Bug 1970388
| Summary: | openssl spkac creates responses signed with MD5 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Alicja Kario <hkario> |
| Component: | openssl | Assignee: | Sahana Prasad <sahana> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Alicja Kario <hkario> |
| Severity: | medium | Docs Contact: | Mirek Jahoda <mjahoda> |
| Priority: | low | ||
| Version: | CentOS Stream | CC: | bstinson, jwboyer |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openssl-3.0.0-0.beta2.2.el9 | Doc Type: | Enhancement |
| Doc Text: |
.`openssl-spkac` can now create SPKAC files signed with SHA-1 and SHA-256
The `openssl-spkac` utility can now create Netscape signed public key and challenge (SPKAC) files signed with hashes different than MD5. You can now create and verify also SPKAC files signed with SHA-1 and SHA-256 hashes.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-12-07 21:24:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: When OpenSSL is asked to create a SPKAC response it signs it with MD5. There are no options available to change that default. Version-Release number of selected component (if applicable): openssl-3.0.0-0.alpha16.3.ssl3.x86_64 How reproducible: always Steps to Reproduce: 1. openssl genpkey -algorithm RSA -out key.pem 2. openssl spkac -key key.pem -out spkac.pem 3. openssl spkac -in spkac.pem Actual results: Netscape SPKI: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a4:ab:7c:23:9e:ca:e4:18:07:e7:51:c9:74:f4: 40:cc:dd:2d:07:75:44:21:d3:ed:c7:ee:96:20:63: 9a:cb:70:ac:e5:23:64:76:f5:99:fb:1c:89:97:75: 4f:66:34:5e:cf:b8:4d:d5:01:e0:4b:09:89:dd:eb: 00:7b:08:54:14:16:50:60:3d:58:80:e9:4c:4b:2a: 78:50:37:ed:95:df:04:1e:79:71:15:25:8e:ae:ab: fa:dc:d1:32:bf:cd:56:a7:44:72:ec:71:b5:39:2f: 5f:a9:e2:ba:00:e7:f1:6b:1b:da:cd:24:58:c3:0d: d2:b1:e0:8c:6d:99:06:eb:01:ee:71:27:b1:c1:c3: 97:e0:35:83:65:eb:96:6d:46:5a:98:c4:b0:5f:f8: 12:f4:ae:0b:5f:2e:b8:fa:13:82:7d:34:41:47:fd: 36:20:d8:65:21:80:f5:a9:20:89:29:4e:18:b4:bf: 90:57:b7:19:c5:b8:d5:99:f8:35:fa:81:24:30:6f: 43:7d:3d:79:0f:4a:06:dd:6c:9a:c8:c9:a5:bd:89: 67:ca:c8:2f:42:b5:36:05:31:b0:c6:dc:da:72:98: c8:07:bf:b8:ac:be:c1:0f:a1:56:f0:c5:cb:ec:50: 98:57:28:e2:3c:05:70:33:33:93:22:aa:f7:da:62: a1:ab Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 02:39:f8:2e:4b:b2:9b:70:15:c6:fe:a5:5f:0d:00:77:67:20: f1:59:1a:ba:38:62:84:5c:12:9c:78:85:d7:fc:d0:7c:e3:eb: 11:4e:4e:ea:db:b1:bf:cb:0e:6d:54:56:b2:98:59:91:ce:32: 1e:27:7f:60:46:94:89:61:f7:8c:06:fc:b4:ed:ff:5b:58:f0: 85:55:de:c1:42:af:22:20:fa:7b:1d:4a:a5:2e:de:59:05:c3: 27:a2:13:f4:2e:b8:0c:b6:50:b3:b1:90:8b:10:cc:e2:5c:00: bc:3d:05:00:1e:13:a0:34:4c:62:1a:39:bf:a9:e8:4f:d9:92: b8:26:b5:38:49:8b:98:cc:b7:47:c1:e7:76:df:08:ff:da:c8: f1:5c:15:da:97:41:a2:85:b5:d0:7d:74:db:b6:db:5b:8e:f1: e6:f3:f9:78:ec:bb:24:d9:68:c2:86:90:c5:04:2f:37:46:82: 3a:00:89:e1:26:9c:dd:38:e3:be:a6:66:72:61:a8:f4:37:af: b3:bc:ff:64:91:a5:1a:fc:22:0b:8e:3c:81:90:6b:05:84:a7: c6:d2:54:f4:49:2f:9d:c3:9d:f5:7a:6f:b5:c8:4f:2a:b5:5b: c2:7a:ea:9d:ea:a2:71:27:a7:1c:05:21:97:36:ef:e0:80:e7: 1c:73:ec:5d Expected results: Signature Algorithm: sha256WithRSAEncryption Additional info: