Date: Mon, 15 Jun 2020 02:37:28 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 247267] mail/alpine: [regression] 2.22 on 12.1-RELEASE-p6 can no longer produce valid S/MIME signature Message-ID: <bug-247267-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D247267 Bug ID: 247267 Summary: mail/alpine: [regression] 2.22 on 12.1-RELEASE-p6 can no longer produce valid S/MIME signature Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: saper@saper.info CC: mbeis@xs4all.nl Flags: maintainer-feedback?(mbeis@xs4all.nl) CC: mbeis@xs4all.nl Created attachment 215569 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D215569&action= =3Dedit Reproduction case files as a tarfile I'm trying to track the difference between alpine 2.22 - FreeBSD 12.0-STABLE r345375 OpenSSL 1.1.1b-freebsd 26 Feb 2019 alpine built from ports vs alpine 2.22 - FreeBSD 12.1-RELEASE-p6 (fresh install) OpenSSL 1.1.1d-freebsd 10 Sep 2019 alpine from packages/build from ports as well The problem was with FreeBSD 12.1-RELEASE as well (upgrade to p6 did not ch= ange anything). I have also copied the 12.0 alpine binary to 12.1 and vice versa and it did= not fix the issue. I have enabled S/MIME signing by default and the emails sent with alpine 2.= 22 from the 12.1 machine have a broken signature. I have tracked this down to the difference in the sha256 hash in the messag= e: FreeBSD 12.0 machine generates a proper hash: 2971:d=3D8 hl=3D2 l=3D 32 prim: OCTET STRING [HEX DUMP]:9DD6716C5FA06FB131A4F1F099D8E81B29621D73672A96B38291EFB27E553503 FreeBSD 12.1 machine generates something improper: 2971:d=3D8 hl=3D2 l=3D 32 prim: OCTET STRING [HEX DUMP]:F6256B618764C64F31EF7D22F7609D2FA328F92F574048E397FFA62E99CBC917 In the attached files, "m" refers to the 12.0 machine, "q" to the 12.1 mach= ine. Files attached -> two_messages/m.eml < message from 12.0 as received with gmail two_messages/q.eml < message from 12.1 as received with gmail S/MIME PKCS#7 binary attachments extracted with munpack: two_messages/smime.m/smime.desc two_messages/smime.m/smime.p7s two_messages/smime.q/smime.desc two_messages/smime.q/smime.p7s Results of "openssl asn1parse -inform der" on the "p7s" files: two_messages/m.asn1 two_messages/q.asn1 Plaintext messages obtained via "openssl cms -verify -in X.eml" two_messages/m.plaintext two_messages/q.plaintext verification results: > openssl cms -in m.eml -verify > /dev/null Verification successful > openssl cms -in q.eml -verify > /dev/null Verification failure 34380907704:error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure:/usr/src/crypto/openssl/crypto/cms/cms_sd.c:853: 34380907704:error:2E09D06D:CMS routines:CMS_verify:content verify error:/usr/src/crypto/openssl/crypto/cms/cms_smime.c:393: > sha256 two_messages/m.plaintext SHA256 (two_messages/m.plaintext) =3D 9dd6716c5fa06fb131a4f1f099d8e81b29621d73672a96b38291efb27e553503 > sha256 two_messages/q.plaintext SHA256 (two_messages/q.plaintext) =3D 9dd6716c5fa06fb131a4f1f099d8e81b29621d73672a96b38291efb27e553503 locale setting on both machines: pl_PL.UTF-8 .pinerc .addressbook and the mailboxes have been copied from 12.0 to 12.1 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-247267-7788>