Hide Forgot
Description of problem: 1. The --pss option to certutil is undocumented 2. NSS will self-sign RSA-PSS certificates using RSASSA-PKCS#1 v1.5 algorithm 3. NSS recognised empty RSA-PSS certificate public key parameters as invalid 4. There is no documented way how to create regular RSA certificates with RSA-PSS signature Version-Release number of selected component (if applicable): upstream 3.29.2 beta How reproducible: Always Steps to Reproduce: mkdir nssdb/ certutil -N --empty-password -d sql:nssdb/ dd if=/dev/urandom of=noise bs=1 count=32 certutil -S -z ./noise -n rsaca -s "cn=RSA PSS Testing CA" -t "C,C,C" -m 1000 -Z SHA256 -k rsa -g 2048 -x -v 12 -d sql:nssdb/ --keyUsage digitalSignature,certSigning,crlSigning,critical -2 --pss Generating key. This may take a few moments... Is this a CA certificate [y/N]? y Enter the path length constraint, enter to skip [<0 for unlimited path]: > 0 Is this a critical extension [y/N]? y certutil -L -d sql:nssdb/ -n rsaca Certificate: Data: Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: "CN=RSA PSS Testing CA" Validity: Not Before: Tue Feb 21 15:05:16 2017 Not After : Wed Feb 21 15:05:16 2018 Subject: "CN=RSA PSS Testing CA" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA-PSS Signature Parameters: Invalid RSA-PSS parameters RSA Public Key: Modulus: ed:b7:3f:87:de:a9:3a:03:d4:08:13:aa:b5:ab:b6:9a: 8f:e9:35:71:28:d4:db:e2:77:48:0b:e6:d8:8a:9b:98: 36:a3:e5:dc:cc:93:02:d1:3a:44:ac:29:db:d0:fc:94: a2:0d:ae:c1:f2:1c:40:1a:b8:0b:d3:45:0c:30:33:7a: 85:98:e4:f9:5c:bc:98:75:73:92:5c:85:25:5a:da:ba: d6:77:f6:96:35:d2:43:b3:da:b5:4e:e4:e5:d3:0a:1d: 69:dc:c9:76:47:af:a3:08:3c:1b:7b:3f:7f:1b:aa:32: 11:56:17:37:11:e0:62:8c:bf:6e:21:b2:bc:df:da:b7: b8:f5:64:d4:91:d6:01:77:3b:62:b3:e7:4b:00:29:23: 7b:be:e7:b0:f5:dd:5f:75:87:45:06:9e:0f:17:9b:95: 34:57:d4:5e:90:7c:8a:2f:c9:fa:13:a3:3b:78:da:e4: a4:e8:2f:aa:61:b1:1b:43:d3:e2:d0:a0:cb:6b:9e:55: 36:d6:f7:e2:44:51:6a:2f:b0:0a:e7:88:36:84:a1:aa: ee:39:16:c9:93:03:75:11:56:69:f9:d7:35:0e:69:5d: 43:f6:24:6f:fc:c9:6a:26:92:07:6f:a0:f3:a2:03:d3: dc:01:73:05:f2:7a:02:e6:bb:2a:53:22:52:c7:ce:d7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Critical: True Data: Is a CA with a maximum path length of 0. Name: Certificate Key Usage Critical: True Usages: Digital Signature Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 1c:94:85:0f:61:1b:44:65:57:10:5e:07:e8:d6:58:4c: 6c:b4:fa:86:b7:72:81:4f:ac:1c:b4:78:4f:f1:26:8d: 44:0c:9b:98:ef:c4:fa:04:06:aa:73:3f:b3:08:b9:d1: fc:7e:2b:69:8d:9b:a3:03:14:7b:9f:cb:76:75:d4:e6: 2c:3b:d0:b3:5a:a8:0d:2e:c4:27:fe:dc:35:28:87:6b: 52:05:5a:68:46:3e:44:21:06:9c:77:0e:38:e8:ca:53: 9c:5b:24:e6:38:7b:4e:b8:ab:7a:fa:2f:de:35:5f:f8: 7b:bc:f5:dd:c4:cb:7a:c4:08:7c:14:74:6c:df:2d:6f: 6b:da:ac:f3:d6:5c:98:86:fa:a2:95:74:8f:5b:91:5c: 68:31:38:8a:47:6b:d7:78:f5:4e:5c:3b:02:1f:ae:9f: 55:55:dd:2f:23:b5:49:cb:e9:fc:b3:98:ab:43:c8:3f: 9b:96:59:b8:0e:72:b6:c9:4c:20:7c:3f:43:8b:4c:e3: 69:8e:de:9c:eb:6f:8e:7a:1d:e1:a8:37:f6:ea:68:76: cd:92:46:0e:92:7f:af:47:cc:2a:27:d1:31:d0:2f:75: ea:9c:a6:14:86:ea:11:9d:f8:0e:c3:b0:84:c3:9f:b5: f7:60:ba:61:bc:0f:fb:3b:6a:98:1d:3f:91:d9:bd:01 Fingerprint (SHA-256): E8:48:C6:D7:A5:41:6D:10:CE:78:E2:8A:2F:DE:7F:D4:91:05:30:FC:51:B9:02:6F:A9:85:14:E9:DD:77:59:59 Fingerprint (SHA1): 24:2F:67:6B:5C:0D:5B:24:16:9D:C7:ED:6B:EC:7F:21:AA:6E:82:9F Mozilla-CA-Policy: false (attribute missing) Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Email Flags: Valid CA Trusted CA User Object Signing Flags: Valid CA Trusted CA User at the same time, openssl recognises it as "No PSS parameter restrictions": openssl x509 -in cert.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: sha256WithRSAEncryption Issuer: CN = RSA PSS Testing CA Validity Not Before: Feb 21 15:05:16 2017 GMT Not After : Feb 21 15:05:16 2018 GMT Subject: CN = RSA PSS Testing CA Subject Public Key Info: Public Key Algorithm: rsassaPss RSA-PSS Public-Key: (2048 bit) Modulus: 00:ed:b7:3f:87:de:a9:3a:03:d4:08:13:aa:b5:ab: b6:9a:8f:e9:35:71:28:d4:db:e2:77:48:0b:e6:d8: 8a:9b:98:36:a3:e5:dc:cc:93:02:d1:3a:44:ac:29: db:d0:fc:94:a2:0d:ae:c1:f2:1c:40:1a:b8:0b:d3: 45:0c:30:33:7a:85:98:e4:f9:5c:bc:98:75:73:92: 5c:85:25:5a:da:ba:d6:77:f6:96:35:d2:43:b3:da: b5:4e:e4:e5:d3:0a:1d:69:dc:c9:76:47:af:a3:08: 3c:1b:7b:3f:7f:1b:aa:32:11:56:17:37:11:e0:62: 8c:bf:6e:21:b2:bc:df:da:b7:b8:f5:64:d4:91:d6: 01:77:3b:62:b3:e7:4b:00:29:23:7b:be:e7:b0:f5: dd:5f:75:87:45:06:9e:0f:17:9b:95:34:57:d4:5e: 90:7c:8a:2f:c9:fa:13:a3:3b:78:da:e4:a4:e8:2f: aa:61:b1:1b:43:d3:e2:d0:a0:cb:6b:9e:55:36:d6: f7:e2:44:51:6a:2f:b0:0a:e7:88:36:84:a1:aa:ee: 39:16:c9:93:03:75:11:56:69:f9:d7:35:0e:69:5d: 43:f6:24:6f:fc:c9:6a:26:92:07:6f:a0:f3:a2:03: d3:dc:01:73:05:f2:7a:02:e6:bb:2a:53:22:52:c7: ce:d7 Exponent: 65537 (0x10001) No PSS parameter restrictions X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption 1c:94:85:0f:61:1b:44:65:57:10:5e:07:e8:d6:58:4c:6c:b4: fa:86:b7:72:81:4f:ac:1c:b4:78:4f:f1:26:8d:44:0c:9b:98: ef:c4:fa:04:06:aa:73:3f:b3:08:b9:d1:fc:7e:2b:69:8d:9b: a3:03:14:7b:9f:cb:76:75:d4:e6:2c:3b:d0:b3:5a:a8:0d:2e: c4:27:fe:dc:35:28:87:6b:52:05:5a:68:46:3e:44:21:06:9c: 77:0e:38:e8:ca:53:9c:5b:24:e6:38:7b:4e:b8:ab:7a:fa:2f: de:35:5f:f8:7b:bc:f5:dd:c4:cb:7a:c4:08:7c:14:74:6c:df: 2d:6f:6b:da:ac:f3:d6:5c:98:86:fa:a2:95:74:8f:5b:91:5c: 68:31:38:8a:47:6b:d7:78:f5:4e:5c:3b:02:1f:ae:9f:55:55: dd:2f:23:b5:49:cb:e9:fc:b3:98:ab:43:c8:3f:9b:96:59:b8: 0e:72:b6:c9:4c:20:7c:3f:43:8b:4c:e3:69:8e:de:9c:eb:6f: 8e:7a:1d:e1:a8:37:f6:ea:68:76:cd:92:46:0e:92:7f:af:47: cc:2a:27:d1:31:d0:2f:75:ea:9c:a6:14:86:ea:11:9d:f8:0e: c3:b0:84:c3:9f:b5:f7:60:ba:61:bc:0f:fb:3b:6a:98:1d:3f: 91:d9:bd:01 but looking at ASN.1 decoding, it looks like they are simply missing: openssl asn1parse -in cert.pem 0:d=0 hl=4 l= 730 cons: SEQUENCE 4:d=1 hl=4 l= 450 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 2 prim: INTEGER :03E8 17:d=2 hl=2 l= 13 cons: SEQUENCE 19:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 30:d=3 hl=2 l= 0 prim: NULL 32:d=2 hl=2 l= 29 cons: SEQUENCE 34:d=3 hl=2 l= 27 cons: SET 36:d=4 hl=2 l= 25 cons: SEQUENCE 38:d=5 hl=2 l= 3 prim: OBJECT :commonName 43:d=5 hl=2 l= 18 prim: PRINTABLESTRING :RSA PSS Testing CA 63:d=2 hl=2 l= 30 cons: SEQUENCE 65:d=3 hl=2 l= 13 prim: UTCTIME :170221150516Z 80:d=3 hl=2 l= 13 prim: UTCTIME :180221150516Z 95:d=2 hl=2 l= 29 cons: SEQUENCE 97:d=3 hl=2 l= 27 cons: SET 99:d=4 hl=2 l= 25 cons: SEQUENCE 101:d=5 hl=2 l= 3 prim: OBJECT :commonName 106:d=5 hl=2 l= 18 prim: PRINTABLESTRING :RSA PSS Testing CA 126:d=2 hl=4 l= 288 cons: SEQUENCE 130:d=3 hl=2 l= 11 cons: SEQUENCE 132:d=4 hl=2 l= 9 prim: OBJECT :rsassaPss 143:d=3 hl=4 l= 271 prim: BIT STRING 418:d=2 hl=2 l= 38 cons: cont [ 3 ] 420:d=3 hl=2 l= 36 cons: SEQUENCE 422:d=4 hl=2 l= 18 cons: SEQUENCE 424:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 429:d=5 hl=2 l= 1 prim: BOOLEAN :255 432:d=5 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020100 442:d=4 hl=2 l= 14 cons: SEQUENCE 444:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 449:d=5 hl=2 l= 1 prim: BOOLEAN :255 452:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020186 458:d=1 hl=2 l= 13 cons: SEQUENCE 460:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 471:d=2 hl=2 l= 0 prim: NULL 473:d=1 hl=4 l= 257 prim: BIT STRING openssl asn1parse -in cert.pem -strparse 143 0:d=0 hl=4 l= 266 cons: SEQUENCE 4:d=1 hl=4 l= 257 prim: INTEGER :EDB73F87DEA93A03D40813AAB5ABB69A8FE9357128D4DBE277480BE6D88A9B9836A3E5DCCC9302D13A44AC29DBD0FC94A20DAEC1F21C401AB80BD3450C30337A8598E4F95CBC987573925C85255ADABAD677F69635D243B3DAB54EE4E5D30A1D69DCC97647AFA3083C1B7B3F7F1BAA321156173711E0628CBF6E21B2BCDFDAB7B8F564D491D601773B62B3E74B0029237BBEE7B0F5DD5F758745069E0F179B953457D45E907C8A2FC9FA13A33B78DAE4A4E82FAA61B11B43D3E2D0A0CB6B9E5536D6F7E244516A2FB00AE7883684A1AAEE3916C9930375115669F9D7350E695D43F6246FFCC96A2692076FA0F3A203D3DC017305F27A02E6BB2A532252C7CED7 265:d=1 hl=2 l= 3 prim: INTEGER :010001 Additional info:
It isn't clear if we'll be able to get these issues fixed for rhel 7.4.0, and who will work on them. Volunteers welcome. Bob suggested, it would be good to get the incorrect behavior fixed, because if we ship an incorrect behavior in 7.4.0, it would be difficult to switch to a different behavior in later 7.x releases.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0679