Re: bug in asn1parse of CMS EncryptedContent block?

[Dr. Stephen Henson]

On Sun, Dec 22, 2002, Mark O'Donohue wrote:

> 
> Hi
> 
> I couldn't find a bug list, so Im assuming here is the right place to 
> post a bug report.
> 
> openssl asn1parse does not correctly parse (or perhaps display) the 
> final EncryptedContent block of a enveloped-data pkcs7 object.
> 
> The command:
> 
> pidgy> ssleay asn1parse -in other.p7.pem -inform PEM -i -dump
> 
> 
> produced the following:
> 
>    0:d=0  hl=4 l= 343 cons: SEQUENCE         
>    4:d=1  hl=2 l=   9 prim:  OBJECT            :pkcs7-envelopedData
>   15:d=1  hl=4 l= 328 cons:  cont [ 0 ]       
>   19:d=2  hl=4 l= 324 cons:   SEQUENCE         
> ....
> ....
>  286:d=3  hl=2 l=  59 cons:    SEQUENCE         
>  288:d=4  hl=2 l=   9 prim:     OBJECT            :pkcs7-data
>  299:d=4  hl=2 l=  20 cons:     SEQUENCE         
>  301:d=5  hl=2 l=   8 prim:      OBJECT            :des-ede3-cbc
>  311:d=5  hl=2 l=   8 prim:      OCTET STRING     
>      0000 - c3 7e ab 26 ba 00 3c b0-                          .~.&..<.
>  321:d=4  hl=2 l=  24 prim:     cont [ 0 ]       
> pidgy>
> 
> (note truncated cont[0] output)
> 
> The same trailing sequence from another asn1 tool, clearly shows the 
> context[0] data:
> 
> [1.0.2]               SEQUENCE
> [1.0.2.0]             OBJECT ID, VALUE = 2A 86 48 86 F7 0D 01 07 01
> [1.0.2.1]             SEQUENCE
> [1.0.2.1.0]           OBJECT ID, VALUE = 2A 86 48 86 F7 0D 03 07
> [1.0.2.1.1]           OCTET STRING, VALUE = C3 7E AB 26 BA 00 3C B0
> [1.0.2.2]             CONTEXT [0], VALUE = 07 AF D2 64 87 09 F9 1A C7 6E 
> EC 1C 17 9C 84 1F 61 36 1C 74 BF 48 E5 29
> 
> 
> 
> The sequence from CMS.ASN
> 
> EncryptedContentInfo ::= SEQUENCE {
>  contentType ContentType,
>  contentEncryptionAlgorithm    ContentEncryptionAlgorithmIdentifier,
>  encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
> }
> 
> EncryptedContent ::= OCTET STRING
> 
> 
> And finally the other.p7.pem pkcs7 object itself (this one is from a 
> python test page).
> 
> MIIBVwYJKoZIhvcNAQcDoIIBSDCCAUQCAQAxggEAMIH9AgEAMGYwYTELMAkGA1UE
> BhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRkwFwYDVQQDExBTL01JTUUgUmVjaXBp
> ZW50MSQwIgYJKoZIhvcNAQkBFhVyZWNpcGllbnRAZXhhbXBsZS5kb20CAQAwDQYJ
> KoZIhvcNAQEBBQAEgYCBaXZ+qjpBEZwdP7gjfzfAtQitESyMwo3i+LBOw6sSDir6
> FlNDPCnkrTvqDX3Rt6X6vBtTCYOm+qiN7ujPkOU61cN7h8dvHR8YW9+0IPY80/W0
> lZ/HihSRgwTNd7LnxUUcPx8YV1id0dlmP0Hz+Lg+mHf6rqaR//JcYhX9vW4XvjA7
> BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECMN+qya6ADywgBgHr9Jkhwn5Gsdu7BwX
> nIQfYTYcdL9I5Sk=
> 
> 

I'm not sure what the other tool is doing however the actual data it is
attempting to display is encrypted and its trying to interpret random data.

When IMPLICIT tagging is used the type of the data is replaced by the context
specific tag. As a result when any kind of asn1 dumping tool sees such a tag
it has no way to interpret its contents. It can try and guess what is present
but it cannot be sure. 

Steve.
--
Dr. Stephen Henson      [EMAIL PROTECTED]            
OpenSSL Project         http://www.openssl.org/~steve/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]