After updating TB from 60.5.0 to 60.5.1, S/MIME signed _and_ encrypted mails received from Outlook clients are marked as "signature is not valid"
Categories
(Thunderbird :: Security, defect)
Tracking
(thunderbird_esr6065+ fixed, thunderbird66 fixed, thunderbird67 fixed)
People
(Reporter: user841143, Assigned: KaiE)
References
Details
(Keywords: regression)
Attachments
(1 file)
|
1.68 KB,
patch
|
rrelyea
:
review+
jorgk-bmo
:
approval-comm-beta+
jorgk-bmo
:
approval-comm-esr60+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Steps to reproduce:
After updating Thunderbird from 60.5.0 to 60.5.1 the handling of validating S/MIME signed and encrypted mails has changed.
Configuration:
- Thunderbird version: 60.5.1, 32 bit, "en-US", maintenance service not installed
- OS: Win 7, 64 bit, patch level 2019-02
- (POP / IMAP): POP
Actual results:
S/MIME signed and encrypted mails received from Outlook clients (v15 and v16) are marked as "signature is not valid" now.
When selecting the envelope symbol the following warning message appears:
<<<<<
This message includes a digital signature, but the signature is invalid.
The signature does not match the message content correctly.
The message appears to have been altered after the sender signed it.
Additional info:
- The S/MIME encryption part is marked as valid.
- It doesn't matter what kind of certificates have been used for signing. Externally signed certificates (e.g. Comodo/Sectigo free S/MIME certificates) are affected as well as various certificates derived from self signed CAs.
- "Signed only" mails are not affected (using the same certificate that causes trouble when using sign and encrypt).
- S/MIME signed and encrypted mails received from Thunderbird clients are not affected.
- After downgrading to Thunderbird 60.5.0 S/MIME signed and encrypted mails will be handled as expected again.
Maybe this is an unintended side effect of "CVE-2018-18509: S/MIME signature spoofing".
Expected results:
Properly S/MIME signed and encrypted mails sent from Outlook clients should not be marked as "signature is not valid".
|
Assignee | |
Comment 1•5 years ago
|
||
Thanks for the bug report. I've sent you a signed message, requesting that you please send me a test message, which I could use to reproduce the issue.
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 2•5 years ago
|
||
I'm able to reproduce.
|
|
Assignee | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 3•5 years ago
|
||
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 4•5 years ago
|
||
IIRC Outlook sends opaque signed messages (not detached signatures, as used by Thunderbird).
If function nsCMSMessage::CommonVerifySignature gets called while processing an opaque signed message, we aren't given any digest data. In this scenario, we must keep the digest that has already been calculated elsewhere. The change from bug 1507218 incorrectly erases the existing digest in this scenario.
I'm sorry that we caused this regression. We don't have automated tests for the Thunderbird processing of S/MIME messages yet, only tests at the NSS library level. (We need to work on tests with a high priority.)
While we wait for the test automation work to get completed, we need to ensure that we have sufficient test input for interactive testing. I've attached a set of example messages and certificates to bug 1011625. The fix attached here passes those testcases.
|
|
Assignee | |
Comment 5•5 years ago
|
||
Comment on attachment 9044668 [details] [diff] [review] 1528615-v1.patch Bob, the other bugfix introduced this regression. This patch on top should be correct (don't replace earlier digest with NULL), could you please review it? I'll do some more testing tomorrow to doublecheck the fix is sufficient. Thanks in adanvace.
|
||
Updated•5 years ago
|
|
||
Comment 6•5 years ago
|
||
Kaie, please let me know the commit message or land it yourself in coordination with me via IRC around 23:00.
|
|
Assignee | |
Comment 7•5 years ago
|
||
commit comment:
Bug 1528615, regression fix for opaque S/MIME signatures, r=rrelyea
|
|
Assignee | |
Comment 8•5 years ago
|
||
I have provided manual test instructions in bug 1011625 comment 15.
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/6e69606ac5b9
regression fix for opaque S/MIME signatures. r=rrelyea
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Comment 10•5 years ago
|
||
TB 66 beta 2:
https://hg.mozilla.org/releases/comm-beta/rev/f9037fd1be3d1435bf7bf0fd45ce3045268febab
|
|
||
Comment 11•5 years ago
|
||
TB 60.5.2 ESR:
https://hg.mozilla.org/releases/comm-esr60/rev/abeab51e4976f0d0af37693e41891dd833dd811f
|
Reporter | |
Comment 12•5 years ago
|
||
I just compared all my S/MIME "signed" and S/MIME "signed and encrypted" emails between TB 60.5.0 on my host PC and TB 60.5.2 inside of a virtual machine.
No differences have been found. All email certificates that had been complained about in TB 60.5.1 are considered valid again.
Thunderbird package used for testing:
"https://ftp.mozilla.org/pub/thunderbird/releases/60.5.2/win32/en-US/Thunderbird Setup 60.5.2.exe"
(last modified: 2019-02-25, 05:01 pm)
Thank you for fixing this issue.
|
|
Assignee | |
Comment 13•5 years ago
|
||
Thanks for the feedback!
Description
•