Closed Bug 925591 Opened 8 years ago Closed 8 years ago

DSA 2048 certs not working in SSL

Categories

(NSS :: Libraries, defect, P2)

3.14
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.15.4

People

(Reporter: kwilson, Assigned: mozbgz)

Details

Attachments

(1 file, 1 obsolete file)

DSA 1024 testing is working, but DSA 2048 certs get ssl_error_bad_handshake_hash_value
Assignee: nobody → rrelyea
Version: trunk → 3.15.1
Attached patch Patch (obsolete) — Splinter Review
"NIST Closed, NIST and Affiliated Web Sites Not Available", but FIPS 186-4 section 4.2 would reveal that DSA signatures can be longer than 20 bytes nowadays.
Attached patch Proper patchSplinter Review
The first patch happened to work with 2048- and 3072-bit keys, but is bogus otherwise.
Attachment #815726 - Attachment is obsolete: true
Comment on attachment 815888 [details] [diff] [review]
Proper patch

Review of attachment 815888 [details] [diff] [review]:
-----------------------------------------------------------------

r=wtc. Thank you very much for the patch, Kaspar.

Two notes on the patch:

1. I verified that SECKEY_SignatureLen() cannot fail at this point, so
it is not necessary to check its return value.

2. I considered saving the return value of SECKEY_SignatureLen() in a
local variable to avoid making two calls. Since that will only happen
for SSL 3.0, and since SECKEY_SignatureLen() is cheap for DSA keys, I
didn't bother.

Patch checked in: https://hg.mozilla.org/projects/nss/rev/c3db6134802b

I wondered why this code works for ECDSA certificates. Here is the
relevant code before we added TLS 1.2 support. It showed we were already
using the DSAU_DecodeDerSigToLen function for ECDSA keys.

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c&rev=1.207&mark=899,903-904,914,922,928#899
Attachment #815888 - Flags: review+
Attachment #815888 - Flags: checked-in+
Assignee: rrelyea → mozbugzilla
Status: NEW → RESOLVED
Closed: 8 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.15.3
Version: 3.15.1 → 3.14
Summary: DSA 2048 certs not working → DSA 2048 certs not working in SSL
We should add a test for this to the sslcov suite or similar.
Flags: in-testsuite?
Brian: I looked into changing our SSL test suite to use 2048-bit DSA
server certificates. The obstacle is that NSS doesn't support DHE_DSS
cipher suites on the server side. However, ssl3_VerifySignedHashes is
also used by ssl3_HandleCertificateVerify, so we can also use 2048-bit
DSA client certificates to verify the bug fix.

Kai: do you have time to work on adding a test? It seems that we don't
have any SSL auth test that uses a DSA client certificate. The closest
thing I can find is the cert_fips() function in nss/tests/cert/cert.sh.
There are many SSL auth tests that use ECDSA client certificates though.
(In reply to Wan-Teh Chang from comment #5)
> Kai: do you have time to work on adding a test? It seems that we don't
> have any SSL auth test that uses a DSA client certificate. The closest
> thing I can find is the cert_fips() function in nss/tests/cert/cert.sh.
> There are many SSL auth tests that use ECDSA client certificates though.
Flags: needinfo?(kaie)
changing target milestone to 3.15.4
Target Milestone: 3.15.3 → 3.15.4
> (In reply to Wan-Teh Chang from comment #5)
> > Kai: do you have time to work on adding a test?

Not at this time.

If a test is required to finalize this work, a separate bug should be filed to request such work.

If this is easy, it should be suggested to someone trying to do their first steps with NSS.
Flags: needinfo?(kaie)
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.