[gnutls-devel] GnuTLS | GnuTLS does not verify the correctness of the parameters in a certificates signatureAlgorithm field (#1032)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jun 12 12:43:23 CEST 2020 


Immortalem created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1032



## Description of problem:
During TLS client certificate authentication GnuTLS accepts a leaf certificate that contains non NULL parameters in the signatureAlgorithm and signature fields even though the respective signature algorithm, in this case sha256withRSAEncryption, requires the parameters to be NULL.  

## Version of gnutls used:
3.6.13, 3.6.14

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Compiled from source after cloning the respective branch from GitHub


## How reproducible:

Steps to Reproduce:

 * Start `gnutls-serv` with 
    - [ROOTv3_CAv3_LEAF_RSAv3__leaf_certificate1.pem](/uploads/1712ccd3fd67ee3efd0dc0b3764bf80f/ROOTv3_CAv3_LEAF_RSAv3__leaf_certificate1.pem) for `--x509certfile`
    - [rsakey_2.pem](/uploads/20e983c02290ac8b02c8e527cfdb3345/rsakey_2.pem) for `--x509keyfile`
    - [root.pem](/uploads/efcc33c618ecfca6784ee40998ede142/root.pem) for `--x509cafile`
    - require client certificate `-r`
    - verify client certificate `--verify-client-cert`
 * Use OpenSSL `s_client` or similar tool to connect to the server using the following two certificates. This example uses OpenSSL.
    - `openssl s_client -connect localhost:4444 -cert ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters__leaf_certificate1.pem -key rsakey_2.pem -CAfile ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters__ca_certificate1.pem`
    - [ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters__leaf_certificate1.pem](/uploads/8e7782b17a8c4f9bd42c3065d15e4572/ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters__leaf_certificate1.pem)
    - [ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters__ca_certificate1.pem](/uploads/114c4b752b1ed62fb67b06588150ef95/ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters__ca_certificate1.pem)
    - [rsakey_2.pem](/uploads/20e983c02290ac8b02c8e527cfdb3345/rsakey_2.pem)



## Actual results:

GnuTLS considers the certificate valid even though it violates the specified values and proceeds with the handshake.

## Expected results:
GnuTLS should reject the certificate since it violates the [specification](https://tools.ietf.org/html/rfc3279#section-2.2.1).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1032
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200612/06f21121/attachment-0001.html>

More information about the Gnutls-devel mailing list