| Summary: | Duplicate PK signature algorithms in gnutls-cli output | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Frantisek Sumsal <fsumsal> |
| Component: | gnutls | Assignee: | Nikos Mavrogiannopoulos <nmavrogi> |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | hkario, szidek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-21 17:16:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Description of problem: Output of gnutls-cli contains some PK signature algorithms twice. This is caused by multiple occurrences of these algorithms in the sign_algorithms array with different OIDs (file lib/algorithms/sign.c): static const gnutls_sign_entry sign_algorithms[] = { {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, {2, 1}}, {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, {2, 1}}, {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, GNUTLS_PK_RSA, GNUTLS_DIG_SHA224, {3, 1}}, ... {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, GNUTLS_DIG_SHA1, {2, 2}}, {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, GNUTLS_DIG_SHA1, {2, 2}}, ... Version-Release number of selected component (if applicable): gnutls-3.3.24-1.el7.x86_64 gnutls-utils-3.3.24-1.el7.x86_64 How reproducible: always Steps to Reproduce: # gnutls-cli -l Actual results: # gnutls-cli -l <...snip...> PK-signatures: *SIGN-RSA-SHA1*, *SIGN-RSA-SHA1*, SIGN-RSA-SHA224, SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-RMD160, *SIGN-DSA-SHA1*, *SIGN-DSA-SHA1*, SIGN-DSA-SHA224, SIGN-DSA-SHA256, *SIGN-RSA-MD5*, *SIGN-RSA-MD5*, SIGN-RSA-MD2, SIGN-ECDSA-SHA1, SIGN-ECDSA-SHA224, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512 Expected results: Output of gnutls-cli shouldn't contain duplicates.