Would you mind to raise the issue on GitHub with the reproduction?
On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, <alon.barlev@xxxxxxxxx> wrote:
Hi,
I am trying to analyze openssl sources, and it looks like the resign
is implemented in an naive path that does not handle all cases.
In other words, the CMS resign is not working in any case other than
the default execution path.
For example the -noattr is also not working.
I updated my reproduction project[1] to show all cases of resign that
do not work CMS_NO_ATTR, CMS_KEY_PARAM.
I believe the root cause is that when resign is executed the
CMS_final() is not called and instead the i2d_CMS_bio() is called,
while its logic is incomplete.
I hope this will ring a bell to people who are maintaining the
crypto/cms/* implementation.
Tested [fails] with:
OpenSSL_1_1_1-stable
master
Regards,
Alon
[1] https://github.com/alonbl/openssl-cms-pss
On Fri, Feb 19, 2021 at 10:06 PM Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:
>
> Thanks.
> I managed to narrow this, it is not related to pss also if I pass pkcs1 I can reproduce. It has something to do with CMS_KEY_PARAM flag and add signer.
>
> On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi <thulasi.goriparthi@xxxxxxxxx> wrote:
>>
>> With PSS, for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign).
>>
>> 2542:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities
>>
>> 2553:d=7 hl=2 l= 108 cons: SET
>>
>> 2555:d=8 hl=2 l= 106 cons: SEQUENCE
>>
>> 2557:d=9 hl=2 l= 11 cons: SEQUENCE
>>
>> 2559:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc
>>
>> 2570:d=9 hl=2 l= 11 cons: SEQUENCE
>>
>> 2572:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc
>>
>> 2583:d=9 hl=2 l= 11 cons: SEQUENCE
>>
>> 2585:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc
>>
>> 2596:d=9 hl=2 l= 10 cons: SEQUENCE
>>
>> 2598:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
>>
>> 2608:d=9 hl=2 l= 14 cons: SEQUENCE
>>
>> 2610:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
>>
>> 2620:d=10 hl=2 l= 2 prim: INTEGER :80
>>
>> 2624:d=9 hl=2 l= 13 cons: SEQUENCE
>>
>> 2626:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
>>
>> 2636:d=10 hl=2 l= 1 prim: INTEGER :40
>>
>> 2639:d=9 hl=2 l= 7 cons: SEQUENCE
>>
>> 2641:d=10 hl=2 l= 5 prim: OBJECT :des-cbc
>>
>> 2648:d=9 hl=2 l= 13 cons: SEQUENCE
>>
>> 2650:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
>>
>> 2660:d=10 hl=2 l= 1 prim: INTEGER :28
>>
>> 2663:d=5 hl=2 l= 0 cons: SEQUENCE
>>
>> 2665:d=5 hl=2 l= 0 prim: OCTET STRING
>>
>> 2667:d=4 hl=4 l= 723 cons: SEQUENCE
>>
>> 2671:d=5 hl=2 l= 1 prim: INTEGER :01
>>
>> 2674:d=5 hl=3 l= 149 cons: SEQUENCE
>>
>> 2677:d=6 hl=3 l= 143 cons: SEQUENCE
>>
>> 2680:d=7 hl=2 l= 11 cons: SET
>>
>> 2682:d=8 hl=2 l= 9 cons: SEQUENCE
>>
>> 2684:d=9 hl=2 l= 3 prim: OBJECT :countryName
>>
>> 2689:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IN
>>
>> 2693:d=7 hl=2 l= 11 cons: SET
>>
>> ==multiple lines truncated==
>>
>> 2949:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities
>>
>> 2960:d=7 hl=2 l= 108 cons: SET
>>
>> 2962:d=8 hl=2 l= 106 cons: SEQUENCE
>>
>> 2964:d=9 hl=2 l= 11 cons: SEQUENCE
>>
>> 2966:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc
>>
>> 2977:d=9 hl=2 l= 11 cons: SEQUENCE
>>
>> 2979:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc
>>
>> 2990:d=9 hl=2 l= 11 cons: SEQUENCE
>>
>> 2992:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc
>>
>> 3003:d=9 hl=2 l= 10 cons: SEQUENCE
>>
>> 3005:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
>>
>> 3015:d=9 hl=2 l= 14 cons: SEQUENCE
>>
>> 3017:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
>>
>> 3027:d=10 hl=2 l= 2 prim: INTEGER :80
>>
>> 3031:d=9 hl=2 l= 13 cons: SEQUENCE
>>
>> 3033:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
>>
>> 3043:d=10 hl=2 l= 1 prim: INTEGER :40
>>
>> 3046:d=9 hl=2 l= 7 cons: SEQUENCE
>>
>> 3048:d=10 hl=2 l= 5 prim: OBJECT :des-cbc
>>
>> 3055:d=9 hl=2 l= 13 cons: SEQUENCE
>>
>> 3057:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
>>
>> 3067:d=10 hl=2 l= 1 prim: INTEGER :28
>>
>> 3070:d=5 hl=2 l= 62 cons: SEQUENCE
>>
>> 3072:d=6 hl=2 l= 9 prim: OBJECT :rsassaPss
>>
>> 3083:d=6 hl=2 l= 49 cons: SEQUENCE
>>
>> 3085:d=7 hl=2 l= 13 cons: cont [ 0 ]
>>
>> 3087:d=8 hl=2 l= 11 cons: SEQUENCE
>>
>> 3089:d=9 hl=2 l= 9 prim: OBJECT :sha256
>>
>> 3100:d=7 hl=2 l= 26 cons: cont [ 1 ]
>>
>> 3102:d=8 hl=2 l= 24 cons: SEQUENCE
>>
>> 3104:d=9 hl=2 l= 9 prim: OBJECT :mgf1
>>
>> 3115:d=9 hl=2 l= 11 cons: SEQUENCE
>>
>> 3117:d=10 hl=2 l= 9 prim: OBJECT :sha256
>>
>> 3128:d=7 hl=2 l= 4 cons: cont [ 2 ]
>>
>> 3130:d=8 hl=2 l= 2 prim: INTEGER :DE
>>
>> 3134:d=5 hl=4 l= 256 prim: OCTET STRING [HEX DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007
>>
>>
>> Thanks,
>>
>> Thulasi.
>>
>>
>>
>> On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:
>>>
>>> Thanks!
>>> Was about to write... I tested both 1.1 and master branches and result is the same.
>>>
>>>
>>> On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <thulasi.goriparthi@xxxxxxxxx> wrote:
>>>>
>>>> I am able to reproduce this issue with 1.1.1j too.
>>>>
>>>> openssl version -a
>>>>
>>>> OpenSSL 1.1.1j 16 Feb 2021
>>>>
>>>> built on: Fri Feb 19 18:56:06 2021 UTC
>>>>
>>>> platform: darwin64-x86_64-cc
>>>>
>>>> options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
>>>>
>>>> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG
>>>>
>>>> OPENSSLDIR: "/usr/local/ssl"
>>>>
>>>> ENGINESDIR: "/usr/local/lib/engines-1.1"
>>>>
>>>> Seeding source: os-specific
>>>>
>>>>
>>>> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss
>>>>
>>>> openssl cms -verify -in 1.cms -CAfile ca.pem
>>>>
>>>> Content-Type: text/plain
>>>>
>>>>
>>>> hello world
>>>>
>>>> Verification successful
>>>>
>>>> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss
>>>>
>>>> openssl cms -verify -in 2.cms -CAfile ca.pem
>>>>
>>>> Error reading S/MIME message
>>>>
>>>> 4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData
>>>>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:
>>>>
>>>> 4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo
>>>>
>>>> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:
>>>>
>>>> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Thulasi.
>>>>
>>>>
>>>> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
>>>>>
>>>>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>>>>>
>>>>> > I am able to reproduce this issue with 1.1.1i
>>>>>
>>>>> OpenSSL 1.1.1j has been released. Do you still see the problem with
>>>>> 1.1.1j?
>>>>>
>>>>> --
>>>>> Viktor.
