problem to decrypt S/MIME with latin characters in subjectName entries

Mon, 17 Nov 2003 11:09:12 -0800 

Hello,

I have a problem to decrypt S/MIME email produced by a third party
application and I hope you'll be able to bring me some light.

The problem happens when X509_NAME_ENTRY's of the local certificate are
compared with those of the matching certificate included in the message
(function X509_NAME_cmp() of crypto/x509/x509_cmp.c, at line 270)

With messages produced by openssl itself or, for example, Outlook
Express, X509_NAME_ENTRY's are viewed by OpenSSL as being of the
V_ASN1_PRINTABLESTRING type, even if they have latin characters.  But
with with the particular application I'm dealing with, entries with
latin characters are viewed as being of the V_ASN1_T61STRING type by
OpenSSL. Consequently, X509_NAME_cmp()'s type comparison fails, because
openssl find V_ASN1_PRINTABLESTRING in the local certificate and
V_ASN1_T61STRING in the provides message.

For example I was able to decrypt by adding 

   if ( nb->value->type == V_ASN1_T61STRING ) {
       nb->value->type = V_ASN1_PRINTABLESTRING;
   }

before the type comparison (you'll probably laugh at such a poor
workaround, I'm open to better ones)

I wonder if this is a problem in the third party software, and I'll be
interested to know if you know what they are doing wrong.

I attach a tarball with the message and the key pair which brings the
problem.

Here is the output of openssl smime when I run it on these files :

------------------
$ openssl smime -decrypt -in smime.msg -inkey key.pem -recip cert.pem \
                -passin env:SSL_PASSWD
Error decrypting PKCS#7 structure
23290:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient
matches
certificate:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pkcs7/pk7_doit.c:411:
23290:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pkcs7/pk7_smime.c:414:
------------------

Whith my poor ugly patch applied, I's nicely decrypted.

Any help appreciated.

PS :
Please forgive my english, i'm a non-native speaker.

-- 
Alex Marandon
CLARISYS Informatique
http://clarisys.fr

Attachment: example.tar.gz
Description: application/tar-gz

Reply via email to