Bug 1534772 - org.mozilla.jss.pkix.primitive.AlgorithmIdentifier decode/encode process alters original data
Summary: org.mozilla.jss.pkix.primitive.AlgorithmIdentifier decode/encode process alte...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: jss
Version: 7.5
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Christina Fu
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On: 1534771
Blocks: 1595759
TreeView+ depends on / blocked
 
Reported: 2018-01-15 22:51 UTC by Matthew Harmsen
Modified: 2018-10-30 11:01 UTC (History)
14 users (show)

Fixed In Version: jss-4.4.4-3.el7
Doc Type: Bug Fix
Doc Text:
See Doc Text in BZ#1595759.
Clone Of: 1534771
: 1595759 (view as bug list)
Environment:
Last Closed: 2018-10-30 11:00:36 UTC
Target Upstream Version:


Attachments (Terms of Use)
patch to fix AlgorithmIdentifier properly (1.81 KB, patch)
2018-06-27 01:13 UTC, Christina Fu
jmagne: review+
Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3188 None None None 2018-10-30 11:01:21 UTC
Mozilla Foundation 830781 None None None 2019-07-10 07:59:43 UTC

Description Matthew Harmsen 2018-01-15 22:51:59 UTC
+++ This bug was initially created as a clone of Bug #1534771 +++

If you have an AlgorithmIdentifier in encoded form such as:
SEQUENCE {
    OBJECT IDENTIFIER '1.2.3.4'
}

decode it into an org.mozilla.jss.pkix.primitive.AlgorithmIdentifier object then encode that back into bytes you will end up with:
SEQUENCE {
    OBJECT IDENTIFIER '1.2.3.4'
    NULL
}

This is due to the decoding template in AlgorithmIdentifier class which takes the optional second element of the decoded sequence (which would be a normal Java null when presented with encoded form of my first example) and calls the 2 parameter AlgorithmIdentifier constructor (http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java#103).   Doing this will turn the java null into a JSS PKIX NULL object (http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java#43) and add it to the sequence to be encoded should that method then be called.

Apparently this code has been like this since first checked in many years ago and as such would affect all versions of Mozilla's JSS.  If you are working with DER encoded data such as this you end up altering it slightly if you decode/re-encode pieces of it and could end up invalidating signatures on signed data since it has been modified.

I'm not on development machine to generate a valid patch but a fix would be as simple as checking the actual value of seq.elementAt(1) in the decode method (http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java#105) and if the value is a Java null, meaning nothing at all was in the encoded form in the first place, then call the 1 arg constructor, else call the 2 arg constructor.

A simple test case is to construct an AlgorithmIdentifier with the 1 arg constructor and encode it to a byte[].  Decode the byte[] back into AlgorithmIdentifier object and encode to a second byte[]. Compare the resulting byte[] to the original.  You will see the second byte array has an additional ASN.1 encoded NULL (hex bytes: 05 00) in it.

Comment 4 Christina Fu 2018-06-27 01:13:35 UTC
Created attachment 1454843 [details]
patch to fix AlgorithmIdentifier properly

This patch provide fix for this reported bug as well as https://bugzilla.redhat.com/show_bug.cgi?id=1575725, which in retrospect was mislead by the reported EC issue and came in the wrong angle. The fix in 1575725 is reverted and new fix provided.

Comment 5 Christina Fu 2018-06-27 01:15:06 UTC
I think the patch fixes the following bug as well:
https://bugzilla.redhat.com/show_bug.cgi?id=1591979

Comment 6 Jack Magne 2018-06-27 01:34:39 UTC
Comment on attachment 1454843 [details]
patch to fix AlgorithmIdentifier properly

Looks good.

Comment 7 Christina Fu 2018-06-27 01:41:14 UTC
commit 8fc2c37b3a7af8df7da0365c23f0553febb36905 (HEAD -> master, Ticket-12-AlgorithmIdEncodeDecode)
Author: Christina Fu <cfu@redhat.com>
Date:   Tue Jun 26 17:59:28 2018 -0700

    Ticket 12 AlgorithmIdentifier decode/encode process alters original data
    
    This patch provides fix to ensure that the encoding and decoding of an AlgorithmIdentifier
    structure would not alter the data.
    
    credit: original fix suggestion provided by david.k.stutzman2.ctr@mail.mil
    
    fixes https://pagure.io/jss/issue/12

Comment 9 Christina Fu 2018-06-27 01:49:17 UTC
*** Bug 1591979 has been marked as a duplicate of this bug. ***

Comment 12 Christina Fu 2018-06-28 18:43:26 UTC
(In reply to Christina Fu from comment #5)
> I think the patch fixes the following bug as well:
> https://bugzilla.redhat.com/show_bug.cgi?id=1591979

actually no.  I was looking at wrong file at that time.

Comment 14 Sumedh Sidhaye 2018-08-16 12:30:42 UTC
Build used for verification:

root@csqa4-guest01 BZ1534772 # rpm -qi jss
Name        : jss
Version     : 4.4.4
Release     : 3.el7
Architecture: x86_64
Install Date: Sun 12 Aug 2018 04:21:00 AM EDT
Group       : Unspecified
Size        : 1456493
License     : MPLv1.1 or GPLv2+ or LGPLv2+
Signature   : RSA/SHA256, Mon 16 Jul 2018 04:07:45 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : jss-4.4.4-3.el7.src.rpm
Build Date  : Mon 16 Jul 2018 03:48:21 PM EDT
Build Host  : x86-038.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://www.dogtagpki.org/wiki/JSS
Summary     : Java Security Services (JSS)
Description :
Java Security Services (JSS) is a java native interface which provides a bridge
for java-based applications to use native Network Security Services (NSS).
This only works with gcj. Other JREs require that JCE providers be signed.

Verification procedure as mentioned in:
https://bugzilla.redhat.com/show_bug.cgi?id=1547802#c2

CMC Enrollment Procedure (User Signed)
PKCS10Client -d /tmp/nssdb/ -p SECret.123 -n "cn=foo bar, uid=foobar" -o pkcs10.req
CMCRequest cmc-p10-user-signed.cfg
HttpClient HttpClient-cmc-p10-user-signed.cfg
CMCResponse -i cmc.pkcs10Resp 


root@csqa4-guest01 BZ1534772 # CMCResponse -d /tmp/nssdb/ -v -i cmc.pkcs10Resp -o cmc.p10-ec.resp.pem
Cert:0
MIICbTCCAhOgAwIBAgIEBNyHeTAKBggqhkjOPQQDAjBeMRowGAYDVQQKDBFFeGFt
cGxlLXJoY3M5NC1DQTEfMB0GA1UECwwWcmhjczk0LUNBLUVDQy1zc2lkaGF5ZTEf
MB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xODA4MTYwNjE4MzNa
Fw0zODA4MTYwNjE4MzNaMF4xGjAYBgNVBAoMEUV4YW1wbGUtcmhjczk0LUNBMR8w
HQYDVQQLDBZyaGNzOTQtQ0EtRUNDLXNzaWRoYXllMR8wHQYDVQQDDBZDQSBTaWdu
aW5nIENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsTM553I3
pCh9Jsh/TZ1fSe+lZ2eO1Lc3QTfjKhMNVp+xfeRex4nREJ5tx/JuWdCYc0Tbeu1E
Q6Xpfe1zdWdAp6OBvjCBuzAfBgNVHSMEGDAWgBQmboy2M/xb3/utPTICRoOaHeIR
VzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUJm6M
tjP8W9/7rT0yAkaDmh3iEVcwWAYIKwYBBQUHAQEETDBKMEgGCCsGAQUFBzABhjxo
dHRwOi8vY3NxYTQtZ3Vlc3QwMS5pZG0ubGFiLmVuZy5yZHUucmVkaGF0LmNvbTo4
MDgwL2NhL29jc3AwCgYIKoZIzj0EAwIDSAAwRQIhALwydUQtwemyD0nG16vfqC41
Iti2WkACJ43gbc/3V+uMAiB+xr5rsFoM0FsgRgC6jxbiOms6WtW/ZVCmsJYxrut4
mQ==

===
Cert:1
MIIC9zCCAp2gAwIBAgIEAcl7XzAKBggqhkjOPQQDAjBeMRowGAYDVQQKDBFFeGFt
cGxlLXJoY3M5NC1DQTEfMB0GA1UECwwWcmhjczk0LUNBLUVDQy1zc2lkaGF5ZTEf
MB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xODA4MTYxMjEyMzRa
Fw0xOTAyMTIxMzEyMzRaMC4xEjAQBgNVBAMMCVRlc3QgVXNlcjEYMBYGCgmSJomT
8ixkAQEMCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
sRyWm8NA0KnzAfbmUrs94nwp20EAVZO8x0R/zmwbMq31ymoMB6xt89RlbCQeqkko
sflnKOdk4imelVdTh+JFtz9pd87aXzpI0F6O4w8IwzboAj6qPf6LMYTEpfm/FsdD
ScX/IkUg0jkcVblUx5/mF8ycRZycu0ttRFYwEqbWvWQLkH1t6pPDNkk2JNQcC6VZ
qBLGrTNCzQnPZ9sbtX8BHrBXnXiZFkuEeBd+HeLWMxq4Ne9xZWgR0tmAPB/XIZi9
hK0bzhm5STki7mrGtnwR/s1M+fAqOkfM1AWFuDlOH6gMbwjiaEOhObF13jY2RP8p
xvl/vEFz4PpBJcsi9A2QsQIDAQABo4GtMIGqMB8GA1UdIwQYMBaAFCZujLYz/Fvf
+609MgJGg5od4hFXMFgGCCsGAQUFBwEBBEwwSjBIBggrBgEFBQcwAYY8aHR0cDov
L2NzcWE0LWd1ZXN0MDEuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206ODA4MC9j
YS9vY3NwMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
BQUHAwQwCgYIKoZIzj0EAwIDSAAwRQIhAORm+xRycQ055CGZeBHCRzP6crazkkk6
Lb9jnfj+M6sDAiAknGOkaYn8pxQfO4wfy8DO4YsWKEuTwQDByuhH/NxuNA==

===
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x4DC8779
            Signature Algorithm: SHA256withEC - 1.2.840.10045.4.3.2
            Issuer: CN=CA Signing Certificate,OU=rhcs94-CA-ECC-ssidhaye,O=Example-rhcs94-CA
            Validity: 
                Not Before: Thursday, August 16, 2018 2:18:33 AM EDT America/New_York
                Not  After: Monday, August 16, 2038 2:18:33 AM EDT America/New_York
            Subject: CN=CA Signing Certificate,OU=rhcs94-CA-ECC-ssidhaye,O=Example-rhcs94-CA
            Subject Public Key Info: 
                Algorithm: EC - 1.2.840.10045.2.1
                Public Key: 
                    04:B1:33:39:E7:72:37:A4:28:7D:26:C8:7F:4D:9D:5F:
                    49:EF:A5:67:67:8E:D4:B7:37:41:37:E3:2A:13:0D:56:
                    9F:B1:7D:E4:5E:C7:89:D1:10:9E:6D:C7:F2:6E:59:D0:
                    98:73:44:DB:7A:ED:44:43:A5:E9:7D:ED:73:75:67:40:
                    A7
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        26:6E:8C:B6:33:FC:5B:DF:FB:AD:3D:32:02:46:83:9A:
                        1D:E2:11:57
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: yes 
                    Is CA: yes 
                    Path Length Constraint: UNLIMITED
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key CertSign 
                        Crl Sign 
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        26:6E:8C:B6:33:FC:5B:DF:FB:AD:3D:32:02:46:83:9A:
                        1D:E2:11:57
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4A:30:48:06:08:2B:06:01:05:05:07:30:01:86:3C:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:31:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        38:30:38:30:2F:63:61:2F:6F:63:73:70
        Signature: 
            Algorithm: SHA256withEC - 1.2.840.10045.4.3.2
            Signature: 
                30:45:02:21:00:BC:32:75:44:2D:C1:E9:B2:0F:49:C6:
                D7:AB:DF:A8:2E:35:22:D8:B6:5A:40:02:27:8D:E0:6D:
                CF:F7:57:EB:8C:02:20:7E:C6:BE:6B:B0:5A:0C:D0:5B:
                20:46:00:BA:8F:16:E2:3A:6B:3A:5A:D5:BF:65:50:A6:
                B0:96:31:AE:EB:78:99
        FingerPrint
            MD2:
                42:37:89:53:FE:FF:14:E4:16:85:E6:80:26:CB:D7:D5
            MD5:
                91:1E:26:90:70:3F:96:A7:C5:2F:26:50:90:B5:5B:11
            SHA-1:
                04:F4:84:C5:1C:C2:EA:12:BD:90:85:3D:4B:CD:1C:E8:
                AA:AB:8A:64
            SHA-256:
                83:C8:9B:85:D5:02:2B:9F:BE:4D:A1:45:61:C4:61:9D:
                C6:13:4F:43:6C:38:10:E8:4E:D5:9C:8A:2A:D0:9D:86
            SHA-512:
                D4:D6:BC:81:40:37:F9:1F:AD:E0:BB:27:03:90:B4:55:
                29:30:C2:FB:B8:7C:90:A8:27:AC:B6:37:5B:6B:8A:11:
                0F:4F:C5:04:AB:C8:64:EC:6A:0A:62:06:C4:EA:FC:44:
                69:C0:02:8F:0D:94:9B:9F:D1:5D:DD:5B:A4:96:7E:E3
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1C97B5F
            Signature Algorithm: SHA256withEC - 1.2.840.10045.4.3.2
            Issuer: CN=CA Signing Certificate,OU=rhcs94-CA-ECC-ssidhaye,O=Example-rhcs94-CA
            Validity: 
                Not Before: Thursday, August 16, 2018 8:12:34 AM EDT America/New_York
                Not  After: Tuesday, February 12, 2019 8:12:34 AM EST America/New_York
            Subject: UID=testuser,CN=Test User
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        B1:1C:96:9B:C3:40:D0:A9:F3:01:F6:E6:52:BB:3D:E2:
                        7C:29:DB:41:00:55:93:BC:C7:44:7F:CE:6C:1B:32:AD:
                        F5:CA:6A:0C:07:AC:6D:F3:D4:65:6C:24:1E:AA:49:28:
                        B1:F9:67:28:E7:64:E2:29:9E:95:57:53:87:E2:45:B7:
                        3F:69:77:CE:DA:5F:3A:48:D0:5E:8E:E3:0F:08:C3:36:
                        E8:02:3E:AA:3D:FE:8B:31:84:C4:A5:F9:BF:16:C7:43:
                        49:C5:FF:22:45:20:D2:39:1C:55:B9:54:C7:9F:E6:17:
                        CC:9C:45:9C:9C:BB:4B:6D:44:56:30:12:A6:D6:BD:64:
                        0B:90:7D:6D:EA:93:C3:36:49:36:24:D4:1C:0B:A5:59:
                        A8:12:C6:AD:33:42:CD:09:CF:67:DB:1B:B5:7F:01:1E:
                        B0:57:9D:78:99:16:4B:84:78:17:7E:1D:E2:D6:33:1A:
                        B8:35:EF:71:65:68:11:D2:D9:80:3C:1F:D7:21:98:BD:
                        84:AD:1B:CE:19:B9:49:39:22:EE:6A:C6:B6:7C:11:FE:
                        CD:4C:F9:F0:2A:3A:47:CC:D4:05:85:B8:39:4E:1F:A8:
                        0C:6F:08:E2:68:43:A1:39:B1:75:DE:36:36:44:FF:29:
                        C6:F9:7F:BC:41:73:E0:FA:41:25:CB:22:F4:0D:90:B1
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        26:6E:8C:B6:33:FC:5B:DF:FB:AD:3D:32:02:46:83:9A:
                        1D:E2:11:57
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:4A:30:48:06:08:2B:06:01:05:05:07:30:01:86:3C:
                        68:74:74:70:3A:2F:2F:63:73:71:61:34:2D:67:75:65:
                        73:74:30:31:2E:69:64:6D:2E:6C:61:62:2E:65:6E:67:
                        2E:72:64:75:2E:72:65:64:68:61:74:2E:63:6F:6D:3A:
                        38:30:38:30:2F:63:61:2F:6F:63:73:70
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key Encipherment 
                Identifier: Extended Key Usage: - 2.5.29.37
                    Critical: no 
                    Extended Key Usage: 
                        1.3.6.1.5.5.7.3.2
                        1.3.6.1.5.5.7.3.4
        Signature: 
            Algorithm: SHA256withEC - 1.2.840.10045.4.3.2
            Signature: 
                30:45:02:21:00:E4:66:FB:14:72:71:0D:39:E4:21:99:
                78:11:C2:47:33:FA:72:B6:B3:92:49:3A:2D:BF:63:9D:
                F8:FE:33:AB:03:02:20:24:9C:63:A4:69:89:FC:A7:14:
                1F:3B:8C:1F:CB:C0:CE:E1:8B:16:28:4B:93:C1:00:C1:
                CA:E8:47:FC:DC:6E:34
        FingerPrint
            MD2:
                1B:BA:17:2C:69:D3:58:3A:DE:90:61:53:A1:84:07:BA
            MD5:
                7B:1F:B3:C4:63:2E:68:BF:7B:05:CD:4C:38:B7:EA:07
            SHA-1:
                35:5C:CB:1B:F6:10:32:84:D5:17:0C:E7:E8:31:32:5B:
                6A:68:B8:21
            SHA-256:
                79:43:32:92:C9:0F:7E:A8:8E:F5:2D:C4:64:02:61:7F:
                A4:5E:10:8F:65:4F:01:75:56:91:4E:8C:EE:8E:42:8C
            SHA-512:
                1B:00:2C:D6:96:26:46:2F:8F:49:D4:69:B8:0B:2F:F3:
                91:2C:0E:88:CC:AD:C9:58:BA:0D:34:02:E4:C7:9E:B6:
                E3:3A:A6:6E:0F:09:AD:D0:C7:EA:72:99:F5:05:7B:AB:
                20:63:88:D0:8F:C3:2A:D5:0A:EE:0C:65:05:49:18:DB


Number of controls is 1
Control #0: CMCStatusInfoV2
   OID: {1 3 6 1 5 5 7 7 25}
   BodyList: 1 
   Status: SUCCESS
CMC Full Response.

PKCS#7 now stored in file: cmc.p10-ec.resp.pem




Base 64 encoded certificate displayed in the UI

-----BEGIN CERTIFICATE-----
MIIC9zCCAp2gAwIBAgIEAcl7XzAKBggqhkjOPQQDAjBeMRowGAYDVQQKDBFFeGFt
cGxlLXJoY3M5NC1DQTEfMB0GA1UECwwWcmhjczk0LUNBLUVDQy1zc2lkaGF5ZTEf
MB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xODA4MTYxMjEyMzRa
Fw0xOTAyMTIxMzEyMzRaMC4xEjAQBgNVBAMMCVRlc3QgVXNlcjEYMBYGCgmSJomT
8ixkAQEMCHRlc3R1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
sRyWm8NA0KnzAfbmUrs94nwp20EAVZO8x0R/zmwbMq31ymoMB6xt89RlbCQeqkko
sflnKOdk4imelVdTh+JFtz9pd87aXzpI0F6O4w8IwzboAj6qPf6LMYTEpfm/FsdD
ScX/IkUg0jkcVblUx5/mF8ycRZycu0ttRFYwEqbWvWQLkH1t6pPDNkk2JNQcC6VZ
qBLGrTNCzQnPZ9sbtX8BHrBXnXiZFkuEeBd+HeLWMxq4Ne9xZWgR0tmAPB/XIZi9
hK0bzhm5STki7mrGtnwR/s1M+fAqOkfM1AWFuDlOH6gMbwjiaEOhObF13jY2RP8p
xvl/vEFz4PpBJcsi9A2QsQIDAQABo4GtMIGqMB8GA1UdIwQYMBaAFCZujLYz/Fvf
+609MgJGg5od4hFXMFgGCCsGAQUFBwEBBEwwSjBIBggrBgEFBQcwAYY8aHR0cDov
L2NzcWE0LWd1ZXN0MDEuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206ODA4MC9j
YS9vY3NwMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
BQUHAwQwCgYIKoZIzj0EAwIDSAAwRQIhAORm+xRycQ055CGZeBHCRzP6crazkkk6
Lb9jnfj+M6sDAiAknGOkaYn8pxQfO4wfy8DO4YsWKEuTwQDByuhH/NxuNA==
-----END CERTIFICATE-----

Comment 16 errata-xmlrpc 2018-10-30 11:00:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3188


Note You need to log in before you can comment on or make changes to this bug.