Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CAdES Verification: Misleading error message for missing signing certificate attribute #24224

Closed
GGolbik opened this issue Apr 22, 2024 · 1 comment
Closed

CAdES Verification: Misleading error message for missing signing certificate attribute #24224

GGolbik opened this issue Apr 22, 2024 · 1 comment
Labels
branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 good first issue Bite size change that could be a good start help wanted triaged: bug The issue/pr is/fixes a bug

Comments

@GGolbik
Copy link

GGolbik commented Apr 22, 2024

If I try to verify a CAdES signature that does not contain a signing certificate attribute (OID: 1.2.840.113549.1.9.16.2.12 and 1.2.840.113549.1.9.16.2.47), I receive the misleading error message content type not signed data.

openssl cms -verify -in signature.p7s -content signedData.txt -inform DER -CAfile root-cert.crt -cades
CAdES Verification failure
40678F35B07F0000:error:1700006C:CMS routines:OSSL_ESS_check_signing_certs:content type not signed data:../crypto/ess/ess_lib.c:296:

Found in OpenSSL version 3.0.2. The referenced line should contain ERR_LIB_ESS instead of ERR_LIB_CMS.

openssl/crypto/ess/ess_lib.c

Line 296 in 1bf649b

ERR_raise(ERR_LIB_CMS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE);

This issue still exists in OpenSSL version 3.3.0

openssl/crypto/ess/ess_lib.c

Line 349 in 4cb3112

ERR_raise(ERR_LIB_CMS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE);

@nhorman nhorman added triaged: bug The issue/pr is/fixes a bug help wanted good first issue Bite size change that could be a good start labels Apr 22, 2024
@leerubin13
Copy link
Contributor

This looks like a great first issue for me. I'll get on it now and submit a pull request.

@leerubin13 leerubin13 mentioned this issue Apr 22, 2024
Open
@t8m t8m added branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 labels Apr 24, 2024
@leerubin13 leerubin13 mentioned this issue Apr 28, 2024
Closed
openssl-machine pushed a commit that referenced this issue Apr 30, 2024
@leerubin13 @t8m
ess_lib.c: Changed ERR_LIB_CMS to ERR_LIB_ESS
d65c1de 
This fixes an incorrect error message.

Fixes #24224
CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #24290)

(cherry picked from commit 2d29a8a)
openssl-machine pushed a commit that referenced this issue Apr 30, 2024
@leerubin13 @t8m
ess_lib.c: Changed ERR_LIB_CMS to ERR_LIB_ESS
e4a8761 
This fixes an incorrect error message.

Fixes #24224
CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #24290)

(cherry picked from commit 2d29a8a)
openssl-machine pushed a commit that referenced this issue Apr 30, 2024
@leerubin13 @t8m
ess_lib.c: Changed ERR_LIB_CMS to ERR_LIB_ESS
d68a21f 
This fixes an incorrect error message.

Fixes #24224
CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #24290)

(cherry picked from commit 2d29a8a)
openssl-machine pushed a commit that referenced this issue Apr 30, 2024
@leerubin13 @t8m
ess_lib.c: Changed ERR_LIB_CMS to ERR_LIB_ESS
8d0d05e 
This fixes an incorrect error message.

Fixes #24224
CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #24290)

(cherry picked from commit 2d29a8a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 good first issue Bite size change that could be a good start help wanted triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nhorman @t8m @GGolbik @leerubin13