Skip to content

CAdES: Fix SignerInfo attribute construction order.#8117

Closed
FdaSilvaYY wants to merge 2 commits intoopenssl:masterfrom
FdaSilvaYY:cades/fixup
Closed

CAdES: Fix SignerInfo attribute construction order.#8117
FdaSilvaYY wants to merge 2 commits intoopenssl:masterfrom
FdaSilvaYY:cades/fixup

Conversation

@FdaSilvaYY
Copy link
Contributor

@FdaSilvaYY FdaSilvaYY commented Jan 29, 2019
edited
Loading

Small fixup on the recent CAdES contribution.
Can be trigger if someone is using CMS_REUSE_DIGEST flag value.
Not a big issue, just a lack of logic ;)

Checklist
  • documentation is added or updated
  • tests are added or updated

@FdaSilvaYY FdaSilvaYY force-pushed the cades/fixup branch 4 times, most recently from dabcde4 to 30ae235 Compare February 1, 2019 22:40
@FdaSilvaYY FdaSilvaYY force-pushed the cades/fixup branch 2 times, most recently from 7ae8042 to 76561db Compare February 17, 2019 18:55
@FdaSilvaYY FdaSilvaYY mentioned this pull request Feb 17, 2019
Closed
2 tasks
@FdaSilvaYY
Copy link
Contributor Author

FdaSilvaYY commented Feb 17, 2019
edited
Loading

Ping @openssl: small fix quick to review.
A part of CAdES code addition was one code block too far, my mistake.
I improve a bit asn1 fuzz test at the same time.

FdaSilvaYY
FdaSilvaYY commented Feb 17, 2019
View reviewed changes
crypto/cms/cms_sd.c Outdated
Copy link
Contributor Author

@FdaSilvaYY FdaSilvaYY Feb 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code-block was just move down.

@FdaSilvaYY FdaSilvaYY force-pushed the cades/fixup branch 2 times, most recently from b913df4 to 18428c5 Compare February 19, 2019 19:49
slontis
slontis requested changes May 25, 2019
View reviewed changes
Copy link
Member

@slontis slontis left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I discovered this bug also while trying to fix another issue in cms related to signed attributes.
So your fix is good since adding extra signers with -cades enabled resulted in the attribute being added after the digest was calculated resulting in a incorrect signature.
Please add a test to test/recipes/80-test_cms.t (see #8944)

The test you need to add should be something like the following
./apps/openssl cms -sign -binary -nodetach -cades -nosmimecap -stream -in ./test/smcont.txt -outform DER -signer ./test/smime-certs/smrsa1.pem -md SHA256 -out test.cms

./apps/openssl cms -resign -binary -cades -nosmimecap -nodetach -in test.cms -inform DER -outform DER -signer ./test/smime-certs/smrsa2.pem -md SHA256 -out test2.cms

./apps/openssl cms -verify -in test2.cms -inform DER -CAfile ./test/smime-certs/smroot.pem -out smtst.txt

@slontis
Copy link
Member

slontis commented May 25, 2019

The travis failures are relevant.

slontis
slontis reviewed May 25, 2019
View reviewed changes
This was referenced May 25, 2019
Closed
Closed
@FdaSilvaYY
Copy link
Contributor Author

FdaSilvaYY commented May 25, 2019

@slontis : the CAdES verify feature changes and some additional tests are here : #8098
I will add the suggested tests in it.

@slontis slontis requested a review from a team May 27, 2019 09:41
@slontis
Copy link
Member

slontis commented May 27, 2019

@FdaSilvaYY is this code in 1_1 also?

@slontis
Copy link
Member

slontis commented May 27, 2019

The travis failure is related to the failing extended test (which is a known failure currently)

@FdaSilvaYY
Copy link
Contributor Author

FdaSilvaYY commented May 27, 2019

@FdaSilvaYY is this code in 1_1 also?

No, #7893 was just merged into master

@mattcaswell mattcaswell added the approval: done This pull request has the required number of approvals label May 28, 2019
levitte pushed a commit that referenced this pull request May 29, 2019
@FdaSilvaYY @slontis
CAdES: Fix SignerInfo attribute construction order.
8c89c80 
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Shane Lontis <[email protected]>
(Merged from #8117)
levitte pushed a commit that referenced this pull request May 29, 2019
@FdaSilvaYY @slontis
Fuzz: add a few more types into Fuzzing for ESS
cdc5ae9 
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Shane Lontis <[email protected]>
(Merged from #8117)
@slontis
Copy link
Member

slontis commented May 29, 2019

Merged. Thanks @FdaSilvaYY. You probably will want to rebase your other PR now that this one has gone in.

@slontis slontis closed this May 29, 2019
@FdaSilvaYY FdaSilvaYY deleted the cades/fixup branch May 29, 2019 06:41
@levitte levitte mentioned this pull request Nov 5, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattcaswell mattcaswell mattcaswell approved these changes

@slontis slontis slontis approved these changes

Assignees

No one assigned

Labels

approval: done This pull request has the required number of approvals

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FdaSilvaYY @slontis @mattcaswell