Bug 832948 - invalid key is retrieved when two private keys reside in one PEM slot
invalid key is retrieved when two private keys reside in one PEM slot
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
17
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-18 05:15 EDT by Jan Vcelak
Modified: 2013-03-03 20:30 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-18 06:38:18 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
reproducer (5.80 KB, application/x-compressed-tar)
2012-06-18 05:16 EDT, Jan Vcelak
no flags Details

  None (edit)
Description Jan Vcelak 2012-06-18 05:15:09 EDT
Description of problem:

When two certificates with private keys are loaded into one PEM slot, the first private key is always retrieved when negotiating with the peer, which causes invalid Message Authentication Code errors.

I'm attaching simple reproducer, which points out the possible cause of the problem. The reproducer just initializes PEM module and loads PEM certificates supplied on the command line. After each certificate is loaded, all tokens are printed with certificates and private keys within that token.


Version-Release number of selected component (if applicable):
nss-3.13.4-3.fc17.x86_64


How reproducible:
Use the reproducer, Luke!


Steps to Reproduce:
1. tar xf pemtwokeys.tgz; cd pemtwokeys
2. make
2. ./pemtwokeys certs/client.pem certs/server2.pem


Actual results:
$ ./pemtwokeys certs/client.pem certs/server2.pem 
Loading 'certs/client.pem'
- token 'PEM Token #7' (slot 'PEM Slot #7')
- token 'PEM Token #6' (slot 'PEM Slot #6')
- token 'PEM Token #5' (slot 'PEM Slot #5')
- token 'PEM Token #4' (slot 'PEM Slot #4')
- token 'PEM Token #3' (slot 'PEM Slot #3')
- token 'PEM Token #2' (slot 'PEM Slot #2')
- token 'PEM Token #1' (slot 'PEM Slot #1')
  - certificate 'CN=client,DC=domain' (nickname 'PEM Token #1:client.pem - 0' trust 216)
  - key for certificate 'CN=client,DC=domain'
- token 'PEM Token #0' (slot 'PEM Slot #0')
- token 'NSS Certificate DB' (slot 'NSS User Private Key and Certificate Services')
- token 'NSS Generic Crypto Services' (slot 'NSS Internal Cryptographic Services')
Loading 'certs/server2.pem'
- token 'PEM Token #7' (slot 'PEM Slot #7')
- token 'PEM Token #6' (slot 'PEM Slot #6')
- token 'PEM Token #5' (slot 'PEM Slot #5')
- token 'PEM Token #4' (slot 'PEM Slot #4')
- token 'PEM Token #3' (slot 'PEM Slot #3')
- token 'PEM Token #2' (slot 'PEM Slot #2')
- token 'PEM Token #1' (slot 'PEM Slot #1')
  - certificate 'CN=client,DC=domain' (nickname 'PEM Token #1:client.pem - 0' trust 216)
  - certificate 'CN=server2,DC=domain' (nickname 'PEM Token #1:server2.pem - 0' trust 216)
  - key for certificate 'CN=client,DC=domain'
  - key for certificate 'CN=client,DC=domain'
- token 'PEM Token #0' (slot 'PEM Slot #0')
- token 'NSS Certificate DB' (slot 'NSS User Private Key and Certificate Services')
- token 'NSS Generic Crypto Services' (slot 'NSS Internal Cryptographic Services')


Expected results:

...
- token 'PEM Token #1' (slot 'PEM Slot #1')
  - certificate 'CN=client,DC=domain' (nickname 'PEM Token #1:client.pem - 0' trust 216)
  - certificate 'CN=server2,DC=domain' (nickname 'PEM Token #1:server2.pem - 0' trust 216)
  - key for certificate 'CN=client,DC=domain'
  - key for certificate 'CN=server2,DC=domain' <= this
...


Additional info:

If each certificate is loaded into separate PEM slot, it works fine.

This problem is critical for OpenLDAP library. When the replication is configured on the OpenLDAP server and different certificates are used for incoming TLS connections and for client TLS authentication to the other replica, we are in trouble.

I think that we just cannot use different slot for each private key, because we can conflict with other applications using NSS PEM within the same process. This happens for example with PHP + LDAP + cURL (maybe bug #784928, not sure if this is the correct report).
Comment 1 Jan Vcelak 2012-06-18 05:16:37 EDT
Created attachment 592568 [details]
reproducer
Comment 2 Jan Vcelak 2012-06-18 06:38:18 EDT
Setting CKA_TRUST to false resolves the problem:
PK11_SETATTRS(attrs[3], CKA_TRUST, &ckfalse, sizeof(ckfalse));

...
- token 'PEM Token #1' (slot 'PEM Slot #1')
  - certificate 'CN=client,DC=domain' (nickname 'PEM Token #1:client.pem' trust 64)
  - certificate 'CN=server2,DC=domain' (nickname 'PEM Token #1:server2.pem' trust 64)
  - key for certificate 'CN=client,DC=domain'
  - key for certificate 'CN=server2,DC=domain'
...

So obviously my fault. Sorry, closing.

Note You need to log in before you can comment on or make changes to this bug.