1415187 - certutil: Don't restrict RSA-PSS certificate to specific hash algorithm unless -Z is given

Status: RESOLVED FIXED

(NSS :: Tools, defect)

Description

[Daiki Ueno [:ueno]]

Attachment: certutil-pss-default.patch

Currently, certutil always restricts the RSA-PSS parameters in subjectPublicKeyInfo to a specific hash algorithm, following the NIST 800-57 recommendation.  Although this is legitimate, it could make signature algorithm negotiation complicated.

The attached patch changes the default back to not restricting hash algorithm.

Comment 1

[Hubert Kario]

Comment on attachment 8925956 [details] [diff] [review]
certutil-pss-default.patch

Review of attachment 8925956 [details] [diff] [review]:
-----------------------------------------------------------------

So if I want to create a certificate signed with a specific algorithm, but that is not restricted to making signatures that use the same hashs, I should first create a CSR (without specifying the -Z option) and then sign the CSR (with specifying the -Z option). Is that correct?

Comment 2

[Daiki Ueno [:ueno]]

Yes.

Comment 3

[Kai Engert (:KaiE:)]

(In reply to Daiki Ueno [:ueno] from comment #0)
> The attached patch changes the default back to not restricting hash
> algorithm.

IIUC, you made a change during the NSS 3.34 development cycle, as part of bug 1400844, and you have discovered that one change  could cause problems, and you would like to revert that change.

We should avoid shipping new behavior, if we know it can be problematic.

Because this is a change only to a tool, not library functionality, I think we can justify adding this fix for the NSS 3.34 release, despite the very late timing.

Comment 4

[Daiki Ueno [:ueno]]

Landed as:

trunk: https://hg.mozilla.org/projects/nss/rev/0e80229a75b5
3.34: https://hg.mozilla.org/projects/nss/rev/a16be5893246