJECT            :sha256

 3100:d=7  hl=2 l=  26 cons: cont [ 1 ]

 3102:d=8  hl=2 l=  24 cons: SEQUENCE

 3104:d=9  hl=2 l=   9 prim: OBJECT            :mgf1

 3115:d=9  hl=2 l=  11 cons: SEQUENCE

 3117:d=10 hl=2 l=   9 prim: OBJECT            :sha256

 3128:d=7  hl=2 l=   4 cons: cont [ 2 ]

 3130:d=8  hl=2 l=   2 prim: INTEGER           :DE

 3134:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007


Thanks,

Thulasi.



On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <[hidden email]> wrote:
Thanks!
Was about to write... I tested both 1.1 and master branches and result is the same. 


On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <[hidden email]> wrote:
I am able to reproduce this issue with 1.1.1j too.

openssl version -a

OpenSSL 1.1.1j  16 Feb 2021

built on: Fri Feb 19 18:56:06 2021 UTC

platform: darwin64-x86_64-cc

options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 

compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG

OPENSSLDIR: "/usr/local/ssl"

ENGINESDIR: "/usr/local/lib/engines-1.1"

Seeding source: os-specific


openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 1.cms -CAfile ca.pem

Content-Type: text/plain


hello world

Verification successful

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 2.cms -CAfile ca.pem

Error reading S/MIME message

4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:

4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo

4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:

4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:


Thanks,

Thulasi.


On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <[hidden email]> wrote:
On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:

> I am able to reproduce this issue with 1.1.1i

OpenSSL 1.1.1j has been released.  Do you still see the problem with
1.1.1j?

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

alon.barlev (Bugzilla)
Thanks. 
I managed to narrow this, it is not related to pss also if I pass pkcs1 I can reproduce. It has something to do with CMS_KEY_PARAM flag and add signer. 

On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi <[hidden email]> wrote:
With PSS,  for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign).

2542:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities

 2553:d=7  hl=2 l= 108 cons: SET

 2555:d=8  hl=2 l= 106 cons: SEQUENCE

 2557:d=9  hl=2 l=  11 cons: SEQUENCE

 2559:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc

 2570:d=9  hl=2 l=  11 cons: SEQUENCE

 2572:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc

 2583:d=9  hl=2 l=  11 cons: SEQUENCE

 2585:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc

 2596:d=9  hl=2 l=  10 cons: SEQUENCE

 2598:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc

 2608:d=9  hl=2 l=  14 cons: SEQUENCE

 2610:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2620:d=10 hl=2 l=   2 prim: INTEGER           :80

 2624:d=9  hl=2 l=  13 cons: SEQUENCE

 2626:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2636:d=10 hl=2 l=   1 prim: INTEGER           :40

 2639:d=9  hl=2 l=   7 cons: SEQUENCE

 2641:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc

 2648:d=9  hl=2 l=  13 cons: SEQUENCE

 2650:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 2660:d=10 hl=2 l=   1 prim: INTEGER           :28

 2663:d=5  hl=2 l=   0 cons: SEQUENCE

 2665:d=5  hl=2 l=   0 prim: OCTET STRING

 2667:d=4  hl=4 l= 723 cons: SEQUENCE

 2671:d=5  hl=2 l=   1 prim: INTEGER           :01

 2674:d=5  hl=3 l= 149 cons: SEQUENCE

 2677:d=6  hl=3 l= 143 cons: SEQUENCE

 2680:d=7  hl=2 l=  11 cons: SET

 2682:d=8  hl=2 l=   9 cons: SEQUENCE

 2684:d=9  hl=2 l=   3 prim: OBJECT            :countryName

 2689:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :IN

 2693:d=7  hl=2 l=  11 cons: SET

==multiple lines truncated==

2949:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities

 2960:d=7  hl=2 l= 108 cons: SET

 2962:d=8  hl=2 l= 106 cons: SEQUENCE

 2964:d=9  hl=2 l=  11 cons: SEQUENCE

 2966:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc

 2977:d=9  hl=2 l=  11 cons: SEQUENCE

 2979:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc

 2990:d=9  hl=2 l=  11 cons: SEQUENCE

 2992:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc

 3003:d=9  hl=2 l=  10 cons: SEQUENCE

 3005:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc

 3015:d=9  hl=2 l=  14 cons: SEQUENCE

 3017:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3027:d=10 hl=2 l=   2 prim: INTEGER           :80

 3031:d=9  hl=2 l=  13 cons: SEQUENCE

 3033:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3043:d=10 hl=2 l=   1 prim: INTEGER           :40

 3046:d=9  hl=2 l=   7 cons: SEQUENCE

 3048:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc

 3055:d=9  hl=2 l=  13 cons: SEQUENCE

 3057:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc

 3067:d=10 hl=2 l=   1 prim: INTEGER           :28

 3070:d=5  hl=2 l=  62 cons: SEQUENCE

 3072:d=6  hl=2 l=   9 prim: OBJECT            :rsassaPss

 3083:d=6  hl=2 l=  49 cons: SEQUENCE

 3085:d=7  hl=2 l=  13 cons: cont [ 0 ]

 3087:d=8  hl=2 l=  11 cons: SEQUENCE

 3089:d=9  hl=2 l=   9 prim: OBJECT            :sha256

 3100:d=7  hl=2 l=  26 cons: cont [ 1 ]

 3102:d=8  hl=2 l=  24 cons: SEQUENCE

 3104:d=9  hl=2 l=   9 prim: OBJECT            :mgf1

 3115:d=9  hl=2 l=  11 cons: SEQUENCE

 3117:d=10 hl=2 l=   9 prim: OBJECT            :sha256

 3128:d=7  hl=2 l=   4 cons: cont [ 2 ]

 3130:d=8  hl=2 l=   2 prim: INTEGER           :DE

 3134:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007


Thanks,

Thulasi.



On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <[hidden email]> wrote:
Thanks!
Was about to write... I tested both 1.1 and master branches and result is the same. 


On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <[hidden email]> wrote:
I am able to reproduce this issue with 1.1.1j too.

openssl version -a

OpenSSL 1.1.1j  16 Feb 2021

built on: Fri Feb 19 18:56:06 2021 UTC

platform: darwin64-x86_64-cc

options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 

compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG

OPENSSLDIR: "/usr/local/ssl"

ENGINESDIR: "/usr/local/lib/engines-1.1"

Seeding source: os-specific


openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 1.cms -CAfile ca.pem

Content-Type: text/plain


hello world

Verification successful

openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss

openssl cms -verify -in 2.cms -CAfile ca.pem

Error reading S/MIME message

4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData

4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:

4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo

4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:

4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:


Thanks,

Thulasi.


On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <[hidden email]> wrote:
On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:

> I am able to reproduce this issue with 1.1.1i

OpenSSL 1.1.1j has been released.  Do you still see the problem with
1.1.1j?

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

alon.barlev (Bugzilla)
Hi,

I am trying to analyze openssl sources, and it looks like the resign
is implemented in an naive path that does not handle all cases.

In other words, the CMS resign is not working in any case other than
the default execution path.

For example the -noattr is also not working.

I updated my reproduction project[1] to show all cases of resign that
do not work CMS_NO_ATTR, CMS_KEY_PARAM.

I believe the root cause is that when resign is executed the
CMS_final() is not called and instead the i2d_CMS_bio() is called,
while its logic is incomplete.

I hope this will ring a bell to people who are maintaining the
crypto/cms/* implementation.

Tested [fails] with:
  OpenSSL_1_1_1-stable
  master

Regards,
Alon

[1] https://github.com/alonbl/openssl-cms-pss

On Fri, Feb 19, 2021 at 10:06 PM Alon Bar-Lev <[hidden email]> wrote:

>
> Thanks.
> I managed to narrow this, it is not related to pss also if I pass pkcs1 I can reproduce. It has something to do with CMS_KEY_PARAM flag and add signer.
>
> On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi <[hidden email]> wrote:
>>
>> With PSS,  for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign).
>>
>> 2542:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
>>
>>  2553:d=7  hl=2 l= 108 cons: SET
>>
>>  2555:d=8  hl=2 l= 106 cons: SEQUENCE
>>
>>  2557:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2559:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc
>>
>>  2570:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2572:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc
>>
>>  2583:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2585:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc
>>
>>  2596:d=9  hl=2 l=  10 cons: SEQUENCE
>>
>>  2598:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
>>
>>  2608:d=9  hl=2 l=  14 cons: SEQUENCE
>>
>>  2610:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  2620:d=10 hl=2 l=   2 prim: INTEGER           :80
>>
>>  2624:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  2626:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  2636:d=10 hl=2 l=   1 prim: INTEGER           :40
>>
>>  2639:d=9  hl=2 l=   7 cons: SEQUENCE
>>
>>  2641:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
>>
>>  2648:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  2650:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  2660:d=10 hl=2 l=   1 prim: INTEGER           :28
>>
>>  2663:d=5  hl=2 l=   0 cons: SEQUENCE
>>
>>  2665:d=5  hl=2 l=   0 prim: OCTET STRING
>>
>>  2667:d=4  hl=4 l= 723 cons: SEQUENCE
>>
>>  2671:d=5  hl=2 l=   1 prim: INTEGER           :01
>>
>>  2674:d=5  hl=3 l= 149 cons: SEQUENCE
>>
>>  2677:d=6  hl=3 l= 143 cons: SEQUENCE
>>
>>  2680:d=7  hl=2 l=  11 cons: SET
>>
>>  2682:d=8  hl=2 l=   9 cons: SEQUENCE
>>
>>  2684:d=9  hl=2 l=   3 prim: OBJECT            :countryName
>>
>>  2689:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :IN
>>
>>  2693:d=7  hl=2 l=  11 cons: SET
>>
>> ==multiple lines truncated==
>>
>> 2949:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
>>
>>  2960:d=7  hl=2 l= 108 cons: SET
>>
>>  2962:d=8  hl=2 l= 106 cons: SEQUENCE
>>
>>  2964:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2966:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc
>>
>>  2977:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2979:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc
>>
>>  2990:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2992:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc
>>
>>  3003:d=9  hl=2 l=  10 cons: SEQUENCE
>>
>>  3005:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
>>
>>  3015:d=9  hl=2 l=  14 cons: SEQUENCE
>>
>>  3017:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  3027:d=10 hl=2 l=   2 prim: INTEGER           :80
>>
>>  3031:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  3033:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  3043:d=10 hl=2 l=   1 prim: INTEGER           :40
>>
>>  3046:d=9  hl=2 l=   7 cons: SEQUENCE
>>
>>  3048:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
>>
>>  3055:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  3057:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  3067:d=10 hl=2 l=   1 prim: INTEGER           :28
>>
>>  3070:d=5  hl=2 l=  62 cons: SEQUENCE
>>
>>  3072:d=6  hl=2 l=   9 prim: OBJECT            :rsassaPss
>>
>>  3083:d=6  hl=2 l=  49 cons: SEQUENCE
>>
>>  3085:d=7  hl=2 l=  13 cons: cont [ 0 ]
>>
>>  3087:d=8  hl=2 l=  11 cons: SEQUENCE
>>
>>  3089:d=9  hl=2 l=   9 prim: OBJECT            :sha256
>>
>>  3100:d=7  hl=2 l=  26 cons: cont [ 1 ]
>>
>>  3102:d=8  hl=2 l=  24 cons: SEQUENCE
>>
>>  3104:d=9  hl=2 l=   9 prim: OBJECT            :mgf1
>>
>>  3115:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  3117:d=10 hl=2 l=   9 prim: OBJECT            :sha256
>>
>>  3128:d=7  hl=2 l=   4 cons: cont [ 2 ]
>>
>>  3130:d=8  hl=2 l=   2 prim: INTEGER           :DE
>>
>>  3134:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007
>>
>>
>> Thanks,
>>
>> Thulasi.
>>
>>
>>
>> On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <[hidden email]> wrote:
>>>
>>> Thanks!
>>> Was about to write... I tested both 1.1 and master branches and result is the same.
>>>
>>>
>>> On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <[hidden email]> wrote:
>>>>
>>>> I am able to reproduce this issue with 1.1.1j too.
>>>>
>>>> openssl version -a
>>>>
>>>> OpenSSL 1.1.1j  16 Feb 2021
>>>>
>>>> built on: Fri Feb 19 18:56:06 2021 UTC
>>>>
>>>> platform: darwin64-x86_64-cc
>>>>
>>>> options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
>>>>
>>>> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG
>>>>
>>>> OPENSSLDIR: "/usr/local/ssl"
>>>>
>>>> ENGINESDIR: "/usr/local/lib/engines-1.1"
>>>>
>>>> Seeding source: os-specific
>>>>
>>>>
>>>> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss
>>>>
>>>> openssl cms -verify -in 1.cms -CAfile ca.pem
>>>>
>>>> Content-Type: text/plain
>>>>
>>>>
>>>> hello world
>>>>
>>>> Verification successful
>>>>
>>>> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss
>>>>
>>>> openssl cms -verify -in 2.cms -CAfile ca.pem
>>>>
>>>> Error reading S/MIME message
>>>>
>>>> 4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:
>>>>
>>>> 4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
>>>>
>>>> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:
>>>>
>>>> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Thulasi.
>>>>
>>>>
>>>> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <[hidden email]> wrote:
>>>>>
>>>>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>>>>>
>>>>> > I am able to reproduce this issue with 1.1.1i
>>>>>
>>>>> OpenSSL 1.1.1j has been released.  Do you still see the problem with
>>>>> 1.1.1j?
>>>>>
>>>>> --
>>>>>     Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Dmitry Belyavsky-3
Would you mind to raise the issue on GitHub with the reproduction?

On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, <[hidden email]> wrote:
Hi,

I am trying to analyze openssl sources, and it looks like the resign
is implemented in an naive path that does not handle all cases.

In other words, the CMS resign is not working in any case other than
the default execution path.

For example the -noattr is also not working.

I updated my reproduction project[1] to show all cases of resign that
do not work CMS_NO_ATTR, CMS_KEY_PARAM.

I believe the root cause is that when resign is executed the
CMS_final() is not called and instead the i2d_CMS_bio() is called,
while its logic is incomplete.

I hope this will ring a bell to people who are maintaining the
crypto/cms/* implementation.

Tested [fails] with:
  OpenSSL_1_1_1-stable
  master

Regards,
Alon

[1] https://github.com/alonbl/openssl-cms-pss

On Fri, Feb 19, 2021 at 10:06 PM Alon Bar-Lev <[hidden email]> wrote:
>
> Thanks.
> I managed to narrow this, it is not related to pss also if I pass pkcs1 I can reproduce. It has something to do with CMS_KEY_PARAM flag and add signer.
>
> On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi <[hidden email]> wrote:
>>
>> With PSS,  for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign).
>>
>> 2542:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
>>
>>  2553:d=7  hl=2 l= 108 cons: SET
>>
>>  2555:d=8  hl=2 l= 106 cons: SEQUENCE
>>
>>  2557:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2559:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc
>>
>>  2570:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2572:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc
>>
>>  2583:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2585:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc
>>
>>  2596:d=9  hl=2 l=  10 cons: SEQUENCE
>>
>>  2598:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
>>
>>  2608:d=9  hl=2 l=  14 cons: SEQUENCE
>>
>>  2610:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  2620:d=10 hl=2 l=   2 prim: INTEGER           :80
>>
>>  2624:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  2626:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  2636:d=10 hl=2 l=   1 prim: INTEGER           :40
>>
>>  2639:d=9  hl=2 l=   7 cons: SEQUENCE
>>
>>  2641:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
>>
>>  2648:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  2650:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  2660:d=10 hl=2 l=   1 prim: INTEGER           :28
>>
>>  2663:d=5  hl=2 l=   0 cons: SEQUENCE
>>
>>  2665:d=5  hl=2 l=   0 prim: OCTET STRING
>>
>>  2667:d=4  hl=4 l= 723 cons: SEQUENCE
>>
>>  2671:d=5  hl=2 l=   1 prim: INTEGER           :01
>>
>>  2674:d=5  hl=3 l= 149 cons: SEQUENCE
>>
>>  2677:d=6  hl=3 l= 143 cons: SEQUENCE
>>
>>  2680:d=7  hl=2 l=  11 cons: SET
>>
>>  2682:d=8  hl=2 l=   9 cons: SEQUENCE
>>
>>  2684:d=9  hl=2 l=   3 prim: OBJECT            :countryName
>>
>>  2689:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :IN
>>
>>  2693:d=7  hl=2 l=  11 cons: SET
>>
>> ==multiple lines truncated==
>>
>> 2949:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
>>
>>  2960:d=7  hl=2 l= 108 cons: SET
>>
>>  2962:d=8  hl=2 l= 106 cons: SEQUENCE
>>
>>  2964:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2966:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc
>>
>>  2977:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2979:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc
>>
>>  2990:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  2992:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc
>>
>>  3003:d=9  hl=2 l=  10 cons: SEQUENCE
>>
>>  3005:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
>>
>>  3015:d=9  hl=2 l=  14 cons: SEQUENCE
>>
>>  3017:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  3027:d=10 hl=2 l=   2 prim: INTEGER           :80
>>
>>  3031:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  3033:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  3043:d=10 hl=2 l=   1 prim: INTEGER           :40
>>
>>  3046:d=9  hl=2 l=   7 cons: SEQUENCE
>>
>>  3048:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
>>
>>  3055:d=9  hl=2 l=  13 cons: SEQUENCE
>>
>>  3057:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>>
>>  3067:d=10 hl=2 l=   1 prim: INTEGER           :28
>>
>>  3070:d=5  hl=2 l=  62 cons: SEQUENCE
>>
>>  3072:d=6  hl=2 l=   9 prim: OBJECT            :rsassaPss
>>
>>  3083:d=6  hl=2 l=  49 cons: SEQUENCE
>>
>>  3085:d=7  hl=2 l=  13 cons: cont [ 0 ]
>>
>>  3087:d=8  hl=2 l=  11 cons: SEQUENCE
>>
>>  3089:d=9  hl=2 l=   9 prim: OBJECT            :sha256
>>
>>  3100:d=7  hl=2 l=  26 cons: cont [ 1 ]
>>
>>  3102:d=8  hl=2 l=  24 cons: SEQUENCE
>>
>>  3104:d=9  hl=2 l=   9 prim: OBJECT            :mgf1
>>
>>  3115:d=9  hl=2 l=  11 cons: SEQUENCE
>>
>>  3117:d=10 hl=2 l=   9 prim: OBJECT            :sha256
>>
>>  3128:d=7  hl=2 l=   4 cons: cont [ 2 ]
>>
>>  3130:d=8  hl=2 l=   2 prim: INTEGER           :DE
>>
>>  3134:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007
>>
>>
>> Thanks,
>>
>> Thulasi.
>>
>>
>>
>> On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <[hidden email]> wrote:
>>>
>>> Thanks!
>>> Was about to write... I tested both 1.1 and master branches and result is the same.
>>>
>>>
>>> On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <[hidden email]> wrote:
>>>>
>>>> I am able to reproduce this issue with 1.1.1j too.
>>>>
>>>> openssl version -a
>>>>
>>>> OpenSSL 1.1.1j  16 Feb 2021
>>>>
>>>> built on: Fri Feb 19 18:56:06 2021 UTC
>>>>
>>>> platform: darwin64-x86_64-cc
>>>>
>>>> options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
>>>>
>>>> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG
>>>>
>>>> OPENSSLDIR: "/usr/local/ssl"
>>>>
>>>> ENGINESDIR: "/usr/local/lib/engines-1.1"
>>>>
>>>> Seeding source: os-specific
>>>>
>>>>
>>>> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss
>>>>
>>>> openssl cms -verify -in 1.cms -CAfile ca.pem
>>>>
>>>> Content-Type: text/plain
>>>>
>>>>
>>>> hello world
>>>>
>>>> Verification successful
>>>>
>>>> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss
>>>>
>>>> openssl cms -verify -in 2.cms -CAfile ca.pem
>>>>
>>>> Error reading S/MIME message
>>>>
>>>> 4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:
>>>>
>>>> 4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
>>>>
>>>> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:
>>>>
>>>> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Thulasi.
>>>>
>>>>
>>>> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <[hidden email]> wrote:
>>>>>
>>>>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>>>>>
>>>>> > I am able to reproduce this issue with 1.1.1i
>>>>>
>>>>> OpenSSL 1.1.1j has been released.  Do you still see the problem with
>>>>> 1.1.1j?
>>>>>
>>>>> --
>>>>>     Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

alon.barlev (Bugzilla)
Done[1]

[1] https://github.com/openssl/openssl/issues/14257

On Fri, Feb 19, 2021 at 11:09 PM Dmitry Belyavsky <[hidden email]> wrote:

>
> Would you mind to raise the issue on GitHub with the reproduction?
>
> On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, <[hidden email]> wrote:
>>
>> Hi,
>>
>> I am trying to analyze openssl sources, and it looks like the resign
>> is implemented in an naive path that does not handle all cases.
>>
>> In other words, the CMS resign is not working in any case other than
>> the default execution path.
>>
>> For example the -noattr is also not working.
>>
>> I updated my reproduction project[1] to show all cases of resign that
>> do not work CMS_NO_ATTR, CMS_KEY_PARAM.
>>
>> I believe the root cause is that when resign is executed the
>> CMS_final() is not called and instead the i2d_CMS_bio() is called,
>> while its logic is incomplete.
>>
>> I hope this will ring a bell to people who are maintaining the
>> crypto/cms/* implementation.
>>
>> Tested [fails] with:
>>   OpenSSL_1_1_1-stable
>>   master
>>
>> Regards,
>> Alon
>>
>> [1] https://github.com/alonbl/openssl-cms-pss
>>
>> On Fri, Feb 19, 2021 at 10:06 PM Alon Bar-Lev <[hidden email]> wrote:
>> >
>> > Thanks.
>> > I managed to narrow this, it is not related to pss also if I pass pkcs1 I can reproduce. It has something to do with CMS_KEY_PARAM flag and add signer.
>> >
>> > On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi <[hidden email]> wrote:
>> >>
>> >> With PSS,  for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign).
>> >>
>> >> 2542:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
>> >>
>> >>  2553:d=7  hl=2 l= 108 cons: SET
>> >>
>> >>  2555:d=8  hl=2 l= 106 cons: SEQUENCE
>> >>
>> >>  2557:d=9  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  2559:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc
>> >>
>> >>  2570:d=9  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  2572:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc
>> >>
>> >>  2583:d=9  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  2585:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc
>> >>
>> >>  2596:d=9  hl=2 l=  10 cons: SEQUENCE
>> >>
>> >>  2598:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
>> >>
>> >>  2608:d=9  hl=2 l=  14 cons: SEQUENCE
>> >>
>> >>  2610:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>> >>
>> >>  2620:d=10 hl=2 l=   2 prim: INTEGER           :80
>> >>
>> >>  2624:d=9  hl=2 l=  13 cons: SEQUENCE
>> >>
>> >>  2626:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>> >>
>> >>  2636:d=10 hl=2 l=   1 prim: INTEGER           :40
>> >>
>> >>  2639:d=9  hl=2 l=   7 cons: SEQUENCE
>> >>
>> >>  2641:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
>> >>
>> >>  2648:d=9  hl=2 l=  13 cons: SEQUENCE
>> >>
>> >>  2650:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>> >>
>> >>  2660:d=10 hl=2 l=   1 prim: INTEGER           :28
>> >>
>> >>  2663:d=5  hl=2 l=   0 cons: SEQUENCE
>> >>
>> >>  2665:d=5  hl=2 l=   0 prim: OCTET STRING
>> >>
>> >>  2667:d=4  hl=4 l= 723 cons: SEQUENCE
>> >>
>> >>  2671:d=5  hl=2 l=   1 prim: INTEGER           :01
>> >>
>> >>  2674:d=5  hl=3 l= 149 cons: SEQUENCE
>> >>
>> >>  2677:d=6  hl=3 l= 143 cons: SEQUENCE
>> >>
>> >>  2680:d=7  hl=2 l=  11 cons: SET
>> >>
>> >>  2682:d=8  hl=2 l=   9 cons: SEQUENCE
>> >>
>> >>  2684:d=9  hl=2 l=   3 prim: OBJECT            :countryName
>> >>
>> >>  2689:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :IN
>> >>
>> >>  2693:d=7  hl=2 l=  11 cons: SET
>> >>
>> >> ==multiple lines truncated==
>> >>
>> >> 2949:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
>> >>
>> >>  2960:d=7  hl=2 l= 108 cons: SET
>> >>
>> >>  2962:d=8  hl=2 l= 106 cons: SEQUENCE
>> >>
>> >>  2964:d=9  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  2966:d=10 hl=2 l=   9 prim: OBJECT            :aes-256-cbc
>> >>
>> >>  2977:d=9  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  2979:d=10 hl=2 l=   9 prim: OBJECT            :aes-192-cbc
>> >>
>> >>  2990:d=9  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  2992:d=10 hl=2 l=   9 prim: OBJECT            :aes-128-cbc
>> >>
>> >>  3003:d=9  hl=2 l=  10 cons: SEQUENCE
>> >>
>> >>  3005:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
>> >>
>> >>  3015:d=9  hl=2 l=  14 cons: SEQUENCE
>> >>
>> >>  3017:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>> >>
>> >>  3027:d=10 hl=2 l=   2 prim: INTEGER           :80
>> >>
>> >>  3031:d=9  hl=2 l=  13 cons: SEQUENCE
>> >>
>> >>  3033:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>> >>
>> >>  3043:d=10 hl=2 l=   1 prim: INTEGER           :40
>> >>
>> >>  3046:d=9  hl=2 l=   7 cons: SEQUENCE
>> >>
>> >>  3048:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
>> >>
>> >>  3055:d=9  hl=2 l=  13 cons: SEQUENCE
>> >>
>> >>  3057:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
>> >>
>> >>  3067:d=10 hl=2 l=   1 prim: INTEGER           :28
>> >>
>> >>  3070:d=5  hl=2 l=  62 cons: SEQUENCE
>> >>
>> >>  3072:d=6  hl=2 l=   9 prim: OBJECT            :rsassaPss
>> >>
>> >>  3083:d=6  hl=2 l=  49 cons: SEQUENCE
>> >>
>> >>  3085:d=7  hl=2 l=  13 cons: cont [ 0 ]
>> >>
>> >>  3087:d=8  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  3089:d=9  hl=2 l=   9 prim: OBJECT            :sha256
>> >>
>> >>  3100:d=7  hl=2 l=  26 cons: cont [ 1 ]
>> >>
>> >>  3102:d=8  hl=2 l=  24 cons: SEQUENCE
>> >>
>> >>  3104:d=9  hl=2 l=   9 prim: OBJECT            :mgf1
>> >>
>> >>  3115:d=9  hl=2 l=  11 cons: SEQUENCE
>> >>
>> >>  3117:d=10 hl=2 l=   9 prim: OBJECT            :sha256
>> >>
>> >>  3128:d=7  hl=2 l=   4 cons: cont [ 2 ]
>> >>
>> >>  3130:d=8  hl=2 l=   2 prim: INTEGER           :DE
>> >>
>> >>  3134:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007
>> >>
>> >>
>> >> Thanks,
>> >>
>> >> Thulasi.
>> >>
>> >>
>> >>
>> >> On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <[hidden email]> wrote:
>> >>>
>> >>> Thanks!
>> >>> Was about to write... I tested both 1.1 and master branches and result is the same.
>> >>>
>> >>>
>> >>> On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <[hidden email]> wrote:
>> >>>>
>> >>>> I am able to reproduce this issue with 1.1.1j too.
>> >>>>
>> >>>> openssl version -a
>> >>>>
>> >>>> OpenSSL 1.1.1j  16 Feb 2021
>> >>>>
>> >>>> built on: Fri Feb 19 18:56:06 2021 UTC
>> >>>>
>> >>>> platform: darwin64-x86_64-cc
>> >>>>
>> >>>> options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
>> >>>>
>> >>>> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG
>> >>>>
>> >>>> OPENSSLDIR: "/usr/local/ssl"
>> >>>>
>> >>>> ENGINESDIR: "/usr/local/lib/engines-1.1"
>> >>>>
>> >>>> Seeding source: os-specific
>> >>>>
>> >>>>
>> >>>> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss
>> >>>>
>> >>>> openssl cms -verify -in 1.cms -CAfile ca.pem
>> >>>>
>> >>>> Content-Type: text/plain
>> >>>>
>> >>>>
>> >>>> hello world
>> >>>>
>> >>>> Verification successful
>> >>>>
>> >>>> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss
>> >>>>
>> >>>> openssl cms -verify -in 2.cms -CAfile ca.pem
>> >>>>
>> >>>> Error reading S/MIME message
>> >>>>
>> >>>> 4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
>> >>>>
>> >>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
>> >>>>
>> >>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData
>> >>>>
>> >>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:
>> >>>>
>> >>>> 4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
>> >>>>
>> >>>> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:
>> >>>>
>> >>>> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:
>> >>>>
>> >>>>
>> >>>> Thanks,
>> >>>>
>> >>>> Thulasi.
>> >>>>
>> >>>>
>> >>>> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <[hidden email]> wrote:
>> >>>>>
>> >>>>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>> >>>>>
>> >>>>> > I am able to reproduce this issue with 1.1.1i
>> >>>>>
>> >>>>> OpenSSL 1.1.1j has been released.  Do you still see the problem with
>> >>>>> 1.1.1j?
>> >>>>>
>> >>>>> --
>> >>>>>     Viktor.