Closed
Bug 1415171
Opened 7 years ago
Closed 7 years ago
cryptohi: Fix handling of default parameters in non-empty RSS-PSS parameters field
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.35
People
(Reporter: ueno, Assigned: ueno)
References
Details
Attachments
(1 file)
certutil refuses to create an RSA-PSS signature on certificate, if the issuer's certificate has a subjectPublicKeyInfo with default RSA-PSS parameters (i.e. SHA-1): dd if=/dev/urandom of=noise bs=1 count=32 rm -rf nssdb mkdir nssdb certutil -N -d sql:nssdb --empty-password # Create a CA cert certutil -S -d sql:nssdb -z noise -n pssca -s "cn=RSA-PSS Testing CA" -t "C,C,C" -m 1000 -Z SHA1 -k rsa --pss -g 2048 -x -v 12 --keyUsage digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,certSigning,crlSigning,critical -2 certutil -L -d sql:nssdb -n pssca | grep -A6 'Subject Public Key Info:' Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA-PSS Signature Parameters: Hash algorithm: default, SHA-1 Mask algorithm: default, MGF1 Mask hash algorithm: default, SHA-1 Salt length: default, 20 (0x14) # Create a user cert signed with the CA cert certutil -S -d sql:nssdb -z noise -n psssrv -s "o=RSA-PSS Testing,cn=localhost" -t "u,u,u" -m 2002 -Z SHA1 -k rsa -g 1024 -c pssca -v 12 --keyUsage digitalSignature,keyAgreement,critical -2 -8 localhost Could not sign encoded certificate data. certutil: unable to create cert (security library: invalid arguments.) I have filed a patch at: https://phabricator.services.mozilla.com/D202
Comment 1•7 years ago
|
||
Comment on attachment 8925929 [details] Bug 1415171, Fix handling of default RSA-PSS parameters, r=mt Martin Thomson [:mt:] has approved the revision. https://phabricator.services.mozilla.com/D202#5091
Attachment #8925929 -
Flags: review+
Assignee | ||
Comment 2•7 years ago
|
||
Landed as: https://hg.mozilla.org/projects/nss/rev/6da6e699fa02
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.35
Updated•6 years ago
|
Attachment #8925929 -
Attachment description: Fix handling of default RSA-PSS parameters → Bug 1415171, Fix handling of default RSA-PSS parameters, r=mt
Updated•6 years ago
|
Assignee: nobody → dueno
You need to log in
before you can comment on or make changes to this bug.
Description
•