Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check error return from cms_sd_asn1_ctrl() correctly. #21988

Closed
wants to merge 2 commits into from
Closed

Check error return from cms_sd_asn1_ctrl() correctly. #21988

wants to merge 2 commits into from

Conversation

paulidale
Copy link
Contributor

Fixes #21986

  • documentation is added or updated
  • tests are added or updated

@paulidale paulidale added branch: master Merge to master branch approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member triaged: bug The issue/pr is/fixes a bug branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 tests: exempted The PR is exempt from requirements for testing labels Sep 6, 2023
@paulidale paulidale self-assigned this Sep 6, 2023
@paulidale paulidale added the project Add item to the Project Board label Sep 6, 2023
@botovq
Copy link
Contributor

botovq commented Sep 7, 2023
edited

While this is a possible approach, I think it would make more sense to fix cms_generic_sign() to behave the same way as ossl_rsa_cms_sign() (i.e., return 0/1), or to do return cms_generic_sign(si, cmd) > 0; twice.

Otherwise the fixup of the return value after the ->pkey_ctrl() call is a bit strange.

openssl/crypto/cms/cms_sd.c

Lines 259 to 282 in 25b7025

static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
{
EVP_PKEY *pkey = si->pkey;
int i;
if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
return cms_generic_sign(si, cmd);
else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
return ossl_cms_rsa_sign(si, cmd);
/* Now give engines, providers, etc a chance to handle this */
if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
return cms_generic_sign(si, cmd);
i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
if (i == -2) {
ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
return 0;
}
if (i <= 0) {
ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
return 0;
}
return 1;
}

@paulidale
Copy link
Contributor Author

Yeah, that's a nicer approach I think.

@paulidale
Copy link
Contributor Author

paulidale commented Sep 7, 2023
edited

ossl_cms_rsa_sign() can also return -1 on error.

Anyway, updated.

@botovq
Copy link
Contributor

botovq commented Sep 7, 2023

I'm pretty sure it doesn't. I first thought so, too, but then noticed that here is a > 0 hiding at the end:

openssl/crypto/cms/cms_rsa.c

Line 246 in 025535e

return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0;

X509_ALGOR_set0 returns 0/1, so I think we're good.

slontis
slontis requested changes Sep 7, 2023
View reviewed changes
Copy link
Member

@slontis slontis left a comment
edited by paulidale

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a testcase..

The following commandline returns -1 from cms_generic_sign..
It then segfaults inside the shake ctrl.
openssl cms -sign -in test/smcont.txt -signer test/smime-certs/smdsa1.pem -md SHAKE256

[pauli: edited to correct the test case]

@paulidale paulidale added tests: present The PR has suitable tests present and removed tests: exempted The PR is exempt from requirements for testing labels Sep 7, 2023
@slontis slontis removed the approval: otc review pending This pull request needs review by an OTC member label Sep 7, 2023
@t8m t8m added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Sep 7, 2023
@botovq
Copy link
Contributor

botovq commented Sep 7, 2023

It's your codebase and the diff fixes the bug. However, if I was to write the fix, I would change the -1 returns in cms_generic_sign() to 0 returns. Then making things complicated with the three added > 0 is unnecessary. We've seen that doing this is confusing in this very thread. I also do not know why you'd want two internal APIs that are supposed to do the same thing that have different API contracts. So I think aligning the APIs is cleaner, leads to simpler code and makes it easier to add new things. Consistency matters.

@slontis
Copy link
Member

slontis commented Sep 8, 2023

I dont mind either way it is done. Currently I cant see a path where ossl_cms_rsa_sign() could return -1. But the > check doesnt hurt anything..

openssl-machine pushed a commit that referenced this pull request Sep 8, 2023
@paulidale
Check error return from cms_sd_asn1_ctrl() correctly.
00a413e 
Fixes #21986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #21988)
openssl-machine pushed a commit that referenced this pull request Sep 8, 2023
@paulidale
Add test case for #21986
c870a46 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #21988)
openssl-machine pushed a commit that referenced this pull request Sep 8, 2023
@paulidale
Check error return from cms_sd_asn1_ctrl() correctly.
f04c64b 
Fixes #21986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #21988)

(cherry picked from commit 00a413e)
openssl-machine pushed a commit that referenced this pull request Sep 8, 2023
@paulidale
Add test case for #21986
1b40dbf 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #21988)

(cherry picked from commit c870a46)
@paulidale
Copy link
Contributor Author

Thrice merged with conflicts resolved.

@paulidale paulidale closed this Sep 8, 2023
@paulidale paulidale deleted the cmd-sd-ret-check branch September 8, 2023 06:36
openssl-machine pushed a commit that referenced this pull request Sep 8, 2023
@paulidale
Check error return from cms_sd_asn1_ctrl() correctly.
2482061 
Fixes #21986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #21988)

(cherry picked from commit 00a413e)
openssl-machine pushed a commit that referenced this pull request Sep 8, 2023
@paulidale
Add test case for #21986
41136a9 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #21988)

(cherry picked from commit c870a46)
@bernd-edlinger
Copy link
Member

the merge commit 41136a9 to 3.0 branch removed the semicolon:
plan tests => 17
therefore now the test_cms test case is faliing due to syntax.

@paulidale
Copy link
Contributor Author

Oops. Thanks for pointhing this out. Fixed by #22045 already.

@bernd-edlinger
Copy link
Member

Okay, but it still fails for no-des doesn't it?

@bernd-edlinger
Copy link
Member

bernd-edlinger commented Sep 11, 2023
edited

i meant no-dsa ....

wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Sep 18, 2023
@paulidale @love-little-cute
Check error return from cms_sd_asn1_ctrl() correctly.
46eb254 
Fixes #21986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from openssl/openssl#21988)

(cherry picked from commit 00a413e)
Signed-off-by: Huiyue Xu <xuhuiyue@foxmail.com>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Sep 18, 2023
@paulidale @love-little-cute
Add test case for #21986
09a11b6 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from openssl/openssl#21988)

(cherry picked from commit c870a46)
Signed-off-by: Huiyue Xu <xuhuiyue@foxmail.com>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Sep 23, 2023
@paulidale
Check error return from cms_sd_asn1_ctrl() correctly.
04a8eb9 
Fixes #21986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from openssl/openssl#21988)

(cherry picked from commit 00a413e)
Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75 pushed a commit to openeuler-mirror/openssl that referenced this pull request Sep 23, 2023
@paulidale
Add test case for #21986
28a1c5f 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from openssl/openssl#21988)

(cherry picked from commit c870a46)
Signed-off-by: fly2x <fly2x@hitls.org>
xl32 pushed a commit to xl32/openssl that referenced this pull request Sep 29, 2023
@paulidale @xl32
Check error return from cms_sd_asn1_ctrl() correctly.
0f0ad5b 
Fixes openssl#21986

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from openssl#21988)

(cherry picked from commit 00a413e)
xl32 pushed a commit to xl32/openssl that referenced this pull request Sep 29, 2023
@paulidale @xl32
Add test case for openssl#21986
cf262c0 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from openssl#21988)

(cherry picked from commit c870a46)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@slontis slontis slontis approved these changes

Assignees

@paulidale paulidale

Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 project Add item to the Project Board tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug
Projects
Project Board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Return value confusion in cms_sd_asn1_ctrl()
5 participants
@paulidale @botovq @slontis @bernd-edlinger @t8m