PKCS#7/CMS verify reports bad signature

Mon Apr 1 14:33:26 UTC 2019

Hello Matt,

Thank you for your reply!

I am not quite sure if I should do something more but specifying "-binary"
alone does not seem to help:

# 1.0.2r
$ /usr/local/opt/openssl/bin/openssl cms -verify -inform der -in test.der
-content test-data.bin -noverify -binary > /dev/null
Verification successful

# 1.1.1b
$ /usr/local/opt/openssl\@1.1/bin/openssl cms -verify -inform der -in
test.der -content test-data.bin -noverify -binary > /dev/null
Verification failure
4465374656:error:04091068:rsa routines:int_rsa_verify:bad
signature:crypto/rsa/rsa_sign.c:220:
4465374656:error:2E09809E:CMS routines:CMS_SignerInfo_verify:verification
failure:crypto/cms/cms_sd.c:741:

Other ideas are much appreciated!

On Mon, Apr 1, 2019 at 3:58 PM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 01/04/2019 14:46, Steffen wrote:
> > Hello,
> >
> > I am struggling with using OpenSSL 1.1.1 to verify a PKCS #7/CMS
> structure.
> > Verification succeeds when I use OpenSSL 1.0.2, but 1.1.0 and 1.1.1
> fails with
> > "bad signature". I initially had this problem when using the OpenSSL
> library but
> > I see that the problem also applies to the OpenSSL CLI.
>
> Could be this (from CHANGES):
>
>   *) Fixed a text canonicalisation bug in CMS
>
>      Where a CMS detached signature is used with text content the text goes
>      through a canonicalisation process first prior to signing or
> verifying a
>      signature. This process strips trailing space at the end of lines,
> converts
>      line terminators to CRLF and removes additional trailing line
> terminators
>      at the end of a file. A bug in the canonicalisation process meant that
>      some characters, such as form-feed, were incorrectly treated as
> whitespace
>      and removed. This is contrary to the specification (RFC5485). This fix
>      could mean that detached text data signed with an earlier version of
>      OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
>      signed with a fixed OpenSSL may fail to verify with an earlier
> version of
>      OpenSSL 1.1.0. A workaround is to only verify the canonicalised text
> data
>      and use the "-binary" flag (for the "cms" command line application)
> or set
>      the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using
> CMS_verify()).
>      [Matt Caswell]
>
> Matt
>
> >
> > I am at loss and need some help with this issue. Please see the commands
> I used
> > below. Thank you for any assistance you can provide!
> >
> > Notes:
> >
> >   * "-noverify" was used because the certificates expired.
> >   * Verification succeeds when specifying "-nosigs".
> >   * "openssl cms -verify [...]" behaves the same way.
> >   * Since the files I am working with (test.der and test-data.bin) are
> part of a
> >     private project, I am not ready to share these in public.
> >   * I do not know exactly how the message structure was created but I
> guess
> >     either with some OpenSSL 1.0.2, Java with or without BouncyCastle.
> >
> > Commands used:
> >
> > # Environment: macOS 10.14.3 / Homebrew
> >
> > $ /usr/local/opt/openssl/bin/openssl version
> > OpenSSL 1.0.2r  26 Feb 2019
> >
> > $ /usr/local/opt/openssl/bin/openssl smime -verify -inform der -in
> test.der
> > -content test-data.bin -noverify
> > Verification successful
> >
> > $ /usr/local/opt/openssl\@1.1/bin/openssl version
> > OpenSSL 1.1.1b  26 Feb 2019
> >
> > $ /usr/local/opt/openssl\@1.1/bin/openssl smime -verify -inform der -in
> test.der
> > -content test-data.bin -noverify
> > Verification failure
> > 4563408320:error:04091068:rsa routines:int_rsa_verify:bad
> > signature:crypto/rsa/rsa_sign.c:220:
> > 4563408320:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature
> > failure:crypto/pkcs7/pk7_doit.c:1037:
> > 4563408320:error:21075069:PKCS7 routines:PKCS7_verify:signature
> > failure:crypto/pkcs7/pk7_smime.c:353:
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190401/2878c6ff/attachment.html>