Open Bug 1005084 Opened 6 years ago Updated 5 months ago

Certificates with signature algorithm PKCS #1 RSA-PSS rejected by Firefox with NSS 3.16, error sec_error_bad_signature

Categories

(NSS :: Libraries, defect, P3)

3.16
defect

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Depends on 2 open bugs, Blocks 1 open bug)

Details

Attachments

(2 files)

The certificate at server https://demo.sharepoint-info.de/ is rejected with error sec_error_bad_signature

In order to see the bad signature error, it's necessary to import the root certificate.

Unfortunately, the bug reporters have asked us to keep the root and intermediate certificate confidential, which are required to fully reproduce the issue. It would be helpful if we could get permission to attach the intermediate CA to this public bug report.

I have the certificates in hand, and the vfychain utility also reports the bad certificate error.
Attached file demo.txt
text dump of server certificate
Attached file demo.pem
demo site certificate, PEM format
I'm trying to debug using vfychain. The error is set after calling CERT_VerifySignedData(), which returned SEC_ERROR_UNSUPPORTED_KEYALG
in vfy_CreateContext (key=0x645c40, sig=0x7fffffffd860, encAlg=SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg=SEC_OID_UNKNOWN, hash=0x7fffffffd85c, wincx=0x616540 <pwdata>) at secvfy.c:402

seckey_GetKeyType returned rsaPssKey. The switch(type) block doesn't handle it, and an error is returned.

Call stack:
#0  PR_SetError (code=-8144, osErr=0) at ../../../../pr/src/misc/prerror.c:25
#1  0x00007ffff7397de7 in PORT_SetError_Util (value=-8144) at secport.c:162
#2  0x00007ffff75e5003 in vfy_CreateContext (key=0x645c40, sig=0x7fffffffd860, encAlg=SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg=SEC_OID_UNKNOWN, hash=0x7fffffffd85c, wincx=0x616540 <pwdata>) at secvfy.c:402
#3  0x00007ffff75e5904 in vfy_VerifyData (buf=0x63fe94 "0\202\003B\240\003\002\001\002\002\023C", len=838, key=0x645c40, sig=0x7fffffffd860, encAlg=SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg=SEC_OID_UNKNOWN, hash=0x7fffffffd85c, 
    wincx=0x616540 <pwdata>) at secvfy.c:681
#4  0x00007ffff75e5ad5 in VFY_VerifyDataWithAlgorithmID (buf=0x63fe94 "0\202\003B\240\003\002\001\002\002\023C", len=838, key=0x645c40, sig=0x7fffffffd860, sigAlgorithm=0x63fbd0, hash=0x7fffffffd85c, wincx=0x616540 <pwdata>)
    at secvfy.c:731
#5  0x00007ffff75d9b3b in CERT_VerifySignedDataWithPublicKey (sd=0x63fbb8, pubKey=0x645c40, wincx=0x616540 <pwdata>) at certvfy.c:59
#6  0x00007ffff75d9c5d in CERT_VerifySignedData (sd=0x63fbb8, cert=0x642800, t=1399044591463858, wincx=0x616540 <pwdata>) at certvfy.c:114
#7  0x00007ffff75da537 in cert_VerifyCertChainOld (handle=0x6277e0, cert=0x63fba0, checkSig=1, sigerror=0x7fffffffda7c, certUsage=certUsageSSLServer, t=1399044591463858, wincx=0x616540 <pwdata>, log=0x7fffffffdc20, 
    revoked=0x7fffffffda80) at certvfy.c:459
#8  0x00007ffff75dadf5 in cert_VerifyCertChain (handle=0x6277e0, cert=0x63fba0, checkSig=1, sigerror=0x7fffffffda7c, certUsage=certUsageSSLServer, t=1399044591463858, wincx=0x616540 <pwdata>, log=0x7fffffffdc20, revoked=0x7fffffffda80)
    at certvfy.c:702
#9  0x00007ffff75dba2c in CERT_VerifyCertificate (handle=0x6277e0, cert=0x63fba0, checkSig=1, requiredUsages=2, t=1399044591463858, wincx=0x616540 <pwdata>, log=0x7fffffffdc20, returnedUsages=0x0) at certvfy.c:1192
#10 0x0000000000405613 in main (argc=8, argv=0x7fffffffdde8, envp=0x7fffffffde30) at vfychain.c:597
See also bug 158750 (and bug 215997 ?).
Depends on: 158750
mozilla::pkix has a whitelist of signature algorithms it supports, so in addition to whatever work is needed in NSS to add support for verifying PSS signatures, another bug to add PSS support to mozilla::pkix will be needed in order for Firefox to work with the PSS-based certificates. Also, the implications of bug 1054659 will need to be addressed before we add PSS support to mozilla::pkix.
Depends on: 1054659
The RSA-PSS signatures in NSS now (3.34) work, would it be possible to add rsa-pss signature type to the mozilla::pkix whitelist?
Flags: needinfo?(brian)
(In reply to Hubert Kario from comment #7)
> The RSA-PSS signatures in NSS now (3.34) work, would it be possible to add
> rsa-pss signature type to the mozilla::pkix whitelist?

mozilla::pkix is a different component.

I suggest to file a separate bug for product "Core" component "security PSM" to request this change (please reference this bug).
Actually there already is bug 1088140 filed, but I don't have the permission to mark this one as a dependency of if.
(In reply to Hubert Kario from comment #9)
> Actually there already is bug 1088140 filed, but I don't have the permission
> to mark this one as a dependency of if.

done
Blocks: 1088140
Priority: -- → P3
Flags: needinfo?(brian)
QA Contact: jjones
You need to log in before you can comment on or make changes to this bug.