View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001255 | Main CAcert Website | certificate issuing | public | 2014-03-07 12:33 | 2014-06-29 10:20 |
Reporter | INOPIAE | Assigned To | wytze | ||
Priority | immediate | Severity | block | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 2014 Q1 | ||||
Target Version | 2014 Q1 | Fixed in Version | 2014 Q1 | ||
Summary | 0001255: DSA certificate issuing ignores key strength | ||||
Description | The problem is that there is no check for the key stregth when signing with a DSA key. So any key strength can be used. The police requires a minimum of at least 1024 bit. | ||||
Additional Information | see also http://www.golem.de/news/diffie-hellman-unsinnige-krypto-parameter-1403-104970.html | ||||
Tags | No tags attached. | ||||
Reviewed by | NEOatNHNG, BenBE | ||||
Test Instructions | |||||
|
Our policy doesn't require a minimum key length. To the contrary it says in https://www.cacert.org/policy/CertificationPracticeStatement.php#p4.3.1 that members may request certificates for keys of any size. It writes that only RSA is supported though. CAB forum baseline requirements https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1_1_6.pdf on the other hand prescribes some restrictions. Additionally one should take into account that DSA is completely compromised if bad random generators are used (not only for key generation but also for normal signatures) I would go for a) forbid DSA completely, which is a bit inflexible if ever a problem in major RSA implementations is found but would match our CPS or b) put up a warning screen when trying to issue a DSA certificate, but allow it when acknowledging the warning. |
|
test before patch legend bold == unacceptable done == sign by signer fail == sign failed by signer Signing Certificate bf-1255-org-server-class1-dsa-512 ... done Signing Certificate bf-1255-org-server-class1-dsa-768 ... done Signing Certificate bf-1255-org-server-class1-dsa-1024 ... done Signing Certificate bf-1255-org-server-class1-dsa-1536 ... done Signing Certificate bf-1255-org-server-class1-dsa-2047 ... done Signing Certificate bf-1255-org-server-class1-dsa-2048 ... fail Signing Certificate bf-1255-org-server-class1-dsa-3072 ... fail Signing Certificate bf-1255-org-server-class1-dsa-4096 ... fail Signing Certificate bf-1255-org-server-class1-dsa-8192 ... fail Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v2 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v3 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb176v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb208w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb272w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb304w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb368w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v2 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v3 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v2 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v3 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb359v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb431r1 ... done Signing Certificate bf-1255-org-server-class1-ec-prime192v1 ... done Signing Certificate bf-1255-org-server-class1-ec-prime192v2 ... done Signing Certificate bf-1255-org-server-class1-ec-prime192v3 ... done Signing Certificate bf-1255-org-server-class1-ec-prime239v1 ... done Signing Certificate bf-1255-org-server-class1-ec-prime239v2 ... done Signing Certificate bf-1255-org-server-class1-ec-prime239v3 ... done Signing Certificate bf-1255-org-server-class1-ec-prime256v1 ... done Signing Certificate bf-1255-org-server-class1-ec-secp224r1 ... done Signing Certificate bf-1255-org-server-class1-ec-secp384r1 ... done Signing Certificate bf-1255-org-server-class1-ec-secp521r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect163k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect163r2 ... done Signing Certificate bf-1255-org-server-class1-ec-sect233k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect233r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect283k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect283r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect409k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect409r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect571k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect571r1 ... done Signing Certificate bf-1255-org-server-class1-rsa-512 ... fail Signing Certificate bf-1255-org-server-class1-rsa-768 ... fail Signing Certificate bf-1255-org-server-class1-rsa-1024 ... fail Signing Certificate bf-1255-org-server-class1-rsa-1536 ... fail Signing Certificate bf-1255-org-server-class1-rsa-2047 ... fail Signing Certificate bf-1255-org-server-class1-rsa-2048 ... done Signing Certificate bf-1255-org-server-class1-rsa-4096 ... done Signing Certificate bf-1255-org-server-class1-rsa-8192 ... done done in 15m10.334s |
|
Pre-Patch Test Client-Certs ------------ RSA 512, 1024, 2047 not accepted 2048, 4096 created -> ok DSA 512, 1024, 2047 created 2048, 4096 pending EC prime192v1 created Server-Certs ------------ RSA 512, 1024, 2047 not accepted 2048, 4096 created DSA 512, 1024, 2047 created 2048, 4096 pending EC prime192v1 created Org-certs --------- RSA 512, 1024, 2047 not accepted 2048, 4096 created DSA 512, 1024, 2047 created 2048, 4096 pending EC prime192v1 created From my point of view one should test more ECs, but I just do not have a lot of time, currently. |
|
Implemented a patch and put it on the test server. Please test and review. |
|
test after patch legend bold == unacceptable done == sign by signer fail == sign failed by signer Signing Certificate af-1255-org-server-class1-dsa-512 ... fail Signing Certificate af-1255-org-server-class1-dsa-768 ... fail Signing Certificate af-1255-org-server-class1-dsa-1024 ... fail Signing Certificate af-1255-org-server-class1-dsa-1536 ... fail Signing Certificate af-1255-org-server-class1-dsa-2047 ... fail Signing Certificate af-1255-org-server-class1-dsa-2048 ... fail Signing Certificate af-1255-org-server-class1-dsa-3072 ... fail Signing Certificate af-1255-org-server-class1-dsa-4096 ... fail Signing Certificate af-1255-org-server-class1-dsa-8192 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb163v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb163v2 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb163v3 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb176v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb208w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb272w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb304w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb368w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb191v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb191v2 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb191v3 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb239v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb239v2 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb239v3 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb359v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb431r1 ... fail Signing Certificate af-1255-org-server-class1-ec-prime192v1 ... fail Signing Certificate af-1255-org-server-class1-ec-prime192v2 ... fail Signing Certificate af-1255-org-server-class1-ec-prime192v3 ... fail Signing Certificate af-1255-org-server-class1-ec-prime239v1 ... fail Signing Certificate af-1255-org-server-class1-ec-prime239v2 ... fail Signing Certificate af-1255-org-server-class1-ec-prime239v3 ... fail Signing Certificate af-1255-org-server-class1-ec-prime256v1 ... fail Signing Certificate af-1255-org-server-class1-ec-secp224r1 ... fail Signing Certificate af-1255-org-server-class1-ec-secp384r1 ... fail Signing Certificate af-1255-org-server-class1-ec-secp521r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect163k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect163r2 ... fail Signing Certificate af-1255-org-server-class1-ec-sect233k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect233r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect283k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect283r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect409k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect409r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect571k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect571r1 ... fail Signing Certificate af-1255-org-server-class1-rsa-512 ... fail Signing Certificate af-1255-org-server-class1-rsa-768 ... fail Signing Certificate af-1255-org-server-class1-rsa-1024 ... fail Signing Certificate af-1255-org-server-class1-rsa-1536 ... fail Signing Certificate af-1255-org-server-class1-rsa-2047 ... fail Signing Certificate af-1255-org-server-class1-rsa-2048 ... done Signing Certificate af-1255-org-server-class1-rsa-4096 ... done Signing Certificate af-1255-org-server-class1-rsa-8192 ... done done in 1m49.300s => OK |
|
Please review as there are at least two successful tests. |
|
Modifications to initial draft of the patch accepted, which slipped by when the initial sketch of the patch was written. Restructuring to cause fall-through to the end of the function being considered failure of key verification are okay and enhance readability. Complete rejection of DSA (explicit, even though implemented) and ECDSA (implicit) is in accordance with policy/CPS as well as decision of the responsible software assessors due to time constraints to get this initial fix out. Further adjustments as well as refinements to allow more types of keys as well as more specific checks for the key material can follow. The aim for this patch was to resolve the issue at hand when handling certificate signing requests. 2nd review OK. Good to go! |
|
The patch has been installed on the production server on March 10, 2014. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2014-03/msg00002.html and https://lists.cacert.org/wws/arc/cacert-systemlog/2014-03/msg00003.html |
Date Modified | Username | Field | Change |
---|---|---|---|
2014-03-07 12:33 | INOPIAE | New Issue | |
2014-03-07 12:34 | INOPIAE | Relationship added | related to 0000918 |
2014-03-07 12:35 | INOPIAE | Relationship added | related to 0000954 |
2014-03-07 12:35 | INOPIAE | Relationship added | related to 0000964 |
2014-03-07 14:50 | NEOatNHNG | Note Added: 0004617 | |
2014-03-07 22:35 | MartinGummi | Note Added: 0004618 | |
2014-03-07 23:08 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:08 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:09 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:12 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:18 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:18 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:20 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:21 | MartinGummi | Note Edited: 0004618 | |
2014-03-07 23:21 | MartinGummi | Note View State: 0004618: private | |
2014-03-08 09:27 | Eva | Note Added: 0004619 | |
2014-03-09 03:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 03497bc8 |
2014-03-09 03:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 2ea7e322 |
2014-03-09 03:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable f8a00d63 |
2014-03-09 03:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 91f4bf72 |
2014-03-09 03:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel testserver-stable 7b251cbd |
2014-03-09 03:09 | NEOatNHNG | Reviewed by | => NEOatNHNG |
2014-03-09 03:09 | NEOatNHNG | Note Added: 0004620 | |
2014-03-09 03:09 | NEOatNHNG | Status | new => needs review & testing |
2014-03-09 03:09 | NEOatNHNG | View Status | private => public |
2014-03-09 09:09 | MartinGummi | Note Added: 0004621 | |
2014-03-09 09:10 | MartinGummi | Note Edited: 0004621 | |
2014-03-09 09:11 | MartinGummi | Note Edited: 0004621 | |
2014-03-09 09:13 | MartinGummi | Note Edited: 0004621 | |
2014-03-09 09:13 | MartinGummi | Note Edited: 0004621 | |
2014-03-09 09:55 | MartinGummi | Note Edited: 0004618 | |
2014-03-09 09:56 | MartinGummi | Note Edited: 0004621 | |
2014-03-09 09:58 | INOPIAE | Note Added: 0004623 | |
2014-03-09 09:58 | INOPIAE | Assigned To | => BenBE |
2014-03-09 09:58 | INOPIAE | Status | needs review & testing => needs review |
2014-03-09 19:36 | BenBE | Reviewed by | NEOatNHNG => NEOatNHNG, BenBE |
2014-03-09 19:36 | BenBE | Note Added: 0004624 | |
2014-03-09 19:36 | BenBE | Assigned To | BenBE => wytze |
2014-03-09 19:36 | BenBE | Status | needs review => ready to deploy |
2014-03-09 22:05 | BenBE | Source_changeset_attached | => cacert-devel release 43882c78 |
2014-03-10 17:05 | wytze | Note Added: 0004625 | |
2014-03-10 17:05 | wytze | Status | ready to deploy => solved? |
2014-03-10 17:05 | wytze | Fixed in Version | => 2014 Q1 |
2014-03-10 17:05 | wytze | Resolution | open => fixed |
2014-03-11 22:59 | MartinGummi | Note View State: 0004618: public | |
2014-06-29 10:20 | INOPIAE | Status | solved? => closed |