Working around wrong algorithm specification in certificates

Wed Jul 21 00:58:12 CEST 2010

Nikos Mavrogiannopoulos wrote, On 07/20/2010 01:33 PM:
> On Tue, Jul 20, 2010 at 1:07 PM, Mads Kiilerich<mads at kiilerich.com>  wrote:
>>> Do you want to fix the certificate or just read it? If you want to
>>> read it open gnutls_algorithms.c and add an extra entry to
>>> pk_algorithms structure for RSA with the OID you describe. Then you
>>> should be able to read the key. If you want to "fix" it I think this
>>> is as easy as regenerating it.
>> The application has to be able to read such certificates. That is how
>> windows creates certificates for terminal services...
>> I would like to able to use the gnutls library installed on the system, so
>> patching gnutls source isn't really an option. There is no other way to do
>> it?
> Since it is a certificate you cannot modify it without breaking the
> signature.

Right. But the challenge is to convince gnutls to parse it and tell me 
what it parsed. If that involves making a copy and hacking it so it 
breaks then that is fine - as long as it reveals the key.

> The most straightforward way to fix that is to (1) fix the
> one who is generating the wrong certificates, (2) fix the one who is
> reading them to account for the broken ones.

1 is unfortunately not an option.

My goal is to do 2 by using gnutls as it is installed as shared library 
on systems. Requiring 2.10.1 would be OK ;-)

>> You don't want to pollute your code with workarounds or flexibility for
>> stupid bugs like this?
> I was thinking about your copy of gnutls :) If the fix works and the
> problem is general the workaround might be included in the gnutls code
> as well. I've seen quite some implementations putting wrong OIDs here
> and there, and working around those practices is not that exceptional
> any more.

This patch works for me and 2.10.0:

--- gnutls-2.10.0/lib/gnutls_algorithms.c.org   2010-07-20 
22:57:35.000000000 +0200
+++ gnutls-2.10.0/lib/gnutls_algorithms.c       2010-07-20 
22:57:07.000000000 +0200
@@ -2125,6 +2125,7 @@
    {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
    {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, 0},
    {"GOST R 34.10-94", PK_GOST_R3410_94_OID, 0},
+  {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA},
    {0, 0, 0}
  };

I can see that you added PK_X509_RSA_OID since 2.10.0. Could this 
perhaps be added too?

There is also anecdotical evidence that SIG_RSA_SHA1_OID needs the same 
treatment. I haven't seen that, but getting both fixed at once could be 
great.

/Mads


