Skip to content

Commit

Permalink
Fix certificate and CSR signature bugs
Browse files Browse the repository at this point in the history 
Fixed a pretty serious bug in the way that the LDAP SDK generated
and verified signatures in X.509 certificates and PKCS #10
certificate signing requests.
  • Loading branch information
@dirmgr
dirmgr committed Dec 4, 2017
1 parent 7cfeaea commit 3117a10
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 72 deletions.
40 changes: 6 additions & 34 deletions src/com/unboundid/util/ssl/cert/PKCS10CertificateSigningRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -880,7 +880,7 @@ private static ASN1BitString generateSignature(
requestInfoElements.add(new ASN1Set(TYPE_ATTRIBUTES, attrElements));

final byte[] certificationRequestInfoBytes =
new ASN1Sequence(requestInfoElements).getValue();
new ASN1Sequence(requestInfoElements).encode();
signature.update(certificationRequestInfoBytes);
final byte[] signatureBytes = signature.sign();

Expand Down Expand Up @@ -1206,39 +1206,11 @@ public void verifySignature()
final boolean signatureIsValid;
try
{
final ArrayList<ASN1Element> requestInfoElements = new ArrayList<>(4);
requestInfoElements.add(new ASN1Integer(version.getIntValue()));
requestInfoElements.add(X509Certificate.encodeName(subjectDN));

if (publicKeyAlgorithmParameters == null)
{
requestInfoElements.add(new ASN1Sequence(
new ASN1Sequence(
new ASN1ObjectIdentifier(publicKeyAlgorithmOID)),
encodedPublicKey));
}
else
{
requestInfoElements.add(new ASN1Sequence(
new ASN1Sequence(
new ASN1ObjectIdentifier(publicKeyAlgorithmOID),
publicKeyAlgorithmParameters),
encodedPublicKey));
}

final ArrayList<ASN1Element> attrElements =
new ArrayList<>(requestAttributes.size());
for (final ObjectPair<OID,ASN1Set> p : requestAttributes)
{
attrElements.add(new ASN1Sequence(
new ASN1ObjectIdentifier(p.getFirst()),
p.getSecond()));
}
requestInfoElements.add(new ASN1Set(TYPE_ATTRIBUTES, attrElements));

final byte[] certificationRequestInfoBytes =
new ASN1Sequence(requestInfoElements).getValue();
signature.update(certificationRequestInfoBytes);
final ASN1Element[] requestInfoElements =
ASN1Sequence.decodeAsSequence(
pkcs10CertificateSigningRequestBytes).elements();
final byte[] requestInfoBytes = requestInfoElements[0].encode();
signature.update(requestInfoBytes);
signatureIsValid = signature.verify(signatureValue.getBytes());
}
catch (final Exception e)
Expand Down
42 changes: 4 additions & 38 deletions src/com/unboundid/util/ssl/cert/X509Certificate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1621,7 +1621,7 @@ private static ASN1BitString generateSignature(
new ASN1Sequence(extensionElements).encode()));

final byte[] tbsCertificateBytes =
new ASN1Sequence(tbsCertificateElements).getValue();
new ASN1Sequence(tbsCertificateElements).encode();
signature.update(tbsCertificateBytes);
final byte[] signatureBytes = signature.sign();

Expand Down Expand Up @@ -2035,43 +2035,9 @@ public void verifySignature(final X509Certificate issuerCertificate)
// signature.
try
{
final ArrayList<ASN1Element> tbsCertificateElements = new ArrayList<>(8);
tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_VERSION,
new ASN1Integer(version.getIntValue()).encode()));
tbsCertificateElements.add(new ASN1BigInteger(serialNumber));
tbsCertificateElements.add(new ASN1Sequence(
new ASN1ObjectIdentifier(signatureAlgorithm.getOID())));
tbsCertificateElements.add(encodeName(issuerDN));
tbsCertificateElements.add(encodeValiditySequence(notBefore, notAfter));
tbsCertificateElements.add(encodeName(subjectDN));

if (publicKeyAlgorithmParameters == null)
{
tbsCertificateElements.add(new ASN1Sequence(
new ASN1Sequence(
new ASN1ObjectIdentifier(publicKeyAlgorithmOID)),
encodedPublicKey));
}
else
{
tbsCertificateElements.add(new ASN1Sequence(
new ASN1Sequence(
new ASN1ObjectIdentifier(publicKeyAlgorithmOID),
publicKeyAlgorithmParameters),
encodedPublicKey));
}

final ArrayList<ASN1Element> extensionElements =
new ArrayList<>(extensions.size());
for (final X509CertificateExtension e : extensions)
{
extensionElements.add(e.encode());
}
tbsCertificateElements.add(new ASN1Element(TYPE_EXPLICIT_EXTENSIONS,
new ASN1Sequence(extensionElements).encode()));

final byte[] tbsCertificateBytes =
new ASN1Sequence(tbsCertificateElements).getValue();
final ASN1Element[] x509CertificateElements =
ASN1Sequence.decodeAsSequence(x509CertificateBytes).elements();
final byte[] tbsCertificateBytes = x509CertificateElements[0].encode();
signature.update(tbsCertificateBytes);
}
catch (final Exception e)
Expand Down

0 comments on commit 3117a10

Please sign in to comment.