subject:"openssl cms resign with RSA\-PSS corrupts the CMS\(\?\)"

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Alon Bar-Lev

Done[1] [1] https://github.com/openssl/openssl/issues/14257 On Fri, Feb 19, 2021 at 11:09 PM Dmitry Belyavsky wrote: > > Would you mind to raise the issue on GitHub with the reproduction? > > On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, wrote: >> >> Hi, >> >> I am trying to analyze openssl

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Dmitry Belyavsky

Would you mind to raise the issue on GitHub with the reproduction? On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, wrote: > Hi, > > I am trying to analyze openssl sources, and it looks like the resign > is implemented in an naive path that does not handle all cases. > > In other words, the CMS resign

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Alon Bar-Lev

Hi, I am trying to analyze openssl sources, and it looks like the resign is implemented in an naive path that does not handle all cases. In other words, the CMS resign is not working in any case other than the default execution path. For example the -noattr is also not working. I updated my

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Alon Bar-Lev

Thanks. I managed to narrow this, it is not related to pss also if I pass pkcs1 I can reproduce. It has something to do with CMS_KEY_PARAM flag and add signer. On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi < thulasi.goripar...@gmail.com> wrote: > With PSS, for the first signature, PSS alg ID

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Thulasi Goriparthi

With PSS, for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign). 2542:d=7 hl=2 l= 9 prim: OBJECT:S/MIME Capabilities 2553:d=7 hl=2 l= 108 cons: SET 2555:d=8 hl=2 l= 106 cons: SEQUENCE 2557:d=9 hl=2 l= 11 cons:

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Alon Bar-Lev

Thanks! Was about to write... I tested both 1.1 and master branches and result is the same. On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi < thulasi.goripar...@gmail.com> wrote: > I am able to reproduce this issue with 1.1.1j too. > > openssl version -a > > OpenSSL 1.1.1j 16 Feb 2021 > >

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Thulasi Goriparthi

I am able to reproduce this issue with 1.1.1j too. openssl version -a OpenSSL 1.1.1j 16 Feb 2021 built on: Fri Feb 19 18:56:06 2021 UTC platform: darwin64-x86_64-cc options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Viktor Dukhovni

On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote: > I am able to reproduce this issue with 1.1.1i OpenSSL 1.1.1j has been released. Do you still see the problem with 1.1.1j? -- Viktor.

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-19 Thread Thulasi Goriparthi

Hi Alon, I am able to reproduce this issue with 1.1.1i echo "hello world" > msg /* pkcs1 */ openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms openssl cms -verify -in 1.cms -CAfile ca.pem openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms openssl cms -verify -in 2.cms

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-18 Thread Alon Bar-Lev

Hello OpenSSL masters, Can someone please try to reproduce the below issue? Thanks, Alon On Sat, 13 Feb 2021 at 23:23 Alon Bar-Lev wrote: > Hello, > > I am trying to resign a CMS using the openssl tool. > > When I use RSA-PKCS1 everything is working fine. > > When I use RSA-PSS it seems like

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-13 Thread Alon Bar-Lev

On Sat, Feb 13, 2021 at 11:34 PM Quanah Gibson-Mount wrote: > --On Saturday, February 13, 2021 11:23 PM +0200 Alon Bar-Lev > wrote: > > > I prepared a demo[1] to help people reproduce the issue, tested with > > openssl-1.1.1i. > > Maybe ? >

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-13 Thread Quanah Gibson-Mount

--On Saturday, February 13, 2021 11:23 PM +0200 Alon Bar-Lev wrote: I prepared a demo[1] to help people reproduce the issue, tested with openssl-1.1.1i. Maybe ? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation

openssl cms resign with RSA-PSS corrupts the CMS(?)

2021-02-13 Thread Alon Bar-Lev

Hello, I am trying to resign a CMS using the openssl tool. When I use RSA-PKCS1 everything is working fine. When I use RSA-PSS it seems like the asn1 is produced corrupted, I do not see the signature in asn1dump. I prepared a demo[1] to help people reproduce the issue, tested with

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

Re: openssl cms resign with RSA-PSS corrupts the CMS(?)

openssl cms resign with RSA-PSS corrupts the CMS(?)

13 matches

Site Navigation

Mail list logo

Footer information