1 (edited by bstraehl 2021-01-13 05:57:32)

Topic: PKCS#7 CMS detached signature verification failure (ASN_PARSE_E)

I try to do a verification of a detached PKCS#7 CMS signature. The verification fails with ASN_PARSE_E (-140). I'm using function wc_PKCS7_VerifySignedData_ex. The reason why it fails is an ASN.1 parsing synchronization error. It happens after the failing attempt to read non-existing signed data (after object 1.2.840.113549.1.7.1) from the signature. Instead on this position the sequence of certificates begins, but wc_PKCS7_VerifySignedData_ex already returned with ASN_PARSE_E. In my opinion, wc_PKCS7_VerifySignedData_ex should be able to handle both situations. Either there is signed data OR an implicit[0] set of certificates.

Please find attached the binary (its SHA256 was used for signing) and the resulting signature.

I used wolfSSL from https://github.com/wolfSSL/wolfssl commit: c57fee136a40f7dcd2c8315a3c6bfe602ca98b8c

Post's attachments

signature_and_binary.zip 4.87 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

2 (edited by bstraehl 2021-01-15 08:18:01)

Re: PKCS#7 CMS detached signature verification failure (ASN_PARSE_E)

I attached my test application here.

Post's attachments

main.c 2.45 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: PKCS#7 CMS detached signature verification failure (ASN_PARSE_E)

Hi bstraehl,

Thanks for attaching your test application.  We'll look into this and get back to you shortly.

Best Regards,
Chris

Re: PKCS#7 CMS detached signature verification failure (ASN_PARSE_E)

Hello Chris

Are there any news in this concern? If it is of any help, I have a version of the function wc_PKCS7_VerifySignedData that works. I fixed the issue mainly by removing the code, which deals with the interpretation of the embedded signed data.

Best regards,
Beat

Share