After updating TB from 60.5.0 to 60.5.1, S/MIME signed _and_ encrypted mails received from Outlook clients are marked as "signature is not valid"

RESOLVED FIXED in Thunderbird 67.0

Status

defect
RESOLVED FIXED
5 months ago
5 months ago

People

(Reporter: user841143, Assigned: kaie)

Tracking

({regression})

Thunderbird 67.0
Dependency tree / graph

Thunderbird Tracking Flags

(thunderbird_esr6065+ fixed, thunderbird66 fixed, thunderbird67 fixed)

Details

Attachments

(1 attachment)

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

Steps to reproduce:

After updating Thunderbird from 60.5.0 to 60.5.1 the handling of validating S/MIME signed and encrypted mails has changed.

Configuration:

  • Thunderbird version: 60.5.1, 32 bit, "en-US", maintenance service not installed
  • OS: Win 7, 64 bit, patch level 2019-02
  • (POP / IMAP): POP

Actual results:

S/MIME signed and encrypted mails received from Outlook clients (v15 and v16) are marked as "signature is not valid" now.

When selecting the envelope symbol the following warning message appears:
<<<<<
This message includes a digital signature, but the signature is invalid.

The signature does not match the message content correctly.
The message appears to have been altered after the sender signed it.

Additional info:

  • The S/MIME encryption part is marked as valid.
  • It doesn't matter what kind of certificates have been used for signing. Externally signed certificates (e.g. Comodo/Sectigo free S/MIME certificates) are affected as well as various certificates derived from self signed CAs.
  • "Signed only" mails are not affected (using the same certificate that causes trouble when using sign and encrypt).
  • S/MIME signed and encrypted mails received from Thunderbird clients are not affected.
  • After downgrading to Thunderbird 60.5.0 S/MIME signed and encrypted mails will be handled as expected again.

Maybe this is an unintended side effect of "CVE-2018-18509: S/MIME signature spoofing".

Expected results:

Properly S/MIME signed and encrypted mails sent from Outlook clients should not be marked as "signature is not valid".

Thanks for the bug report. I've sent you a signed message, requesting that you please send me a test message, which I could use to reproduce the issue.

Assignee: nobody → kaie

I'm able to reproduce.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: regression
Blocks: 1507218
Attachment #9044668 - Attachment description: 1011625-v1.patch → 1528615-v1.patch
Attachment #9044668 - Attachment filename: 1011625-v1.patch → 1528615-v1.patch

IIRC Outlook sends opaque signed messages (not detached signatures, as used by Thunderbird).

If function nsCMSMessage::CommonVerifySignature gets called while processing an opaque signed message, we aren't given any digest data. In this scenario, we must keep the digest that has already been calculated elsewhere. The change from bug 1507218 incorrectly erases the existing digest in this scenario.

I'm sorry that we caused this regression. We don't have automated tests for the Thunderbird processing of S/MIME messages yet, only tests at the NSS library level. (We need to work on tests with a high priority.)

While we wait for the test automation work to get completed, we need to ensure that we have sufficient test input for interactive testing. I've attached a set of example messages and certificates to bug 1011625. The fix attached here passes those testcases.

Comment on attachment 9044668 [details] [diff] [review]
1528615-v1.patch

Bob, the other bugfix introduced this regression.

This patch on top should be correct (don't replace earlier digest with NULL), could you please review it?

I'll do some more testing tomorrow to doublecheck the fix is sufficient. Thanks in adanvace.
Attachment #9044668 - Flags: review?(rrelyea)
Attachment #9044668 - Flags: review?(rrelyea) → review+

Kaie, please let me know the commit message or land it yourself in coordination with me via IRC around 23:00.

commit comment:
Bug 1528615, regression fix for opaque S/MIME signatures, r=rrelyea

I have provided manual test instructions in bug 1011625 comment 15.

Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/6e69606ac5b9
regression fix for opaque S/MIME signatures. r=rrelyea

Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 67.0
Attachment #9044668 - Flags: approval-comm-esr60+
Attachment #9044668 - Flags: approval-comm-beta+

I just compared all my S/MIME "signed" and S/MIME "signed and encrypted" emails between TB 60.5.0 on my host PC and TB 60.5.2 inside of a virtual machine.

No differences have been found. All email certificates that had been complained about in TB 60.5.1 are considered valid again.

Thunderbird package used for testing:
"https://ftp.mozilla.org/pub/thunderbird/releases/60.5.2/win32/en-US/Thunderbird Setup 60.5.2.exe"
(last modified: 2019-02-25, 05:01 pm)

Thank you for fixing this issue.

Thanks for the feedback!

You need to log in before you can comment on or make changes to this bug.