mozilla::pkix's BuildCertChain doesn't fully validate the key of the passed-in certificate, because NSSCheckPublicKey doesn't

NEW
Unassigned

Status

()

Core
Security: PSM
P3
normal
3 years ago
2 months ago

People

(Reporter: briansmith, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-backlog])

Even after bug 1077790 is fixed, NSSCheckPublicKey won't be fully validating the public key. For example, it doesn't detect the case of an ECC public key where the public key point is not on the curve, as specified in [1]. This is because the arithmetic validity checks of public keys aren't done by SECKEY_ExtractPublicKey. Instead, they're done by PK11_ImportPublicKey and friends, which are never called by NSSCheckPublicKey.

NSSVerifySignedData *does* call PK11_ImportPublicKey, and so the key validity checks *are* done for every cert in the chain except the bottom (usually end-entity) one.

Once certificate validation succeeds, we usually end up using the public key to verify a signature or to do an RSA encryption operation, and then we'll validate the public keys during those operations, so as far as the critical uses of certificates in Gecko are concerned, this isn't a serious issue.

The practical effect of this bug is that a certificate might be validated successfully in the certificate viewer even when it has an invalid public key, but then be unusable for any operation, due to the invalid key.

[1] http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf
Whiteboard: [psm-backlog]
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.