Closed Bug 1042479 Opened 10 years ago Closed 10 years ago

mozilla::pkix does not support OID 1.3.14.3.2.29 (OIW's sha1WithRSASignature)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
33 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla34
Tracking Flags:
Tracking Status
firefox31 --- unaffected
firefox32 --- unaffected
firefox33 + verified
firefox34 + verified

People

(Reporter: raysatiro, Assigned: briansmith)

References

Details

(Keywords: regression)

Attachments

(3 files)

RSA1024 Firefox Test.zip
2.53 KB, application/octet-stream
Details
Re Object Identifiers Confusion now hath made his masterpiece.htm
12.49 KB, text/html
Details
add-support-for-old-OIW-OID.patch
3.35 KB, patch
keeler
: review+
Sylvestre
: approval-mozilla-aurora+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 20140722000501

Steps to reproduce:

In the latest Aurora I am not able to access websites that are signed by a CA using sha1/rsa1024.

gecko.mstone = 33.0a2
gecko.buildID = 20140722004002


Actual results:

I can no longer monitor web traffic using Fiddler. That may be because Fiddler's CA certificate uses sha1/rsa1024.

------------------
encrypted.google.com uses an invalid security certificate.

The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.

(Error code: sec_error_cert_signature_algorithm_disabled)
------------------

Fiddler's CA certificate is already trusted in Firefox as an authority. I clicked 'Add Exception' to add an exception for that particular site but it did nothing.



Expected results:

I understand that RSA 1024 is being phased out (https://wiki.mozilla.org/CA:MD5and1024) but I could use an option to override that. I have a feeling I'm going to find this is not just a problem with my Fiddler CAs.

Also it would be helpful to have an option for testing purposes that I could use to override when there's _any_ error in a certificate chain regardless of the error. Like a "I know what I'm doing" button or something. Thanks
Component: Untriaged → Security
[Tracking Requested - why for this release]:
tracking-firefox33: --- → ?
Component: Security → Security: PSM
Keywords: regression
Product: Firefox → Core
Even if we did want to support 1024 bit certs, we are pinning *.google.com in FF 33, so this wouldn't work unless you installed your Fiddler cert as a trust anchor anyway.

https://mxr.mozilla.org/mozilla-aurora/source/security/manager/boot/src/StaticHPKPins.h#835
(In reply to [:mmc] Monica Chew (please use needinfo) from comment #2)
> Even if we did want to support 1024 bit certs, we are pinning *.google.com
> in FF 33, so this wouldn't work unless you installed your Fiddler cert as a
> trust anchor anyway.

Nevermind, I see from your initial bug report that you already did this.
 (In reply to Ray Satiro from comment #0)
> User Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
> Firefox/24.0 (Beta/Release)
> Build ID: 20140722000501
> 
> Steps to reproduce:
> 
> In the latest Aurora I am not able to access websites that are signed by a
> CA using sha1/rsa1024.
> 
> gecko.mstone = 33.0a2
> gecko.buildID = 20140722004002
> 
> 
> Actual results:
> 
> I can no longer monitor web traffic using Fiddler. That may be because
> Fiddler's CA certificate uses sha1/rsa1024.
> 
> ------------------
> encrypted.google.com uses an invalid security certificate.
> 
> The certificate is not trusted because it was signed using a signature
> algorithm that was disabled because that algorithm is not secure.
> 
> (Error code: sec_error_cert_signature_algorithm_disabled)
> ------------------
> 
> Fiddler's CA certificate is already trusted in Firefox as an authority. I
> clicked 'Add Exception' to add an exception for that particular site but it
> did nothing.
> 
> 
> 
> Expected results:
> 
> I understand that RSA 1024 is being phased out
> (https://wiki.mozilla.org/CA:MD5and1024) but I could use an option to
> override that. I have a feeling I'm going to find this is not just a problem
> with my Fiddler CAs.
> 
> Also it would be helpful to have an option for testing purposes that I could
> use to override when there's _any_ error in a certificate chain regardless
> of the error. Like a "I know what I'm doing" button or something. Thanks

Can you please post the Fiddler CA here?
Ray can you please attach the CA that you are using to this bug?
Flags: needinfo?(raysatiro)
(In reply to Camilo Viecco (:cviecco) from comment #5)
> Ray can you please attach the CA that you are using to this bug?

Sure. I've attached two certificates, a Fiddler CA certificate and a localhost certificate that I signed with the CA. To reproduce:

Command window:
socat openssl-listen:4433,reuseaddr,cert=localhost.pem,verify=0,fork -

Aurora:
Options > Advanced > Certificates > View Certificates > Authorities > Import > FiddlerRoot.cer
Go to https://localhost:4433/ and you'll see error sec_error_cert_signature_algorithm_disabled.
Flags: needinfo?(raysatiro)
Firefox is working as expected (we are now being more strict about certificate encodings) . Here is the problem:

The OID for the signature type is incorrect. It is set to 1.3.14.3.2.29 (which is an obsolete value  ({iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) sha-1WithRSAEncryption(29)})) the OID you want is 1.2.840.113549.1.1.5 ( sha1WithRSAEncryption ::= {pkcs-1 5}) (see rfc 5280 section 4.1.1.2, which will point you to: rfc 3279 section 2.2.1). 

This happens both in the CA and the End-entitity certificates.

Also, your CA certs have negative serial values (which I think is OK for now) but that I would fix. 

It seems this is a bug on the certificate generation in fiddler.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Ok thanks for the detail. I will forward your comments to the developer. I filed this bug though because I would like an option to override that behavior, and also an option to override really any block. For some https websites I really don't care if some signer or something in the chain is bad I just need access to the information. That add exception button doesn't always work. Can you consider that? Thanks
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
The certificates in question are generated by Microsoft's makecert.exe, which has been used by a huge number of developers for over a decade. If you truly intend to reject all such certificates, you may wish to more carefully weigh the compatibility impact of doing so.
See also https://www.mail-archive.com/asn1@oss.com/msg01402.html and bug 405966.

OID 1.3.36.3.3.1.1 (rsaSignatureWithsha1) is another one to investigate.
Assignee: nobody → brian
Status: UNCONFIRMED → NEW
status-firefox31: --- → unaffected
status-firefox32: --- → unaffected
status-firefox33: --- → affected
status-firefox34: --- → affected
Ever confirmed: true
See Also: → 405966
Summary: Cert using sha1/rsa1024 doesn't work. Allow for override of sec_error_cert_signature_algorithm_disabled → mozilla::pkix does not support the 1.3.14.3.2.29 (OIW's sha-1WithRSAEncryption)
Target Milestone: --- → mozilla34
(In reply to Eric from comment #9)
> The certificates in question are generated by Microsoft's makecert.exe,
> which has been used by a huge number of developers for over a decade.

Thanks. This is helpful to know. Do you know if makecert uses other OIW or non-IETF-standard OIDs for signature or hash algorithms? Is this documented somewhere?
Flags: needinfo?(ericlaw1979)
Summary: mozilla::pkix does not support the 1.3.14.3.2.29 (OIW's sha-1WithRSAEncryption) → mozilla::pkix does not support OID 1.3.14.3.2.29 (OIW's sha-1WithRSAEncryption)
Hey, Brian-- Unfortunately, I no longer have access to the makecert.exe sources. Its flags include the following that might map to legacy OIDs:

-a - Algorithm. Choices are md5|sha1|sha256|sha384|sha512
-iky - Issuer key type (signature|exchange|<int>)
-sky - Subject key type (signature|exchange|<int>)
-$ - Signing authority (individual|commercial)
-cy - Certificate type (end|authority)
-eku - Comma-separated list of EKU OIDs
-nscp - Include Netscape client auth extension
Flags: needinfo?(ericlaw1979)
Status: NEW → ASSIGNED
The OIW OIDs were documented in http://www.oiw.org/agreements/stable/12s-9412.txt, which no longer works. This old IETF-PKIX mailing list message is the documents the OID:
http://www.imc.org/ietf-pkix/old-archive-97/msg01166.html. I am attaching that message to the bug in case img.org ever stops hosting the oild IETF-PKIX mailing list archive.
Summary: mozilla::pkix does not support OID 1.3.14.3.2.29 (OIW's sha-1WithRSAEncryption) → mozilla::pkix does not support OID 1.3.14.3.2.29 (OIW's sha1WithRSASignature)
Tracking because it might break quite a few websites.
tracking-firefox33: ?+
tracking-firefox34: --- → +
Comment on attachment 8467413 [details] [diff] [review]
add-support-for-old-OIW-OID.patch

Review of attachment 8467413 [details] [diff] [review]:
-----------------------------------------------------------------

r=me
Attachment #8467413 - Flags: review?(dkeeler) → review+
Comment on attachment 8467413 [details] [diff] [review]
add-support-for-old-OIW-OID.patch

Approval Request Comment
[Feature/regressing bug #]: bug 1036107
[User impact if declined]: Some HTTPS websites will not work.
[Describe test coverage new/current, TBPL]: There are automated tests, including a new automated test for this bug.
[Risks and why]: Very Low.
[String/UUID change made/needed]: None.
Attachment #8467413 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/19bd60030de4
Status: ASSIGNED → RESOLVED
Closed: 10 years ago10 years ago
status-firefox34: affectedfixed
Flags: in-testsuite+
Resolution: --- → FIXED
Attachment #8467413 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Using the instructions in comment 6:

Confirmed issue in Fx33, 2014-08-10.
Verified fixed in Fx33 and Fx34, 2014-08-22.
Status: RESOLVED → VERIFIED
status-firefox33: fixedverified
status-firefox34: fixedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: