Kyle, Kyle Hamilton wrote: > There's another, more pressing issue: > > If there are buffer overflows in ASN.1 parsing (there have been in at > the least OpenSSL and Microsoft's), anyone who can provide a > certificate that points to an AIA that ultimately wouldn't be trusted > could provide malicious data that could compromise the issue.
We took care of such issues in our ASN.1 parsing years ago. It was a large effort and many problems were found, and resolved in NSS 3.9, in 2004. Currently, we run test cases of millions of malformed certs from NISCC against every nightly build of NSS, FYI, to make sure that the code in that area doesn't regress. I'm not saying there are no remaining bugs - some may be found eventually - but we take the code in our ASN.1 decoders/encoder very seriously. > In addition, if there were an MD5-like hash collision in such a way > that an attacker could forge an apparently-valid (the signature > matches what was signed, though the data does not) CA:true > certificate, then all hell breaks loose. Currently nothing of the sort has been shown to be possible, however. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
