Would you mind to raise the issue on GitHub with the reproduction? On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, <alon.bar...@gmail.com> wrote:
> Hi, > > I am trying to analyze openssl sources, and it looks like the resign > is implemented in an naive path that does not handle all cases. > > In other words, the CMS resign is not working in any case other than > the default execution path. > > For example the -noattr is also not working. > > I updated my reproduction project[1] to show all cases of resign that > do not work CMS_NO_ATTR, CMS_KEY_PARAM. > > I believe the root cause is that when resign is executed the > CMS_final() is not called and instead the i2d_CMS_bio() is called, > while its logic is incomplete. > > I hope this will ring a bell to people who are maintaining the > crypto/cms/* implementation. > > Tested [fails] with: > OpenSSL_1_1_1-stable > master > > Regards, > Alon > > [1] https://github.com/alonbl/openssl-cms-pss > > On Fri, Feb 19, 2021 at 10:06 PM Alon Bar-Lev <alon.bar...@gmail.com> > wrote: > > > > Thanks. > > I managed to narrow this, it is not related to pss also if I pass pkcs1 > I can reproduce. It has something to do with CMS_KEY_PARAM flag and add > signer. > > > > On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi < > thulasi.goripar...@gmail.com> wrote: > >> > >> With PSS, for the first signature, PSS alg ID and params are encoded > correctly, but not for the second signature(resign). > >> > >> 2542:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities > >> > >> 2553:d=7 hl=2 l= 108 cons: SET > >> > >> 2555:d=8 hl=2 l= 106 cons: SEQUENCE > >> > >> 2557:d=9 hl=2 l= 11 cons: SEQUENCE > >> > >> 2559:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc > >> > >> 2570:d=9 hl=2 l= 11 cons: SEQUENCE > >> > >> 2572:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc > >> > >> 2583:d=9 hl=2 l= 11 cons: SEQUENCE > >> > >> 2585:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc > >> > >> 2596:d=9 hl=2 l= 10 cons: SEQUENCE > >> > >> 2598:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc > >> > >> 2608:d=9 hl=2 l= 14 cons: SEQUENCE > >> > >> 2610:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc > >> > >> 2620:d=10 hl=2 l= 2 prim: INTEGER :80 > >> > >> 2624:d=9 hl=2 l= 13 cons: SEQUENCE > >> > >> 2626:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc > >> > >> 2636:d=10 hl=2 l= 1 prim: INTEGER :40 > >> > >> 2639:d=9 hl=2 l= 7 cons: SEQUENCE > >> > >> 2641:d=10 hl=2 l= 5 prim: OBJECT :des-cbc > >> > >> 2648:d=9 hl=2 l= 13 cons: SEQUENCE > >> > >> 2650:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc > >> > >> 2660:d=10 hl=2 l= 1 prim: INTEGER :28 > >> > >> 2663:d=5 hl=2 l= 0 cons: SEQUENCE > >> > >> 2665:d=5 hl=2 l= 0 prim: OCTET STRING > >> > >> 2667:d=4 hl=4 l= 723 cons: SEQUENCE > >> > >> 2671:d=5 hl=2 l= 1 prim: INTEGER :01 > >> > >> 2674:d=5 hl=3 l= 149 cons: SEQUENCE > >> > >> 2677:d=6 hl=3 l= 143 cons: SEQUENCE > >> > >> 2680:d=7 hl=2 l= 11 cons: SET > >> > >> 2682:d=8 hl=2 l= 9 cons: SEQUENCE > >> > >> 2684:d=9 hl=2 l= 3 prim: OBJECT :countryName > >> > >> 2689:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IN > >> > >> 2693:d=7 hl=2 l= 11 cons: SET > >> > >> ==multiple lines truncated== > >> > >> 2949:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities > >> > >> 2960:d=7 hl=2 l= 108 cons: SET > >> > >> 2962:d=8 hl=2 l= 106 cons: SEQUENCE > >> > >> 2964:d=9 hl=2 l= 11 cons: SEQUENCE > >> > >> 2966:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc > >> > >> 2977:d=9 hl=2 l= 11 cons: SEQUENCE > >> > >> 2979:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc > >> > >> 2990:d=9 hl=2 l= 11 cons: SEQUENCE > >> > >> 2992:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc > >> > >> 3003:d=9 hl=2 l= 10 cons: SEQUENCE > >> > >> 3005:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc > >> > >> 3015:d=9 hl=2 l= 14 cons: SEQUENCE > >> > >> 3017:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc > >> > >> 3027:d=10 hl=2 l= 2 prim: INTEGER :80 > >> > >> 3031:d=9 hl=2 l= 13 cons: SEQUENCE > >> > >> 3033:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc > >> > >> 3043:d=10 hl=2 l= 1 prim: INTEGER :40 > >> > >> 3046:d=9 hl=2 l= 7 cons: SEQUENCE > >> > >> 3048:d=10 hl=2 l= 5 prim: OBJECT :des-cbc > >> > >> 3055:d=9 hl=2 l= 13 cons: SEQUENCE > >> > >> 3057:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc > >> > >> 3067:d=10 hl=2 l= 1 prim: INTEGER :28 > >> > >> 3070:d=5 hl=2 l= 62 cons: SEQUENCE > >> > >> 3072:d=6 hl=2 l= 9 prim: OBJECT :rsassaPss > >> > >> 3083:d=6 hl=2 l= 49 cons: SEQUENCE > >> > >> 3085:d=7 hl=2 l= 13 cons: cont [ 0 ] > >> > >> 3087:d=8 hl=2 l= 11 cons: SEQUENCE > >> > >> 3089:d=9 hl=2 l= 9 prim: OBJECT :sha256 > >> > >> 3100:d=7 hl=2 l= 26 cons: cont [ 1 ] > >> > >> 3102:d=8 hl=2 l= 24 cons: SEQUENCE > >> > >> 3104:d=9 hl=2 l= 9 prim: OBJECT :mgf1 > >> > >> 3115:d=9 hl=2 l= 11 cons: SEQUENCE > >> > >> 3117:d=10 hl=2 l= 9 prim: OBJECT :sha256 > >> > >> 3128:d=7 hl=2 l= 4 cons: cont [ 2 ] > >> > >> 3130:d=8 hl=2 l= 2 prim: INTEGER :DE > >> > >> 3134:d=5 hl=4 l= 256 prim: OCTET STRING [HEX > DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007 > >> > >> > >> Thanks, > >> > >> Thulasi. > >> > >> > >> > >> On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <alon.bar...@gmail.com> > wrote: > >>> > >>> Thanks! > >>> Was about to write... I tested both 1.1 and master branches and result > is the same. > >>> > >>> > >>> On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi < > thulasi.goripar...@gmail.com> wrote: > >>>> > >>>> I am able to reproduce this issue with 1.1.1j too. > >>>> > >>>> openssl version -a > >>>> > >>>> OpenSSL 1.1.1j 16 Feb 2021 > >>>> > >>>> built on: Fri Feb 19 18:56:06 2021 UTC > >>>> > >>>> platform: darwin64-x86_64-cc > >>>> > >>>> options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) > >>>> > >>>> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC > -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT > -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM > -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM > -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT > -DNDEBUG > >>>> > >>>> OPENSSLDIR: "/usr/local/ssl" > >>>> > >>>> ENGINESDIR: "/usr/local/lib/engines-1.1" > >>>> > >>>> Seeding source: os-specific > >>>> > >>>> > >>>> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt > rsa_padding_mode:pss > >>>> > >>>> openssl cms -verify -in 1.cms -CAfile ca.pem > >>>> > >>>> Content-Type: text/plain > >>>> > >>>> > >>>> hello world > >>>> > >>>> Verification successful > >>>> > >>>> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt > rsa_padding_mode:pss > >>>> > >>>> openssl cms -verify -in 2.cms -CAfile ca.pem > >>>> > >>>> Error reading S/MIME message > >>>> > >>>> 4757167552:error:0D078079:asn1 encoding > routines:asn1_item_embed_d2i:field > missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR > >>>> > >>>> 4757167552:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, > Type=CMS_SignerInfo > >>>> > >>>> 4757167552:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData > >>>> > >>>> 4757167552:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:crypto/asn1/tasn_dec.c:646: > >>>> > >>>> 4757167552:error:0D08403A:asn1 encoding > routines:asn1_template_ex_d2i:nested asn1 > error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo > >>>> > >>>> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode > error:crypto/asn1/asn_mime.c:143: > >>>> > >>>> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 > sig parse error:crypto/asn1/asn_mime.c:451: > >>>> > >>>> > >>>> Thanks, > >>>> > >>>> Thulasi. > >>>> > >>>> > >>>> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni < > openssl-us...@dukhovni.org> wrote: > >>>>> > >>>>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote: > >>>>> > >>>>> > I am able to reproduce this issue with 1.1.1i > >>>>> > >>>>> OpenSSL 1.1.1j has been released. Do you still see the problem with > >>>>> 1.1.1j? > >>>>> > >>>>> -- > >>>>> Viktor. >
