OCSP responses with "version 1" explicitly encoded are no longer accepted, breaking LastPass, login.live.com, and probably many other sites

RESOLVED FIXED in mozilla33

Status

()

Core
Security: PSM
P2
normal
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: streetwolf, Assigned: briansmith)

Tracking

({regression})

33 Branch
mozilla33
regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Regression...

Good:  https://hg.mozilla.org/integration/mozilla-inbound/rev/11ce0e5823f4

Bad:   https://hg.mozilla.org/integration/mozilla-inbound/rev/904975e569b5

Regression checking has lead me to patch 1029341 which is causing problems with LastPass.  I get a message that LP was unable to login to it's secure server.  Furthermore, when I try to install the latest version of LP via this link https://lastpass.com/lppre.xpi I get the following error message:

-------
Secure Connection Failed

An error occurred during a connection to lastpass.com. The response from the OCSP server was corrupted or improperly formed. (Error code: sec_error_ocsp_malformed_response)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
------
(Reporter)

Updated

3 years ago
Depends on: 1029341
Keywords: regression
(Reporter)

Updated

3 years ago
Blocks: 1029341
No longer depends on: 1029341
(Reporter)

Comment 1

3 years ago
Sorry if I got the Blocks/Depends on wrong.  I'm not totally familiar with their use.
Thanks Gary. I will take a look at this now.
Assignee: nobody → brian
Severity: normal → major
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1
Target Milestone: --- → mozilla33
See Also: → bug 1031093
The regression was actually caused by the fix for bug 1029364, not the fix for bug 1029341. The fix for bug 1029364 changed the way we processed explicit encodings of "version 1"; before, they were accepted but now they are rejected. I will attach a patch here that reverts that part of the change.
Blocks: 1029364
No longer blocks: 1029341
Summary: LastPass having issues with Bug 1029341 installed → OCSP responses with "version 1" explicitly encoded are no longer accepted, breaking LastPass and probably many other sites
Created attachment 8446885 [details] [diff] [review]
accept-explicit-v1.patch

Note: the change to BackCert::Init() may not be strictly necessary here, but soon (tomorrow?) I will post a patch that changes BackCert::Init() to use OptionalVersion() anyway, so we should keep them consistent.
Attachment #8446885 - Flags: review?(cviecco)
Attachment #8446885 - Flags: review?(cviecco) → review+
Thanks for the impressive review turnaround time, cviecco!

And, thanks again for the bug report, Gary!! Please email me (brian@briansmiht.org) about what "streetwolf" is referencing. I don't understand the #streetwolf hashtag on Twitter.

https://hg.mozilla.org/integration/mozilla-inbound/rev/c6b2136514f2

Enthusiasm!!! Positive Energy!!!!
Severity: major → normal
OS: Windows 8.1 → All
Priority: P1 → P2
Hardware: x86_64 → All
Comment on attachment 8446885 [details] [diff] [review]
accept-explicit-v1.patch

Review of attachment 8446885 [details] [diff] [review]:
-----------------------------------------------------------------

::: security/pkix/lib/pkixbuild.cpp
@@ +59,5 @@
>               nssCert->version.data[0] == static_cast<uint8_t>(der::Version::v2)) {
>      version = der::Version::v2;
> +  } else if (nssCert->version.len == 1 &&
> +             nssCert->version.data[0] == static_cast<uint8_t>(der::Version::v2)) {
> +    // XXX(bug 1031093): We shouldn't accept an explicit encoding of v1, but we

This checking condition looks identical to the v2 condition, and so will never trigger.  Was this supposed to be |der::Version::v1|?
https://hg.mozilla.org/mozilla-central/rev/c6b2136514f2
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Duplicate of this bug: 1031366
Duplicate of this bug: 1031338

Comment 10

3 years ago
Is there not the automatic test?
(In reply to Alice0775 White from comment #10)
> Is there not the automatic test?

There is an automatic test, for the OCSP case. When I caused the regression, I changed the test. The issue is that these websites are not conformant to the specification, and my changed that caused the regression was to enforce the specification more strictly. The fix is to go back to accepting the non-conformant OCSP responses.

Nathan, yes, you are right. I will fix that soon. However, it almost definitely doesn't matter because v1 certificates are not really used on the internet. Only v3 certificates are allowed in our CA program, for example. (v1 OCSP responses are used all the time, because v1 is the only version for OCSP.)
Duplicate of this bug: 1031696
Summary: OCSP responses with "version 1" explicitly encoded are no longer accepted, breaking LastPass and probably many other sites → OCSP responses with "version 1" explicitly encoded are no longer accepted, breaking LastPass, login.live.com, and probably many other sites
Blocks: 982783
You need to log in before you can comment on or make changes to this bug.