[gnutls-devel] DER decoding errors due to time format

Kurt Roeckx kurt at roeckx.be
Mon May 29 21:48:02 CEST 2017


On Mon, May 29, 2017 at 09:53:26AM +0200, Nikos Mavrogiannopoulos wrote:
> On Thu, May 11, 2017 at 6:46 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> > On Wed, May 10, 2017 at 02:07:55PM +0200, Nikos Mavrogiannopoulos wrote:
> >> On Wed, May 10, 2017 at 2:06 PM, Nikos Mavrogiannopoulos
> >> <n.mavrogiannopoulos at gmail.com> wrote:
> >> > On Tue, May 9, 2017 at 8:47 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> >> >> On Tue, May 09, 2017 at 02:48:08PM +0200, Nikos Mavrogiannopoulos wrote:
> >> >>> Hi,
> >> >>>  gnutls 3.5.x is more strict in certificate decoding and performs
> >> >>> various checks in the Time fields to ensure they are properly DER
> >> >>> formatted. However, it is seems that this caused regressions with
> >> >>> certain certificates generated by ovirt as seen in [0]. I am not sure
> >> >>> which software was used to generate the problematic ones, however, it
> >> >>> is most likely openssl, or some other open source software. Are you
> >> >>> aware of other or similar decoding issues which were a result of 3.5.x
> >> >>> being more strict in DER rules?
> >> >>>
> >> >>> The options we have are:
> >> >>>  1. Ignore the error and insist on DER correctness in input certificates.
> >> >>>  2. Allow incorrect formatted time fields in certificates
> >> >>> unconditionally, e.g., with a special libtasn1 flag:
> >> >>> https://gitlab.com/gnutls/libtasn1/commit/16bad0c72dcdfbe5512cdd6b46b251ab7484e5dc
> >> >>>
> >> >>> any other option I've missed? While I favor the first for its
> >> >>> simplicity, reality has shown over the years we must yield towards the
> >> >>> 'work' part.
> >> >>
> >> >> NSS is strict in what it accepts. We've recently changed openssl to be
> >> >> more strict too (commit 80770da39ebba0101079477611b7ce2f426653c5,
> >> >> https://github.com/openssl/openssl/issues/2620), but maybe not
> >> >> strict enough yet.
> >> >
> >> > Thank you, that is really helpful. It seems that Kurt
> >>
> >> Sorry, I meant to write Tim here!
> >
> > And today someone filed this in Debian:
> > https://bugs.debian.org/862335
> 
> I have a patch set which will tolerate incorrectly formatted dates to
> work around these issues in openssl:
> https://gitlab.com/gnutls/gnutls/merge_requests/400
> 
> I am still not sure that tolerating invalid formatted data is a good
> thing, however, in case of infrastructure already deployed based on
> openssl tools, there is not much an administrator/user can do. What
> I'm thinking to do is set a cut-off date after which the original
> strict behavior will be re-instated, though I cannot see how would
> that help eliminating that issue.

At least on the OpenSSL side we'll work on not allowing to create
such invalid files anymore.


Kurt




More information about the Gnutls-devel mailing list