Kyle Hamilton wrote, On 2008-09-18 11:48: > There's another, more pressing issue: > > If there are buffer overflows in ASN.1 parsing (there have been in at > the least OpenSSL and Microsoft's), anyone who can provide a > certificate that points to an AIA that ultimately wouldn't be trusted > could provide malicious data that could compromise the issue.
About 5-6 years ago, NISCC, an office of the UK government, made available to software developers an enormous set of test data, over 1 million certs, each crafted to detect buffer potential buffer overflows. The set was produced at the University of Oulu (IIRC) for NISCC. There were also test cases for PKCS#7 and numerous other common BER/DER message/file formats. There were SSL server certs and client auth certs, IIRC. A major part of the work done for NSS 3.9.0 in late 2003 was that we devised test programs and test scripts to test with all those files of test data. I devised an SSL server and SSL client that would serve up a different one of those test certs in each full handshake. We enhanced certutil and our PKCS7 and SMIME test tools to facilitate this testing. We found a lot of bugs, and fixed them all. We now run the NISCC tests periodically (nightly or weekly, IIRC) to ensure no regressions there. Consequently, since the release of NSS 3.9.0, our confidence level in the "bullet proof" nature of our ASN.1 decoder, and the higher level decoders that use it (such as PKCS7) is very high. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
