f6094e05ef
OpenSSL accepts both OID 2.5.8.1.1 and OID 1.2.840.113549.1.1.1 for RSA public keys. The latter comes from RFC 3279 and is widely implemented. The former comes from the ITU-T version of X.509. Interestingly, 2.5.8.1.1 actually has a parameter, which OpenSSL ignores: rsa ALGORITHM ::= { KeySize IDENTIFIED BY id-ea-rsa } KeySize ::= INTEGER Remove support for 2.5.8.1.1 completely. In tests with a self-signed certificate and code inspection: - IE11 on Win8 does not accept the certificate in a TLS handshake at all. Such a certificate is fatal and unbypassable. However Microsoft's libraries do seem to parse it, so Chrome on Windows allows one to click through the error. I'm guessing either the X.509 stack accepts it while the TLS stack doesn't recognize it as RSA or the X.509 stack is able to lightly parse it but not actually understand the key. (The system certificate UI didn't display it as an RSA key, so probably the latter?) - Apple's certificate library on 10.11.2 does not parse the certificate at all. Both Safari and Chrome on Mac treat it as a fatal and unbypassable error. - mozilla::pkix, from code inspection, does not accept such certificates. However, Firefox does allow clicking through the error. This is likely a consequence of mozilla::pkix and NSS having different ASN.1 stacks. I did not test this, but I expect this means Chrome on Linux also accepts it. Given IE and Safari's results, it should be safe to simply remove this. Firefox's data point is weak (perhaps someone is relying on being able to click-through a self-signed 2.5.8.1.1 certificate), but it does further ensure no valid certificate could be doing this. The following is the 2.5.8.1.1 certificate I constructed to test with. The private key is key.pem from ssl/test/runner: -----BEGIN CERTIFICATE----- MIICVTCCAb6gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGcMAoGBFUIAQECAgQAA4GNADCBiQKBgQDY K8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAj kXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28t Q+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4E FgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6 Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAIZuUICtYv w3cbpCGX6HNCtyI0guOfbytcdwzRkQaCsYNSDrTxrSSWxHwqg3Dl/RlvS+T3Yaua Xkioadstwt7GDP6MwpIpdbjchh0XZd3kjdJWqXSvihUDpRePNjNS2LmJW8GWfB3c F6UVyNK+wcApRY+goREIhyYupAHUexR7FQ== -----END CERTIFICATE----- BUG=522228 Change-Id: I031d03c0f53a16cbc749c4a5d8be6efca50dc863 Reviewed-on: https://boringssl-review.googlesource.com/6852 Reviewed-by: Adam Langley <alangley@gmail.com> |
||
---|---|---|
.. | ||
aead.h | ||
aes.h | ||
arm_arch.h | ||
asn1_mac.h | ||
asn1.h | ||
asn1t.h | ||
base64.h | ||
base.h | ||
bio.h | ||
blowfish.h | ||
bn.h | ||
buf.h | ||
buffer.h | ||
bytestring.h | ||
cast.h | ||
chacha.h | ||
cipher.h | ||
cmac.h | ||
conf.h | ||
cpu.h | ||
crypto.h | ||
curve25519.h | ||
des.h | ||
dh.h | ||
digest.h | ||
dsa.h | ||
dtls1.h | ||
ec_key.h | ||
ec.h | ||
ecdh.h | ||
ecdsa.h | ||
engine.h | ||
err.h | ||
evp.h | ||
ex_data.h | ||
hkdf.h | ||
hmac.h | ||
lhash_macros.h | ||
lhash.h | ||
md4.h | ||
md5.h | ||
mem.h | ||
obj_mac.h | ||
obj.h | ||
objects.h | ||
opensslfeatures.h | ||
opensslv.h | ||
ossl_typ.h | ||
pem.h | ||
pkcs7.h | ||
pkcs8.h | ||
pkcs12.h | ||
poly1305.h | ||
pqueue.h | ||
rand.h | ||
rc4.h | ||
rsa.h | ||
safestack.h | ||
sha.h | ||
srtp.h | ||
ssl3.h | ||
ssl.h | ||
stack_macros.h | ||
stack.h | ||
thread.h | ||
time_support.h | ||
tls1.h | ||
type_check.h | ||
x509_vfy.h | ||
x509.h | ||
x509v3.h |