Hello,
We're having a pkcs7 file that gives the following error when being parsed:
9872:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:.\crypto\asn1\tasn_dec.c:1320
(openssl-1.0.0-beta3, but same prob in openssl 0.9.8g)
Here's part of the file dump, the prob seems to occur at the "ERROR!" :
4 48: SEQUENCE {
8 6: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
19 160: [0] {
23 48: SEQUENCE {
27 2: INTEGER 3
30 49: SET {
32 48: SEQUENCE {
34 6: OBJECT IDENTIFIER sha2-256 (2 16 840 1 101 3 4 2 1)
: }
: }
45 48: SEQUENCE {
48 6: OBJECT IDENTIFIER '2 23 136 1 1 1'
56 160: [0] {
59 4: OCTET STRING, encapsulates {
EncapsulatedContentInfo
[skipped]
: }
: }
200 49: SET {
SignerInfos
204 48: SEQUENCE {
SignerInfo
208 2: INTEGER 1
CMSVersion
211 128: [0]
: 33 8D 0D 81 58 CA 84 C7 12 14 51 C6 8B 17 F0 95
ERROR!
: 5E A6 9D E4
233 48: SEQUENCE {
235 6: OBJECT IDENTIFIER sha2-256 (2 16 840 1 101 3 4 2 1)
DigestAlgorithmIdentifier
: }
[skipped]
Changing the CMSVersion to 3 doesn't work either.
Here's the definitions from http://www.ietf.org/rfc/rfc3852.txt:
SignerInfo ::= SEQUENCE {
version CMSVersion,
sid SignerIdentifier,
digestAlgorithm DigestAlgorithmIdentifier,
[...]
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier }
Could it be that the SubjectKeyIdentifier CHOICE isn't supported here,
that the parser expects a IssuerAndSerialNumber only?
Thx, best regards,
Stef Hoeben
Software Engineer
Zetes PASS - Personal Authentication and Security Services
_______________________________________
Zetes PASS - Rue de Strasbourg 3, 1130 Brussels
Tel.: +32 2 790 38 15 +++ 728 37 11 +++ Cell: +32 478 21 31 84
mailto: stef.hoe...@zetes.com
_______________________________________
WWW.ZETES.COM | ALWAYS A GOOD ID
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
