[gnutls-devel] GnuTLS | Apparent failure to accept SHA1 signature of root CA when using SECURE256 (#1348)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Mar 30 16:57:33 CEST 2022
Richard Frith-Macdonald commented:
_gnutls_x509_cert_verify_peers() calls gnutls_x509_trust_list_verify_crt2() with a list of three certificates.
This uses shorten_clist() to remove the last (root) certificate and then (at verify-high.c:1587) calls _gnutls_verify_crt_status() with the first and second certificates and using the trusted_cas from the issuer of the second certificate (the root).
This then calls verify_crt() with the second (intermediate) certificate. The function gets the issuer (third cert) and at line 810 calls is_level_acceptable(), which calls _gnutls_sign_is_secure2(), which calls _gnutls_digest_is_insecure2() in the third (root/issuer) certificate, causing is_level_acceptable() to return false.
When that happens, the local variable 'out' is set to 258 (marking the third certificate as having an invalid signature).
Later on in verify_crt() (line 847) the bits in 'out' are returned to the caller where they become part of the failure status of the verification.
Back in gnutls_x509_trust_list_verify_crt2() SIGNER_OLD_OR_UNKNOWN() returns true so we get to line 1601. It looks to me like the problem here is that the code is now looking for the second (intermediate) certificate in the trusted list rather than the third one. Either because it shortened the list earlier on, or because it is mistakenely calling hash_pjw_bare() using raw_dn rather than raw_issuer_dn
So I'm pretty sure the bug is at that point, but I don't know how it should be fixed.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1348#note_894761904
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel