I have found some change in the behavior of the OpenSSL 1.0.1 crypto library between releases h and i regarding the internal handling of PKCS7 and X509 structures. Attached is a S/MIME signed message generated by C calls to the OpenSSL 1.0.1i API. If I take this output and then on the command line execute:
openssl smime -in JohnHancock.smime -pk7out 1.0.1h succeeds and sends the PKCS7 to STDOUT. But 1.0.1i fails, with the following message: Error reading S/MIME message 8792:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:.\crypto\asn1\a_object.c:303: 8792:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=type, Type=PKCS7 8792:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=contents, Type=PKCS7_SIGNED 8792:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751: 8792:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:579:Field=d.sign, Type=PKCS7 8792:error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode error:.\crypto\asn1\asn_mime.c:193: 8792:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:.\crypto\asn1\asn_mime.c:502: I apologize if this seem ambiguous. I have an application that calls the OpenSSL API via C++ wrapper classes, and I haven't been able to sufficiently unwind theses classes to recreate what is happening with minimal C and OpenSSL API calls. I am new to both OpenSSL and the C++ application code base. However, the openssl command line tool generates the same errors as my code when it tries to parse the PKCS7. My application code did work with 1.0.1h (and also e and g) but no longer works with 1.0.1i ... and I would like to emphasize that I am not reporting a bug, just an unexpected change in behavior. Andy
JohnHancock.smime
Description: Binary data