Bug 2012261

Summary: certmonger creates CSRs with invalid DER syntax for X509v3 extensions with critical=FALSE
Product: Red Hat Enterprise Linux 9 Reporter: Rob Crittenden <rcritten>
Component: certmongerAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: high Docs Contact:
Priority: high    
Version: 9.0CC: ipa-qe, ksiddiqu, myusuf
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: certmonger-0.79.14-5.el9 Doc Type: Bug Fix
Doc Text:
Cause: certmonger is encoding a DER default boolean value in the Certificate Signing Request it generates. Consequence: The resulting CSR is not compliant with strict DER readers Fix: Apply the OPTIONAL flag and use the upstream NSS CSR template. Result: The CSR that certmonger generates is valid.
 Story Points: ---
Clone Of: 2012258 Environment:
Last Closed: 2022-05-17 13:13:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2012258, 2015511    
Bug Blocks:    

Description Rob Crittenden 2021-10-08 17:05:00 UTC 
+++ This bug was initially created as a clone of Bug #2012258 +++

Description of problem:

certmonger's template for X509v3 extensions is wrong and generate invalid DER for extensions with critical=FALSE. Since FALSE is the default value, a standard conform CSR or cert must not encode the critical flag.

$ openssl asn1parse -inform PEM -in freeipa.csr
...
  421:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
  426:d=7  hl=2 l=   1 prim: BOOLEAN           :0
  429:d=7  hl=3 l= 135 prim: OCTET STRING      [HEX DUMP]:...

The line BOOLEAN 0 should not be present.

/* RFC 5280, 4.1 */
const SEC_ASN1Template
cm_certext_cert_extension_template[] = {
        {
        .kind = SEC_ASN1_SEQUENCE,
        .offset = 0,
        .sub = NULL,
        .size = sizeof(CERTCertExtension),
        },
        {
        .kind = SEC_ASN1_OBJECT_ID,
        .offset = offsetof(CERTCertExtension, id),
        .sub = NULL,
        .size = sizeof(SECItem),
        },
        {
        .kind = SEC_ASN1_BOOLEAN,
        .offset = offsetof(CERTCertExtension, critical),
        .sub = NULL,
        .size = sizeof(SECItem),
        },
        {
        .kind = SEC_ASN1_OCTET_STRING,
        .offset = offsetof(CERTCertExtension, value),
        .sub = NULL,
        .size = sizeof(SECItem),
        },
        {0, 0, NULL, 0},
};

The correct kind for the critical extension is SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN.

    https://github.com/servo/nss/blob/949eb9848f4fa5f83756f3ab7fdf9b0d3f20d37f/lib/certdb/certdb.c#L50
    https://github.com/pyca/cryptography/issues/6368
    https://pagure.io/freeipa/issue/9005

Version-Release number of selected component (if applicable):

certmonger-0.79.13-3

How reproducible:


Steps to Reproduce:
1. install an IPA server
2. pull the csr= value from /var/lib/certmonger/reqeusts/<some id> into a separate file
3. openssl asn1parse -inform PEM -in /path/to/file

Expected results:

There should be no BOOLEAN value for the critical flag, so nothing between the SAN and the start of the HEX DUMP.

--- Additional comment from Rob Crittenden on 2021-10-08 17:04:16 UTC ---

Fixed in master:

9312d1892c611d9f0e814cb915488182da2b76cc
e3e4679693efc60bc7a25983909ddfa6883ab2ec
Comment 1 Rob Crittenden 2021-10-08 17:10:41 UTC 
Fixed in master:

9312d1892c611d9f0e814cb915488182da2b76cc
e3e4679693efc60bc7a25983909ddfa6883ab2ec
Comment 10 Mohammad Rizwan 2021-12-06 07:30:33 UTC 
version:
certmonger-0.79.14-5.el9.x86_64

[root@master ~]#  openssl asn1parse -inform PEM -in  csr.csr 
    0:d=0  hl=4 l= 987 cons: SEQUENCE          
    4:d=1  hl=4 l= 707 cons: SEQUENCE          
    8:d=2  hl=2 l=   1 prim: INTEGER           :00
   11:d=2  hl=2 l=  55 cons: SEQUENCE          
   13:d=3  hl=2 l=  22 cons: SET               
   15:d=4  hl=2 l=  20 cons: SEQUENCE          
   17:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   22:d=5  hl=2 l=  13 prim: UTF8STRING        :TESTRELM.TEST
   37:d=3  hl=2 l=  29 cons: SET               
   39:d=4  hl=2 l=  27 cons: SEQUENCE          
   41:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   46:d=5  hl=2 l=  20 prim: PRINTABLESTRING   :master.testrelm.test
   68:d=2  hl=4 l= 290 cons: SEQUENCE          
   72:d=3  hl=2 l=  13 cons: SEQUENCE          
   74:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   85:d=4  hl=2 l=   0 prim: NULL              
   87:d=3  hl=4 l= 271 prim: BIT STRING        
  362:d=2  hl=4 l= 349 cons: cont [ 0 ]        
  366:d=3  hl=2 l=  43 cons: SEQUENCE          
  368:d=4  hl=2 l=   9 prim: OBJECT            :friendlyName
  379:d=4  hl=2 l=  30 cons: SET               
  381:d=5  hl=2 l=  28 prim: BMPSTRING         
  411:d=3  hl=4 l= 300 cons: SEQUENCE          
  415:d=4  hl=2 l=   9 prim: OBJECT            :Extension Request
  426:d=4  hl=4 l= 285 cons: SET               
  430:d=5  hl=4 l= 281 cons: SEQUENCE          
  434:d=6  hl=3 l= 184 cons: SEQUENCE          
  437:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
  442:d=7  hl=3 l= 176 prim: OCTET STRING      [HEX DUMP]:3081AD82146D61737465722E7465737472656C6D2E7465737482146970612D63612E7465737472656C6D2E74657374A037060A2B060104018237140203A0290C27485454502F6D61737465722E7465737472656C6D2E74657374405445535452454C4D2E54455354A04606062B0601050202A03C303AA00F1B0D5445535452454C4D2E54455354A1273025A003020101A11E301C1B04485454501B146D61737465722E7465737472656C6D2E74657374
  621:d=6  hl=2 l=  12 cons: SEQUENCE          
  623:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  628:d=7  hl=2 l=   1 prim: BOOLEAN           :255
  631:d=7  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
  635:d=6  hl=2 l=  29 cons: SEQUENCE          
  637:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  642:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414C059283DF9E5D1C3F46A90BAB72AFA144D06415C
  666:d=6  hl=2 l=  47 cons: SEQUENCE          
  668:d=7  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2
  679:d=7  hl=2 l=  34 prim: OCTET STRING      [HEX DUMP]:1E200063006100490050004100730065007200760069006300650043006500720074
  715:d=1  hl=2 l=  13 cons: SEQUENCE          
  717:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
  728:d=2  hl=2 l=   0 prim: NULL              
  730:d=1  hl=4 l= 257 prim: BIT STRING        
[root@master ~]# 



There is no boolean between SAN and hex dump, Hence marking as verified.
Comment 12 errata-xmlrpc 2022-05-17 13:13:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: certmonger), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2478