<div dir="auto">Would you mind to raise the issue on GitHub with the reproduction?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, <<a href="mailto:alon.barlev@gmail.com">alon.barlev@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I am trying to analyze openssl sources, and it looks like the resign<br>
is implemented in an naive path that does not handle all cases.<br>
<br>
In other words, the CMS resign is not working in any case other than<br>
the default execution path.<br>
<br>
For example the -noattr is also not working.<br>
<br>
I updated my reproduction project[1] to show all cases of resign that<br>
do not work CMS_NO_ATTR, CMS_KEY_PARAM.<br>
<br>
I believe the root cause is that when resign is executed the<br>
CMS_final() is not called and instead the i2d_CMS_bio() is called,<br>
while its logic is incomplete.<br>
<br>
I hope this will ring a bell to people who are maintaining the<br>
crypto/cms/* implementation.<br>
<br>
Tested [fails] with:<br>
OpenSSL_1_1_1-stable<br>
master<br>
<br>
Regards,<br>
Alon<br>
<br>
[1] <a href="https://github.com/alonbl/openssl-cms-pss" rel="noreferrer noreferrer" target="_blank">https://github.com/alonbl/openssl-cms-pss</a><br>
<br>
On Fri, Feb 19, 2021 at 10:06 PM Alon Bar-Lev <<a href="mailto:alon.barlev@gmail.com" target="_blank" rel="noreferrer">alon.barlev@gmail.com</a>> wrote:<br>
><br>
> Thanks.<br>
> I managed to narrow this, it is not related to pss also if I pass pkcs1 I can reproduce. It has something to do with CMS_KEY_PARAM flag and add signer.<br>
><br>
> On Fri, 19 Feb 2021 at 22:03 Thulasi Goriparthi <<a href="mailto:thulasi.goriparthi@gmail.com" target="_blank" rel="noreferrer">thulasi.goriparthi@gmail.com</a>> wrote:<br>
>><br>
>> With PSS, for the first signature, PSS alg ID and params are encoded correctly, but not for the second signature(resign).<br>
>><br>
>> 2542:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities<br>
>><br>
>> 2553:d=7 hl=2 l= 108 cons: SET<br>
>><br>
>> 2555:d=8 hl=2 l= 106 cons: SEQUENCE<br>
>><br>
>> 2557:d=9 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 2559:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc<br>
>><br>
>> 2570:d=9 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 2572:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc<br>
>><br>
>> 2583:d=9 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 2585:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc<br>
>><br>
>> 2596:d=9 hl=2 l= 10 cons: SEQUENCE<br>
>><br>
>> 2598:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc<br>
>><br>
>> 2608:d=9 hl=2 l= 14 cons: SEQUENCE<br>
>><br>
>> 2610:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc<br>
>><br>
>> 2620:d=10 hl=2 l= 2 prim: INTEGER :80<br>
>><br>
>> 2624:d=9 hl=2 l= 13 cons: SEQUENCE<br>
>><br>
>> 2626:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc<br>
>><br>
>> 2636:d=10 hl=2 l= 1 prim: INTEGER :40<br>
>><br>
>> 2639:d=9 hl=2 l= 7 cons: SEQUENCE<br>
>><br>
>> 2641:d=10 hl=2 l= 5 prim: OBJECT :des-cbc<br>
>><br>
>> 2648:d=9 hl=2 l= 13 cons: SEQUENCE<br>
>><br>
>> 2650:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc<br>
>><br>
>> 2660:d=10 hl=2 l= 1 prim: INTEGER :28<br>
>><br>
>> 2663:d=5 hl=2 l= 0 cons: SEQUENCE<br>
>><br>
>> 2665:d=5 hl=2 l= 0 prim: OCTET STRING<br>
>><br>
>> 2667:d=4 hl=4 l= 723 cons: SEQUENCE<br>
>><br>
>> 2671:d=5 hl=2 l= 1 prim: INTEGER :01<br>
>><br>
>> 2674:d=5 hl=3 l= 149 cons: SEQUENCE<br>
>><br>
>> 2677:d=6 hl=3 l= 143 cons: SEQUENCE<br>
>><br>
>> 2680:d=7 hl=2 l= 11 cons: SET<br>
>><br>
>> 2682:d=8 hl=2 l= 9 cons: SEQUENCE<br>
>><br>
>> 2684:d=9 hl=2 l= 3 prim: OBJECT :countryName<br>
>><br>
>> 2689:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IN<br>
>><br>
>> 2693:d=7 hl=2 l= 11 cons: SET<br>
>><br>
>> ==multiple lines truncated==<br>
>><br>
>> 2949:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities<br>
>><br>
>> 2960:d=7 hl=2 l= 108 cons: SET<br>
>><br>
>> 2962:d=8 hl=2 l= 106 cons: SEQUENCE<br>
>><br>
>> 2964:d=9 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 2966:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc<br>
>><br>
>> 2977:d=9 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 2979:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc<br>
>><br>
>> 2990:d=9 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 2992:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc<br>
>><br>
>> 3003:d=9 hl=2 l= 10 cons: SEQUENCE<br>
>><br>
>> 3005:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc<br>
>><br>
>> 3015:d=9 hl=2 l= 14 cons: SEQUENCE<br>
>><br>
>> 3017:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc<br>
>><br>
>> 3027:d=10 hl=2 l= 2 prim: INTEGER :80<br>
>><br>
>> 3031:d=9 hl=2 l= 13 cons: SEQUENCE<br>
>><br>
>> 3033:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc<br>
>><br>
>> 3043:d=10 hl=2 l= 1 prim: INTEGER :40<br>
>><br>
>> 3046:d=9 hl=2 l= 7 cons: SEQUENCE<br>
>><br>
>> 3048:d=10 hl=2 l= 5 prim: OBJECT :des-cbc<br>
>><br>
>> 3055:d=9 hl=2 l= 13 cons: SEQUENCE<br>
>><br>
>> 3057:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc<br>
>><br>
>> 3067:d=10 hl=2 l= 1 prim: INTEGER :28<br>
>><br>
>> 3070:d=5 hl=2 l= 62 cons: SEQUENCE<br>
>><br>
>> 3072:d=6 hl=2 l= 9 prim: OBJECT :rsassaPss<br>
>><br>
>> 3083:d=6 hl=2 l= 49 cons: SEQUENCE<br>
>><br>
>> 3085:d=7 hl=2 l= 13 cons: cont [ 0 ]<br>
>><br>
>> 3087:d=8 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 3089:d=9 hl=2 l= 9 prim: OBJECT :sha256<br>
>><br>
>> 3100:d=7 hl=2 l= 26 cons: cont [ 1 ]<br>
>><br>
>> 3102:d=8 hl=2 l= 24 cons: SEQUENCE<br>
>><br>
>> 3104:d=9 hl=2 l= 9 prim: OBJECT :mgf1<br>
>><br>
>> 3115:d=9 hl=2 l= 11 cons: SEQUENCE<br>
>><br>
>> 3117:d=10 hl=2 l= 9 prim: OBJECT :sha256<br>
>><br>
>> 3128:d=7 hl=2 l= 4 cons: cont [ 2 ]<br>
>><br>
>> 3130:d=8 hl=2 l= 2 prim: INTEGER :DE<br>
>><br>
>> 3134:d=5 hl=4 l= 256 prim: OCTET STRING [HEX DUMP]:66C7A406905E0BEF3BE8A55B8BA05915020B6960BDE4700C3C3FB2F115FE5BA60B453EFF39BA37E4D16CA3A86582B3057D05875766BE99C51BC5BEC9CD1AAE3BEC34943160BB06784209F1A3773E07A101BA3E2231FDF85FAB91872A081E37410905A09DAF530600BF9099B054B1DF869826E864A95F5D55DAE84A0CEC43E52F6D13574E1EF66A4E3A65883788E265D6C174211ADBCFEA96A9DD186887BFE040D6D0B59547D8763157D322F0307D7AF3123B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007<br>
>><br>
>><br>
>> Thanks,<br>
>><br>
>> Thulasi.<br>
>><br>
>><br>
>><br>
>> On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev <<a href="mailto:alon.barlev@gmail.com" target="_blank" rel="noreferrer">alon.barlev@gmail.com</a>> wrote:<br>
>>><br>
>>> Thanks!<br>
>>> Was about to write... I tested both 1.1 and master branches and result is the same.<br>
>>><br>
>>><br>
>>> On Fri, 19 Feb 2021 at 21:04 Thulasi Goriparthi <<a href="mailto:thulasi.goriparthi@gmail.com" target="_blank" rel="noreferrer">thulasi.goriparthi@gmail.com</a>> wrote:<br>
>>>><br>
>>>> I am able to reproduce this issue with 1.1.1j too.<br>
>>>><br>
>>>> openssl version -a<br>
>>>><br>
>>>> OpenSSL 1.1.1j 16 Feb 2021<br>
>>>><br>
>>>> built on: Fri Feb 19 18:56:06 2021 UTC<br>
>>>><br>
>>>> platform: darwin64-x86_64-cc<br>
>>>><br>
>>>> options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)<br>
>>>><br>
>>>> compiler: cc -fPIC -arch x86_64 -g -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG<br>
>>>><br>
>>>> OPENSSLDIR: "/usr/local/ssl"<br>
>>>><br>
>>>> ENGINESDIR: "/usr/local/lib/engines-1.1"<br>
>>>><br>
>>>> Seeding source: os-specific<br>
>>>><br>
>>>><br>
>>>> openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms -keyopt rsa_padding_mode:pss<br>
>>>><br>
>>>> openssl cms -verify -in 1.cms -CAfile ca.pem<br>
>>>><br>
>>>> Content-Type: text/plain<br>
>>>><br>
>>>><br>
>>>> hello world<br>
>>>><br>
>>>> Verification successful<br>
>>>><br>
>>>> openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms -keyopt rsa_padding_mode:pss<br>
>>>><br>
>>>> openssl cms -verify -in 2.cms -CAfile ca.pem<br>
>>>><br>
>>>> Error reading S/MIME message<br>
>>>><br>
>>>> 4757167552:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing:crypto/asn1/tasn_dec.c:425:Field=algorithm, Type=X509_ALGOR<br>
>>>><br>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=signatureAlgorithm, Type=CMS_SignerInfo<br>
>>>><br>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:615:Field=signerInfos, Type=CMS_SignedData<br>
>>>><br>
>>>> 4757167552:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:<br>
>>>><br>
>>>> 4757167552:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.signedData, Type=CMS_ContentInfo<br>
>>>><br>
>>>> 4757167552:error:0D0D106E:asn1 encoding routines:b64_read_asn1:decode error:crypto/asn1/asn_mime.c:143:<br>
>>>><br>
>>>> 4757167552:error:0D0D40CC:asn1 encoding routines:SMIME_read_ASN1:asn1 sig parse error:crypto/asn1/asn_mime.c:451:<br>
>>>><br>
>>>><br>
>>>> Thanks,<br>
>>>><br>
>>>> Thulasi.<br>
>>>><br>
>>>><br>
>>>> On Sat, 20 Feb 2021 at 00:09, Viktor Dukhovni <<a href="mailto:openssl-users@dukhovni.org" target="_blank" rel="noreferrer">openssl-users@dukhovni.org</a>> wrote:<br>
>>>>><br>
>>>>> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:<br>
>>>>><br>
>>>>> > I am able to reproduce this issue with 1.1.1i<br>
>>>>><br>
>>>>> OpenSSL 1.1.1j has been released. Do you still see the problem with<br>
>>>>> 1.1.1j?<br>
>>>>><br>
>>>>> --<br>
>>>>> Viktor.<br>
</blockquote></div>