Bug 618500 - S/MIME signing does not work
Summary: S/MIME signing does not work
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: m2crypto (Show other bugs)
(Show other bugs)
Version: 13
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On: 691513
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-07-27 05:27 UTC by Maximiliano Bertacchini
Modified: 2011-06-15 14:59 UTC (History)
1 user (show)

Fixed In Version: m2crypto-0.21.1-3.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-04-15 21:28:39 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Maximiliano Bertacchini 2010-07-27 05:27:01 UTC
Description of problem:
Signing an S/MIME message generates a truncated message without any signature. Tried on fc13 i686 and x86_64 and got the same result. However it works in Ubuntu 10.04 with package version python-m2crypto-0.20.1.

Version-Release number of selected component (if applicable):
m2crypto-0.20.2-7.fc13

How reproducible:
Follow this tutorial up to the "Sign" section:
http://sandbox.rulemaker.net/ngps/m2/howto.smime.html

Steps to Reproduce:
1.Generate some example keys and certificates:
openssl req -newkey rsa:1024 -nodes -x509 -days 365 -out signer.pem
mv privkey.pem signer_key.pem

2.Run the following python script:
    from M2Crypto import BIO, Rand, SMIME

    def makebuf(text):
        return BIO.MemoryBuffer(text)

    # Make a MemoryBuffer of the message.
    buf = makebuf('a sign of our times')

    # Seed the PRNG.
    Rand.load_file('randpool.dat', -1)

    # Instantiate an SMIME object; set it up; sign the buffer.
    s = SMIME.SMIME()
    s.load_key('signer_key.pem', 'signer.pem')
    p7 = s.sign(buf)

    # Recreate buf.
    buf = makebuf('a sign of our times')

    # Output p7 in mail-friendly format.
    out = BIO.MemoryBuffer()
    out.write('From: sender@example.dom\n')
    out.write('To: recipient@example.dom\n')
    out.write('Subject: M2Crypto S/MIME testing\n')
    s.write(out, p7, buf)

    print out.read()
  

Actual results:

From: sender@example.dom
To: recipient@example.dom
Subject: M2Crypto S/MIME testing
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="----03D6C4E70DC75EF73B1EC56752C7DB8D"

This is an S/MIME signed message

------03D6C4E70DC75EF73B1EC56752C7DB8D
a sign of our times


Expected results:

From: sender@example.dom
To: recipient@example.dom
Subject: M2Crypto S/MIME testing
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----3F7BF7C54B3B0FC83AA1763644002CC8"

This is an S/MIME signed message

------3F7BF7C54B3B0FC83AA1763644002CC8
a sign of our times
------3F7BF7C54B3B0FC83AA1763644002CC8
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIETgYJKoZIhvcNAQcCoIIEPzCCBDsCAQExCzAJBgUrDgMCGgUAMCIGCSqGSIb3
DQEHAaAVBBNhIHNpZ24gb2Ygb3VyIHRpbWVzoIICVjCCAlIwggG7oAMCAQICCQC9
Y/e4Pl4ZJTANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJBUjEVMBMGA1UEBwwM
RGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMB4XDTEw
MDcyNzA0MjU1N1oXDTExMDcyNzA0MjU1N1owQjELMAkGA1UEBhMCQVIxFTATBgNV
BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoHf/k7EBVl0QW7ATFl2CSNOm7ySt
ox0h8ALp5SxnTnm6Qz8pUdzmEUN807yeQlnSnLfPUi5TaCXKxeTYlNLlgJulX0gq
iWdra3HoTMPZXgEoDuiFZiSht8UlCun3oFaNaIgDKfMP98/9hs2/wQkkA6jLYerw
GTTeOfRij6u0GJcCAwEAAaNQME4wHQYDVR0OBBYEFAXpYtAarwExEPMUfeD5JK+b
XWsKMB8GA1UdIwQYMBaAFAXpYtAarwExEPMUfeD5JK+bXWsKMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQEFBQADgYEAB3InA3/jTJEN9j4X+h0P3CjkCSuvYoXHRg5d
8jP79koq/+jO5nk5SZqg4nkY2tmlfjfAlzunAAVeGYNNFnj12/2ZKuWBLUz8kgao
nqhJ419hdPyyRkT2a7Uw/k7Ru9z4grV/SD/j5KXq/amieMnY0efYLtGt+T9Z8K8K
Ny2iPW8xggGpMIIBpQIBATBPMEIxCzAJBgNVBAYTAkFSMRUwEwYDVQQHDAxEZWZh
dWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQCCQC9Y/e4Pl4Z
JTAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTEwMDcyNzA1MTcxNlowIwYJKoZIhvcNAQkEMRYEFOoeRUd8ExIY
XfQq8BTFuKWrSP3iMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI
hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo
MA0GCSqGSIb3DQEBAQUABIGAVMV/v8qdH9zFuOjtfXMIyP3UHhL9In2Zm1J+G8Pi
V6ilTiCSipubnlkuOb6AC5g5pIObIzdl1MYJBdKYRVNIn1ScTpHnvQuNFwjA2yJw
Ojqnq1NZvsGQru6ksKxO4kdjKUhEB5C69K49Tphnhsoc8wKilMYeX/T0ft4TBJAO
uhk=

------3F7BF7C54B3B0FC83AA1763644002CC8--

Comment 1 Miloslav Trmač 2010-07-27 17:49:53 UTC
Thanks for your report.

I'm afraid the HOWTO is incorrect, at least for current versions of OpenSSL.

Both "s.sign" and "s.write" must use the same value of the SMIME.PKCS7_DETACHED flag; passing a third argument to SMIME.write implies SMIMEl.PKCS7_DETACHED.

I get something looking like the expected result after replacing the "s.sign" line
with
   p7 = s.sign(buf, SMIME.PKCS7_DETACHED)


Scripts from the howto are shipped in the m2crypto package and should be fixed; I'll keep this bug open to track that.

Comment 2 Maximiliano Bertacchini 2010-07-27 18:39:08 UTC
That fixed the issue. Thanks!

Comment 3 Miloslav Trmač 2011-03-28 17:55:15 UTC
Patch submitted upstream:
https://bugzilla.osafoundation.org/show_bug.cgi?id=13020

Comment 4 Fedora Update System 2011-04-05 22:07:08 UTC
m2crypto-0.21.1-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/m2crypto-0.21.1-3.fc15

Comment 5 Fedora Update System 2011-04-07 02:19:52 UTC
Package m2crypto-0.21.1-3.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing m2crypto-0.21.1-3.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/m2crypto-0.21.1-3.fc15
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2011-04-15 21:28:33 UTC
m2crypto-0.21.1-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2011-05-20 16:20:35 UTC
python26-m2crypto-0.21.1-5.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/python26-m2crypto-0.21.1-5.el5

Comment 8 Fedora Update System 2011-06-15 14:59:05 UTC
python26-m2crypto-0.21.1-5.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.