> On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote: > > Try using the asn1parser (an option with openssl). > > no problem: asn1parse tells me > > 0:d=0 hl=2 l=inf cons: SEQUENCE > 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData > ...
When I parse the encoded message only newer openssl versions report errors (> 0.9.7d). There is indeed a problem with the ASN1 structure of the encoded S/MIME message (in the script I was using an absolute path but manually I was using the version found by PATH variable therefor I got different results). Only openssl-0.9.7d doesn't report an error when I decode the message. All other versions I have (0.9.5a, 0.9.6b, 0.9.7-beta6, 0.9.8-beta4) report decoding errors. Older openssl versions doesn't report asn1 error at all (older than some kind of 0.9.7d). Why this different behaviour? Where is the reason of the problem? I don't know what kind of software our partner is using for preparing S/MIME messages (definitifely not openssl) but nly a few of them can't get decoded. Here is the asn1parse output of an example we can't decode (the first lines are all the same): ------------------------------------------------------------ *NO* asn1 error *AND* decoded successful: cat message | openssl-0.9.7d asn1parse -i 2>&1 ... 634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 645:d=4 hl=2 l= 26 cons: SEQUENCE 647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 657:d=5 hl=2 l= 14 cons: SEQUENCE 659:d=6 hl=2 l= 2 prim: INTEGER :A0 663:d=6 hl=2 l= 8 prim: OCTET STRING 673:d=4 hl=2 l=inf cons: cont [ 0 ] 675:d=5 hl=4 l=2048 prim: OCTET STRING 2727:d=5 hl=4 l=2048 prim: OCTET STRING 4779:d=5 hl=4 l= 512 prim: OCTET STRING 5295:d=5 hl=2 l= 0 prim: EOC 5297:d=4 hl=2 l= 0 prim: EOC 5299:d=3 hl=2 l= 0 prim: EOC 5301:d=2 hl=2 l= 0 prim: EOC 5303:d=1 hl=2 l= 0 prim: EOC ------------------------------------------------------------ *NO* asn1 error *BUT NOT* decoded successful: cat message | openssl-0.9.6b asn1parse -i 2>&1 ... 632:d=3 hl=2 l=inf cons: SEQUENCE 634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 645:d=4 hl=2 l= 26 cons: SEQUENCE 647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 657:d=5 hl=2 l= 14 cons: SEQUENCE 659:d=6 hl=2 l= 2 prim: INTEGER :A0 663:d=6 hl=2 l= 8 prim: OCTET STRING 673:d=4 hl=2 l=inf cons: cont [ 0 ] 675:d=5 hl=4 l=2048 prim: OCTET STRING 2727:d=5 hl=4 l=2048 prim: OCTET STRING 4779:d=5 hl=4 l= 512 prim: OCTET STRING ------------------------------------------------------------ asn1 error and not decoded successful: cat message | openssl-0.9.8-beta4 asn1parse -i 2>&1 ... 632:d=3 hl=2 l=inf cons: SEQUENCE 634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 645:d=4 hl=2 l= 26 cons: SEQUENCE 647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 657:d=5 hl=2 l= 14 cons: SEQUENCE 659:d=6 hl=2 l= 2 prim: INTEGER :A0 663:d=6 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:BAA1DF8EAEA83325 673:d=4 hl=2 l=inf cons: cont [ 0 ] 675:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:62AE5340C8B07966F23C6EFC87E810E45DA42366D4ED0 D83D2DC557AF4F5B15DF53D5E2E64FD0B7D2CE145E44E5EEF36BB04FF968BE0CFA15400F4B93DEAE75C1B9DCD36871BBE139C0A14CFD ... 8DAE7868857C2410700074D35DE4D5CE52301CAE65E47C7D274053A6A8490A17E0C65D182B65C7B841E23C0533369EEB38941F633F7A 97117F2DB34F492CE2C5F43D32324033:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:1 42: 9E7F27EA52212FE04BA9C460AC8E2B08A18A92C764D8207DDBA7F73DE8E7FAB91DA7486471E7A51BAFDC6EBD851B5265D939FEC670F8 ... F7B66C55A2772DF6541CF03429639C1C3818527F3B77E4DBF179AEA5C37645495488353BD97A37A68BC277BDB7FF4E6E46FD25EED682 4B9B21A82CCAA9484F9353EF1CA1 2727:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:187CFAED2A4E669FFCA28089379087770A50287640EB5 E7A242961D087C3157A1A29701946A57EE821591686C653304CC82C245B8F56CD953D15E704224B879D737C66D117AB8234A1CE5D123 ... 39DD42164E90B2417476D27CE9FBD93914AD3C861278277221B68A8F4133B3486C9AB15EF40F8FBB31854051DDDCDF7FE01483DD1C1F 64CE1C56C949A8B330169EF643F87F600B997199523715628900E1F Error in encoding ------------------------------------------------------------ Tanks for any help -- Beat > > I have an intermediate SMIME decrypting problem. I'm using following > > commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11): > > > > cat email | openssl smime -decrypt -inkey mykey -recip mycert > > > > This works usually without problems. But Emails from one particular > > address I can decrypt only most of the time. Sometimes I'll get > > following error message: > > > > openssl-0.9.6b: > > > > Error reading S/MIME message > > 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too > > long:asn1_lib.c:139: > > 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode > > error:pk7_mime.c:142: > > 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse > > error:pk7_mime.c:299: > > > > same effect with openssl-0.9.7-beta6: > > > > Error reading S/MIME message > > 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough > > data:a_d2i_fp.c:240: > > 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode > > error:pk7_mime.c:142: > > 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse > > error:pk7_mime.c:299: > > > > When I'll try the same command later it might or might not get decrypted > > successful ... > > What does "header too long" mean in the context of SMIME decrypt (or "not > > enough data")? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]