Closed Bug 1531735 Opened 5 years ago Closed 1 year ago

Treat signed S/MIME messages that use a MD5 digest as insecure

Categories

(MailNews Core :: Security: S/MIME, enhancement)

Thunderbird 112
enhancement

Tracking

(thunderbird_esr102 affected)

RESOLVED FIXED
112 Branch
Tracking Status
thunderbird_esr102 --- affected

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

(Whiteboard: [TM:112])

Attachments

(1 file, 1 obsolete file)

Let's see if we can disable support for MD5 with S/MIME.

The most recent RFC for S/MIME suggests that MD5 should be supported for backwards compatibility.
https://tools.ietf.org/html/rfc5751

However, the RFC is already 9 years old, and MD5 is considered weak.

The NSS CMS test script nss/tests/smime/smime.sh has apparently never tested the use of MD5 according to the revision history of the script, since 2000.

See Also: → 1531739
Attached patch 1531735-v1.patch (obsolete) — Splinter Review
Assignee: nobody → kaie
Summary: Disable support for MD5 in S/MIME → Treat signed S/MIME messages that use a MD5 digest as insecure
See Also: → 1532292

Ready for review?

Severity: normal → S3
Duplicate of this bug: 1808118

We should probably move ahead here?

Flags: needinfo?(kaie)
See Also: → 84213

Yes, it's time to fix the bug.

However, the patch isn't good. I've just tested, and it results in the message contents not being shown.
We need a patch that will cause the signature to be shown as bad/broken, but still show the message contents.

Flags: needinfo?(kaie)
Attachment #9047692 - Attachment is obsolete: true

Actually, we can simply treat the message as not being signed at all.

Adding dependency on bug 1630688, because in that bug I'm adding code for ignoring an S/MIME signature.

Depends on: 1630688
Attachment #9312500 - Attachment description: Bug 1531735 - Ignore S/MIME signatures that use the MD5 hash algorithm. r=mkmelin → Bug 1531735 - Ignore S/MIME signatures that use the MD5 hash algorithm. r=darktrojan

We need to postpone landing until I can fix the test regression in the dependent bug.

Flags: needinfo?(kaie)

I've had to change the dependency patch to report status as broken. Not ignoring, but reporting as bad, seems fine (or better) for this scenario, too. I'll update the revision (renamed variable).

Flags: needinfo?(kaie)
Attachment #9312500 - Attachment description: Bug 1531735 - Ignore S/MIME signatures that use the MD5 hash algorithm. r=darktrojan → Bug 1531735 - Reject S/MIME signatures that use the MD5 hash algorithm. r=mkmelin

I don't have test messages for MD5 currently.
However, I do have test messages for SHA-1 (bug 1532292).

I think we should handle SHA-1 in a separate step, but while I'm working on this one, it's easy to create the patch for bug 1532292 already, and with that I can test whether this approach is generally working.

I found that this patch still has the effect of hiding the signature.
But showing a broken signature might be better.

The patch is insufficient, because it only handles multipart/signed, it doesn't handle the opaque signing content type.

Depends on: 1815246

Patch updated to fix opaque signing, too.
However, now this works depends on getting a new NSS release uplifted, which needs to export an additonal API.

Landing this fix must wait until Thunderbird 112, because the NSS version 3.88 that targets FF/TB 111 is already in API freeze.

Needinfo for myself, request landing this after mozilla-central has received an NSS 3.89 Beta snapshot.

Flags: needinfo?(kaie)
Depends on: 1815435
Whiteboard: [TM:112]

Ready for landing.

Flags: needinfo?(kaie)
Status: NEW → ASSIGNED
Target Milestone: --- → 112 Branch
Version: unspecified → Thunderbird 112

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/9b819c74e061
Reject S/MIME signatures that use the MD5 hash algorithm. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: