I have found some change in the behavior of the OpenSSL 1.0.1 crypto library between releases h and i regarding the internal handling of PKCS7 and X509 structures. Attached is a S/MIME signed message generated by C calls to the OpenSSL 1.0.1i API. If I take this output and then on the command line execute:
openssl smime -in JohnHancock.smime -pk7out
1.0.1h succeeds and sends the PKCS7 to STDOUT.
But 1.0.1i fails, with the following message:
Error reading S/MIME message
8792:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid
object encoding:.\crypto\asn1\a_object.c:303:
8792:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:751:Field=type, Type=PKCS7
8792:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:751:Field=contents, Type=PKCS7_SIGNED
8792:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:751:
8792:error:0D08403A:asn1 encoding
routines:ASN1_TEMPLATE_EX_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:579:Field=d.sign, Type=PKCS7
8792:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode
error:.\crypto\asn1\asn_mime.c:193:
8792:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1
sig parse error:.\crypto\asn1\asn_mime.c:502:
I apologize if this seem ambiguous. I have an application that calls
the OpenSSL API via C++ wrapper classes, and I haven't been able to
sufficiently unwind theses classes to recreate what is happening with
minimal C and OpenSSL API calls. I am new to both OpenSSL and the C++
application code base. However, the openssl command line tool
generates the same errors as my code when it tries to parse the PKCS7.
My application code did work with 1.0.1h (and also e and g) but no
longer works with 1.0.1i ... and I would like to emphasize that I am
not reporting a bug, just an unexpected change in behavior.
Andy
JohnHancock.smime
Description: Binary data
