Open fishsoupisgood opened 3 years ago
From reading the history of #13143 it seems that the mechancial change to use ASN1_IMP_SET_OF
instead of ASN1_IMP_SEQUENCE_OF
is straightforward and trivial, and that the actual framing of the encoded bits is the same, so that an encoded SET OF can be parsed as SEQUENCE of with no issue. The reverse direction (taking something encoded as SEQUENCE OF and parsing it as SET OF) will only sometimes succeed, since the DER rules for SET require the elements to be sorted by tag order, and a sequence will not necessarily have that property.
The history of the PR suggests that the simple change caused some unit tests to fail, which may be due to their reliance on the order of entries being preserved with a round trip through the en/decoder, or it may be due to old existing files created using the sequence encoding failing to parse as sets (I don't remember if our parser is strict about checking the sorted nature). However, the actual CI jobs are not visible anymore so I don't have any direct insight there. In either case, more code than just the trivial structure definition replacement will be needed to produce a workable solution.
so that an encoded SET OF can be parsed as SEQUENCE of with no issue
Yup. This isn't true in general, but it's true here because this particular SET OF type is implicitly-tagged. That meant the underlying type's tag never appeared in the encoding, but was still relevant for other encoding rules.
or it may be due to old existing files created using the sequence encoding failing to parse as sets (I don't remember if our parser is strict about checking the sorted nature)
I don't believe OpenSSL's parser enforces this. It's pretty lax and doesn't enforce most things, especially DER-only checks.
Marking as inactive, to be closed at the end of 3.4 dev barring further input.
TL;DR as of Tuesday Oct 13 Microsoft's wintrust.dll is being very strict in its parsing of DER encoded PKCS7 data and is rejecting signatures made by openssl.
The root cause is that, in the DER encoding, the SET OF certificates in openssl generated PKCS7 signed-data isn't correctly sorted.
RFC2315 §9.1 says:
where (§6.6)
ITU X.690 §11.6 states:
Yet the attached test program generates the following asn.1
which violates the X.690 §11.6 requirement.
test.c.txt asn1.txt