Bug 921108 - Regression: keyutils fails to generate ssl certificate because of invalid md5 signature default
Regression: keyutils fails to generate ssl certificate because of invalid md5...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: crypto-utils (Show other bugs)
6.4
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Joe Orton
BaseOS QE Security Team
:
Depends On:
Blocks: 1002711
  Show dependency treegraph
 
Reported: 2013-03-13 09:43 EDT by Philipp Gassmann
Modified: 2013-12-30 14:19 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-06 21:41:43 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 333563 None None None Never

  None (edit)
Description Philipp Gassmann 2013-03-13 09:43:22 EDT
Description of problem:
Since EL 6.4, a new version of NSS considers MD5 signatures as invalid. [1]
keyutils generated ssl certificates with md5 signatures.
Since EL 6.4 trying to generate a ssl self-signed certificate leads to segfault.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. # /usr/bin/keyutil -c genreq -g 2048 -s "CN=server.example.com, O=Example, L=Bern, ST=Bern, C=CH" -v 36 -a -o server.example.com.csr -k server.example.com.key
2. # /usr/bin/keyutil -c makecert -g 2048 -k server.example.com.key -s "CN=server.example.com, O=Example, L=Bern, ST=Bern, C=CH" -v 36 -a -o server.example.com.crt
3.
  
Actual results:
[...]
Generating key. This may take a few moments...

Made a key
Opened tmprequest for writing
(null): bad certificate request
: error -8016
(null): Segmentation fault (core dumped)

# ls -lah
total 20K
drwxr-xr-x   2 root root 4.0K Mar 13 14:31 .
dr-xr-x---. 13 root root 4.0K Mar 13 13:21 ..
-rw-r-----   1 root root    0 Mar 13 14:31 server.example.com.crt
-rw-r-----   1 root root 1007 Mar 13 14:30 server.example.com.csr
-rw-r-----   1 root root 1.7K Mar 13 14:30 server.example.com.key

Expected results:

Valid Certificate



Additional info:

Manual creation works (creates an sha1 signed certificate):
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 1095 -key ca.key -out ca.crt  -subj "/CN=ca.puzzle.ch /O=Puzzle ITC/L=Bern/ST=Bern/C=CH"
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/CN=server.example.com/O=Puzzle ITC/L=Bern/ST=Bern/C=CH" 
openssl x509 -req -days 1095 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -out server.crt 
openssl x509 -in server.crt -text

Signature Algorithm: sha1WithRSAEncryption


[1] "The upstream Mozilla NSS disabled support for MD5 hash signed
certificates in the 3.14 release, which was added to CentOS 6.4."
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.4#head-a39645d5503daf52829401f298c60712af070009
Comment 2 James Hartsock 2013-03-18 19:02:12 EDT
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes
~~~
Changes in NSS 3.14

Certificate signatures that make use of the MD5 hash algorithm will now be rejected by default. Support for MD5 may be manually enabled (but is discouraged) by setting the environment variable of "NSS_HASH_ALG_SUPPORT=+MD5" or by using the NSS_SetAlgorithmPolicy function. Note that SSL cipher suites with "MD5" in their names are NOT disabled by this change; those cipher suites use HMAC-MD5, not plain MD5, and are still considered safe.
~~~




Here can see RHEL 6.4 updated system (ie. nss 3.14) fails 
~~~
# rpm -q nss nss-sysinit nss-tools nss-util
nss-3.14.0.0-12.el6.x86_64
nss-sysinit-3.14.0.0-12.el6.x86_64
nss-tools-3.14.0.0-12.el6.x86_64
nss-util-3.14.0.0-2.el6.x86_64

# unset NSS_HASH_ALG_SUPPORT

# yes | /usr/bin/keyutil -c makecert -g 2048 -k /tmp/server.key -s "CN=server.domain.com, O=Example" -v 36 -a -o /tmp/server.crt 2>&1 | tail -n 5
Generating key. This may take a few moments...

(null): bad certificate request
: error -8016
(null): 
~~~



Then with NSS_HASH_ALG_SUPPORT set to include MD5 we have success:
~~~
# export NSS_HASH_ALG_SUPPORT=+MD5
# yes | /usr/bin/keyutil -c makecert -g 2048 -k /tmp/server.key -s "CN=server.domain.com, O=Example" -v 36 -a -o /tmp/server.crt 2>&1 | tail -n 7
output will be written to /tmp/server.crt
Made a key
Opened tmprequest for writing
Created a certificate
Wrote 1682 bytes of encoded data to /tmp/server.key 
Wrote the key to:
/tmp/server.key
~~~






Also with downgrade of nss to 3.13.6 resolves issue
~~~
# yum -y downgrade nss-3.13.6-2.el6_3 nss-sysinit-3.13.6-2.el6_3 nss-tools-3.13.6-2.el6_3 nss-util-3.13.6-1.el6_3

# unset NSS_HASH_ALG_SUPPORT

# yes | /usr/bin/keyutil -c makecert -g 2048 -k /tmp/server.key -s "CN=server.domain.com, O=Example" -v 36 -a -o /tmp/server.crt 2>&1 | tail -n 7
output will be written to /tmp/server.crt
Made a key
Opened tmprequest for writing
Created a certificate
Wrote 1682 bytes of encoded data to /tmp/server.key 
Wrote the key to:
/tmp/server.key
~~~
Comment 6 Andrius Benokraitis 2013-10-06 21:41:43 EDT
This Bugzilla has been reviewed by Red Hat and is not planned on being addressed in Red Hat Enterprise Linux 6, and will be closed. If this bug is critical to production systems, please contact your Red Hat support representative and provide sufficient business justification.
Comment 7 Ryan Sawhill 2013-12-30 14:07:11 EST
For the record: This bug was fixed with the release of updated NSS packages in RHEL 6.5 that reverted the change made in RHEL 6.4.

See the 6.5 Technical Notes -- specifically, the explanation about bz 918136, quoted for convenience:

> With the 3.14 upstream version of the nss package, support for 
> certificate signatures using the MD5 hash algorithm in digital 
> signatures has been disabled by default. However, certain websites 
> still use MD5-based signatures and therefore an attempt to access such 
> a website failed with an error. With this update, MD5 hash algorithm in 
> digital signatures is supported again so that users can connect to the 
> websites using this algorithm as expected. 

( https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/nss-and-nspr.html#RHBA-2013-1558 )

The wording is a bit odd (because this doesn't just affect users connecting to websites ...) but I've tested and can confirm that genkey works again in RHEL 6.5 (or simply 6.4 with updated nss packages).

Note You need to log in before you can comment on or make changes to this bug.