[cabfpub] Fwd: Re: SHA-256 support

[Gervase Markham]

Hi everyone,

Here is a more nuanced answer from wtc about when and how much NSS
supports SHA-2.

NSS 3.11.1/3.11.4 or later were included in Firefox 2.0 and later.

Gerv

-------- Original Message --------
Subject: Re: SHA-256 support
Date: Tue, 19 Nov 2013 10:40:25 -0800
From: Wan-Teh Chang <wtc at google.com>
Reply-To: mozilla's crypto code discussion list
<dev-tech-crypto at lists.mozilla.org>
To: mozilla's crypto code discussion list
<dev-tech-crypto at lists.mozilla.org>
Newsgroups: mozilla.dev.tech.crypto
References: <v8ydnXNXANDjthfPnZ2dnUVZ_j6dnZ2d at mozilla.org>
<528ACAD1.3090708 at REDHAT.COM>

Bob's answer is accurate.

Note that CAs are more interested in SHA-2 based signature support
rather than plain SHA-2 support. So another way to track down the NSS
version is to look at the CVS history of the secvfy.c file:

http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/cryptohi/secvfy.c&rev=HEAD&mark=1.30

The relevant revisions are:

1.7 nelsonb%netscape.com2002-12-11 22:05 Support SHA256, SHA384, and
SHA512 hashes in NSS.

1.14 wtchang%redhat.com2005-08-12 16:50 Bugzilla Bug 296410: enlarge
the buffer size for message digest so that we can generate and verify
signatures that use SHA-512.

1.17 rrelyea%redhat.com2006-02-07 22:14 Bug 320583 Support for
SHA256/384/512 with ECC signing

So it is safe to say that by mid 2006 (NSS 3.11.1, released on
2006-05-05) the support of SHA-2 based signatures in NSS was already
stable and complete, covering both RSA and ECDSA signatures. Another
evidence of mature support is the FIPS 140-2 validation of NSS 3.11.4
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#814).

A very conservative response would be NSS 3.11.4
(http://www-archive.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-release-notes.html)
and later.

Wan-Teh