[Bug 247267] mail/alpine: [regression] 2.22 on 12.1-RELEASE-p6 can no longer produce valid S/MIME signature

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jun 15 02:37:31 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247267

            Bug ID: 247267
           Summary: mail/alpine: [regression] 2.22 on 12.1-RELEASE-p6 can
                    no longer produce valid S/MIME signature
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs at FreeBSD.org
          Reporter: saper at saper.info
                CC: mbeis at xs4all.nl
             Flags: maintainer-feedback?(mbeis at xs4all.nl)
                CC: mbeis at xs4all.nl

Created attachment 215569
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=215569&action=edit
Reproduction case files as a tarfile

I'm trying to track the difference between

alpine 2.22 - FreeBSD 12.0-STABLE r345375
OpenSSL 1.1.1b-freebsd  26 Feb 2019
alpine built from ports

vs

alpine 2.22 - FreeBSD 12.1-RELEASE-p6  (fresh install)
OpenSSL 1.1.1d-freebsd  10 Sep 2019
alpine from packages/build from ports as well

The problem was with FreeBSD 12.1-RELEASE as well (upgrade to p6 did not change
anything).

I have also copied the 12.0 alpine binary to 12.1 and vice versa and it did not
fix the issue.

I have enabled S/MIME signing by default and the emails sent with alpine 2.22
from the 12.1 machine have a broken signature.

I have tracked this down to the difference in the sha256 hash in the message:

FreeBSD 12.0 machine generates a proper hash:

 2971:d=8  hl=2 l=  32 prim: OCTET STRING      [HEX
DUMP]:9DD6716C5FA06FB131A4F1F099D8E81B29621D73672A96B38291EFB27E553503

FreeBSD 12.1 machine generates something improper:

 2971:d=8  hl=2 l=  32 prim: OCTET STRING      [HEX
DUMP]:F6256B618764C64F31EF7D22F7609D2FA328F92F574048E397FFA62E99CBC917

In the attached files, "m" refers to the 12.0 machine, "q" to the 12.1 machine.

Files attached ->

two_messages/m.eml < message from 12.0 as received with gmail
two_messages/q.eml < message from 12.1 as received with gmail

S/MIME PKCS#7 binary attachments extracted with munpack:

two_messages/smime.m/smime.desc
two_messages/smime.m/smime.p7s
two_messages/smime.q/smime.desc
two_messages/smime.q/smime.p7s

Results of "openssl asn1parse -inform der" on the "p7s" files:

two_messages/m.asn1
two_messages/q.asn1


Plaintext messages obtained via "openssl cms -verify -in X.eml"

two_messages/m.plaintext
two_messages/q.plaintext

verification results:


> openssl cms -in m.eml -verify > /dev/null
Verification successful
> openssl cms -in q.eml -verify > /dev/null
Verification failure
34380907704:error:2E09A09E:CMS
routines:CMS_SignerInfo_verify_content:verification
failure:/usr/src/crypto/openssl/crypto/cms/cms_sd.c:853:
34380907704:error:2E09D06D:CMS routines:CMS_verify:content verify
error:/usr/src/crypto/openssl/crypto/cms/cms_smime.c:393:

> sha256 two_messages/m.plaintext
SHA256 (two_messages/m.plaintext) =
9dd6716c5fa06fb131a4f1f099d8e81b29621d73672a96b38291efb27e553503
> sha256 two_messages/q.plaintext
SHA256 (two_messages/q.plaintext) =
9dd6716c5fa06fb131a4f1f099d8e81b29621d73672a96b38291efb27e553503

locale setting on both machines:

pl_PL.UTF-8

.pinerc .addressbook and the mailboxes have been copied from 12.0 to 12.1

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list