This looks very much like the problem I had. If the sender is using Chilkat software (I think they produce a plugin for Visual Studio) ... then this had (has) a feature that produced wrong ASN.1. If you look at the raw SMTP message you can sometimes see what mail client of software was used to create it.
We have told our business partner to fix the problem (and they have approached Chilkat) ... in the meantime I wrote some C to fix it locally (and I'm not a developer).
Peter
Beat Jucker <[EMAIL PROTECTED]> wrote:
> On Wed, Jun 01, 2005 at 12:19:11PM +0100, Peter Cope wrote:
> > Try using the asn1parser (an option with openssl).
>
> no problem: asn1parse tells me
>
> 0:d=0 hl=2 l=inf cons: SEQUENCE
> 2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData
> ...
When I parse the encoded message only newer openssl versions
report errors (> 0.9.7d). There is indeed a problem with the
ASN1 structure of the encoded S/MIME message (in the script
I was using an absolute path but manually I was using the
version found by PATH variable therefor I got different
results).
Only openssl-0.9.7d doesn't report an error when I decode the
message. All other versions I have (0.9.5a, 0.9.6b, 0.9.7-beta6,
0.9.8-beta4) report decoding errors. Older openssl versions
doesn't report asn1 error at all (older than some ki nd of 0.9.7d).
Why this different behaviour? Where is the reason of the
problem? I don't know what kind of software our partner is
using for preparing S/MIME messages (definitifely not openssl)
but nly a few of them can't get decoded.
Here is the asn1parse output of an example we can't decode
(the first lines are all the same):
------------------------------------------------------------
*NO* asn1 error *AND* decoded successful: cat message | openssl-0.9.7d asn1parse -i 2>&1
...
634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
645:d=4 hl=2 l= 26 cons: SEQUENCE
647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
657:d=5 hl=2 l= 14 cons: SEQUENCE
659:d=6 hl=2 l= 2 prim: INTEGER :A0
663:d=6 hl=2 l= 8 prim: OCTET STRING
673:d=4 hl=2 l=inf cons: cont [ 0 ]
675:d=5 hl=4 l=2048 prim: OCTET STRING
2727:d=5 hl=4 l=2048 prim: OCTET STRING
4779:d=5 hl=4 l= 512 prim: OCTET STRING
5295:d=5 hl=2 l= 0 prim: EOC
5297:d=4 hl=2 l= 0 prim: EOC
5299:d=3 hl=2 l= 0 prim: EOC
5301:d=2 hl=2 l= 0 prim: EOC
5303:d=1 hl=2 l= 0 prim: EOC
------------------------------------------------------------
*NO* asn1 error *BUT NOT* decoded successful: cat message | openssl-0.9.6b asn1parse -i 2>&1
...
632:d=3 hl=2 l=inf cons: SEQUENCE
634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
645:d=4 hl=2 l= 26 cons: SEQUENCE
647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
657:d=5 hl=2 l= 14 cons: SEQUENCE
659:d=6 hl=2 l= 2 prim: INTEGER :A0
663:d=6 hl=2 l= 8 prim: OCTET STRING
673:d=4 hl=2 l=inf cons: cont [ 0 ]
675:d=5 hl=4 l=2048 prim: OCTET STRING
2727:d=5 hl=4 l=2048 prim: OCTET STRING
4779:d=5 hl=4 l= 512 prim: OCTET STRING
------------------------------------------------------------
asn1 error and not decoded successful: cat message | openssl-0.9.8-beta4 asn1parse -i 2>&1
...
632:d=3 hl=2 l=inf cons: SEQUENCE
634:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
645:d=4 hl= 2 l= 26 cons: SEQUENCE
647:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc
657:d=5 hl=2 l= 14 cons: SEQUENCE
659:d=6 hl=2 l= 2 prim: INTEGER :A0
663:d=6 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:BAA1DF8EAEA83325
673:d=4 hl=2 l=inf cons: cont [ 0 ]
675:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:62AE5340C8B07966F23C6EFC87E810E45DA42366D4ED0
D83D2DC557AF4F5B15DF53D5E2E64FD0B7D2CE145E44E5EEF36BB04FF968BE0CFA15400F4B93DEAE75C1B9DCD36871BBE139C0A14CFD
...
8DAE7868857C2410700074D35DE4D5CE52301CAE65E47C7D274053A6A8490A17E0C65D182B65C7B841E23C0533369EEB38941F633F7A
97117F2DB34F492CE2C5F43D32324033:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:1
42:
9E7F27EA52212FE04BA9C460AC8E2B08A18A92C764D8207DDBA7F73DE8E7FAB91DA7486471E7A51BAFDC6EBD851B5265D939FEC670F8
...
F7B66C55A2772DF6541CF03429639C1C3818527F3B77E4DBF179AEA5C37645495488353BD97A37A68BC277BDB7FF4E6E46FD25EED682
4B9B21A82CCAA9484F9353EF1CA1
2727:d=5 hl=4 l=2048 prim: OCTET STRING [HEX DUMP]:187CFAED2A4E669FFCA28089379087770A50287640EB5
E7A242961D087C3157A1A29701946A57EE821591686C653304CC82C245B8F56CD953D15E704224B879D737C66D117AB8234A1CE5D123
...
39DD42164E90B2417476D27CE9FBD93914AD3C861278277221B68A8F4133B3486C9AB15EF40F8FBB31854051DDDCDF7FE01483DD1C1F
64CE1C56C949A8B330169EF643F87F600B997199523715628900E1F
Error in encoding
------------------------------------------------------------
Tanks for any help
-- Beat
> > I have an intermediate SMIME decrypting problem. I'm using following
> > commandline interface (little bit outdated openssl 0.9.6b @ HPUX-B.11.11):
> >
> > cat email | openssl smime -decrypt -inkey mykey -recip mycert
> >
> > This works usually without problems. But Emails from one particular
> > address I can decrypt only most of the time. Sometimes I'll get
> > following error message:
> >
> > openssl-0.9.6b:
> >
> > Error reading S/MIME message
> > 27549:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:139:
> > 27549:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> > 27549:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
> >
> > same effect with openssl-0.9.7-beta6:
> >
> > Error reading S/MIME message
> > 13482:error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data:a_d2i_fp.c:240:
> > 13482:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
> > 13482:error:2107A08B:PKCS7 routines:SMIME_read_PKCS7:pkcs7 parse error:pk7_mime.c:299:
> >
> > When I'll try the same command later it might or might not get decrypted successful ...
> > What does "header too long" mean in the context of SMIME decrypt (or "not enough data")?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
