Closed Bug 925591 Opened 8 years ago Closed 8 years ago
DSA 2048 certs not working in SSL
DSA 1024 testing is working, but DSA 2048 certs get ssl_error_bad_handshake_hash_value
"NIST Closed, NIST and Affiliated Web Sites Not Available", but FIPS 186-4 section 4.2 would reveal that DSA signatures can be longer than 20 bytes nowadays.
The first patch happened to work with 2048- and 3072-bit keys, but is bogus otherwise.
Attachment #815726 - Attachment is obsolete: true
Comment on attachment 815888 [details] [diff] [review] Proper patch Review of attachment 815888 [details] [diff] [review]: ----------------------------------------------------------------- r=wtc. Thank you very much for the patch, Kaspar. Two notes on the patch: 1. I verified that SECKEY_SignatureLen() cannot fail at this point, so it is not necessary to check its return value. 2. I considered saving the return value of SECKEY_SignatureLen() in a local variable to avoid making two calls. Since that will only happen for SSL 3.0, and since SECKEY_SignatureLen() is cheap for DSA keys, I didn't bother. Patch checked in: https://hg.mozilla.org/projects/nss/rev/c3db6134802b I wondered why this code works for ECDSA certificates. Here is the relevant code before we added TLS 1.2 support. It showed we were already using the DSAU_DecodeDerSigToLen function for ECDSA keys. http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c&rev=1.207&mark=899,903-904,914,922,928#899
Assignee: rrelyea → mozbugzilla
Status: NEW → RESOLVED
Closed: 8 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.15.3
Version: 3.15.1 → 3.14
Summary: DSA 2048 certs not working → DSA 2048 certs not working in SSL
We should add a test for this to the sslcov suite or similar.
Brian: I looked into changing our SSL test suite to use 2048-bit DSA server certificates. The obstacle is that NSS doesn't support DHE_DSS cipher suites on the server side. However, ssl3_VerifySignedHashes is also used by ssl3_HandleCertificateVerify, so we can also use 2048-bit DSA client certificates to verify the bug fix. Kai: do you have time to work on adding a test? It seems that we don't have any SSL auth test that uses a DSA client certificate. The closest thing I can find is the cert_fips() function in nss/tests/cert/cert.sh. There are many SSL auth tests that use ECDSA client certificates though.
(In reply to Wan-Teh Chang from comment #5) > Kai: do you have time to work on adding a test? It seems that we don't > have any SSL auth test that uses a DSA client certificate. The closest > thing I can find is the cert_fips() function in nss/tests/cert/cert.sh. > There are many SSL auth tests that use ECDSA client certificates though.
changing target milestone to 3.15.4
Target Milestone: 3.15.3 → 3.15.4
> (In reply to Wan-Teh Chang from comment #5) > > Kai: do you have time to work on adding a test? Not at this time. If a test is required to finalize this work, a separate bug should be filed to request such work. If this is easy, it should be suggested to someone trying to do their first steps with NSS.
You need to log in before you can comment on or make changes to this bug.