Closed Bug 1444444 Opened 3 years ago Closed 2 years ago

NSS accepts certificates with RSA-PSS signatures with SHA-1 MGF1 hash even if it is explicitly disallowed

Categories

(NSS :: Libraries, defect, P3)

3.41
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: hkario, Unassigned)

References

Details

Attachments

(2 files)

Attached file rsa pss signed certs
Description of problem:
When a certificate uses SHA-1 for MGF1 hash and SHA-256 for document hash in RSA-PSS signatures and the policy is set to disallow use of SHA-1 the certificate is still accepted.

Version:
3.34

Steps to Reproduce:
1. import certs.tar.gz/ca/cert.pem to ./clnt-db
2. import certs.tar.gz/md-server/{cert.pem,key.pem} as "md-server" to ./md-server-db
3. /usr/lib64/nss/unsupported-tools/selfserv -d sql:./md-server-db -p 4433 -rr -n md-server
4. set policy:
# To re-enable legacy algorithms, edit this file
# Note that the last empty line in this file must be preserved
library=
name=Policy
NSS=flags=policyOnly,moduleDB
config="disallow=md5:sha1 allow=DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023"

5. /usr/lib64/nss/unsupported-tools/tstclnt -d sql:./clnt-db -h localhost -p 4433

Actual results:
subject DN: CN=localhost
issuer  DN: O=Example CA
0 cache hits; 1 cache misses, 0 cache not reusable
0 stateless resumes
Received 0 Cert Status items (OCSP stapled data)


Expected results:
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
Priority: -- → P3
Thank you for the review.  Pushed as:
https://hg.mozilla.org/projects/nss/rev/c15f06c09e7d
Status: NEW → RESOLVED
Closed: 2 years ago
QA Contact: franziskuskiefer
Resolution: --- → FIXED
Version: 3.34 → 3.41
You need to log in before you can comment on or make changes to this bug.