Bug 1265499 - Ensure the content signature verifier checks that the EKU extension is present. r?keeler
MozReview-Commit-ID: BS4lDUrpNrg
--- a/security/manager/ssl/ContentSignatureVerifier.cpp
+++ b/security/manager/ssl/ContentSignatureVerifier.cpp
@@ -190,16 +190,28 @@ ContentSignatureVerifier::CreateContext(
Input hostnameInput;
result = hostnameInput.Init(uint8_t_ptr_cast(aName.BeginReading()),
aName.Length());
if (result != Success) {
return NS_ERROR_FAILURE;
}
+ // Check we have the EKU extension - since a missing EKU extension prevents
+ // BuildCertChain from matching the required EKU
+ ScopedAutoSECItem ekuExt;
+ if (CERT_FindCertExtension(node->cert, SEC_OID_X509_EXT_KEY_USAGE, &ekuExt)
+ != SECSuccess) {
+ return NS_ERROR_INVALID_SIGNATURE;
+ }
+
+ if (ekuExt.data == nullptr) {
+ return NS_ERROR_INVALID_SIGNATURE;
+ }
+
BRNameMatchingPolicy nameMatchingPolicy(BRNameMatchingPolicy::Mode::Enforce);
result = CheckCertHostname(certDER, hostnameInput, nameMatchingPolicy);
if (result != Success) {
return NS_ERROR_INVALID_SIGNATURE;
}
mKey.reset(CERT_ExtractPublicKey(node->cert));
--- a/security/manager/ssl/tests/unit/test_content_signing.js
+++ b/security/manager/ssl/tests/unit/test_content_signing.js
@@ -59,16 +59,19 @@ function run_test() {
["onecrl_RSA_ee", "int", "root"]);
let noSANChain = loadChain(TEST_DATA_DIR + "content_signing",
["onecrl_no_SAN_ee", "int", "root"]);
let wrongEKUChain = loadChain(TEST_DATA_DIR + "content_signing",
["onecrl_wrong_EKU_ee", "int", "root"]);
+ let noEKUChain = loadChain(TEST_DATA_DIR + "content_signing",
+ ["onecrl_no_EKU_ee", "int", "root"]);
+
// Check good signatures from good certificates with the correct SAN
let chain1 = oneCRLChain.join("\n");
let verifier = getSignatureVerifier();
ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME),
"A OneCRL signature should verify with the OneCRL chain");
let chain2 = remoteNewTabChain.join("\n");
verifier = getSignatureVerifier();
ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain2,
@@ -150,16 +153,23 @@ function run_test() {
// check good signature from a chain with the wrong EKU on the end entity
chain1 = wrongEKUChain.join("\n");
verifier = getSignatureVerifier();
ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
ONECRL_NAME),
"A signature should not verify if the signer has the wrong EKU");
+ // check good signature from a chain with no EKU on the end entity
+ chain1 = noEKUChain.join("\n");
+ verifier = getSignatureVerifier();
+ ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
+ ONECRL_NAME),
+ "A signature should not verify if the signer has no EKU extension");
+
// Check malformed signature data
chain1 = oneCRLChain.join("\n");
let bad_signatures = [
// wrong length
"p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi-" +
"7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L==",
// incorrectly encoded
"p384ecdsa='WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi" +
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_EKU_ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLTCCARegAwIBAgIUH7FuWTXxIdn1HdT4Eqvw1zY3n2MwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q
+nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD
+dKpuqc6jKDAmMCQGA1UdEQQdMBuCGW9uZUNSTC1zaWduZXIubW96aWxsYS5vcmcw
+CwYJKoZIhvcNAQELA4IBAQB5JPmqFduUyVE56z71ZYwtkjeJnV9y5wADP8bp0fem
+mLq2enrUXah5qmzrTR6rC46Pd3BQv0s6I46hMS6mGvy/qaRDkjDG7FAqk44l5i1D
+1bUagueRPlGIu2tjPoDugw6lSgZGZaEdJNV5xL5f+3k9XXi+rFj1x7ESC19c9XWf
+uWhe2j9ezLjNyVkGTcz1PJ+1Yl20EPgAdPg6RxqDVFU5hoJTlmMzh+RD5I1ICdry
+DcwzViVlqhZpT8KQRd6MVk649v/FmotdQBEV9EXJAU7rkE0WYH4+czNcLSHWKpo9
+SlwgiU64Eqdoku+bGKg5I8RyF8g00NNz7fzb8azjfsOo
+-----END CERTIFICATE-----
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_EKU_ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp384r1
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org