Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certs are always signed with SHA1 (regardless of config.yaml settings) unless explicitly overridden with request params #115

Open
olcryx opened this issue Oct 17, 2016 · 5 comments
Open

Certs are always signed with SHA1 (regardless of config.yaml settings) unless explicitly overridden with request params #115

olcryx opened this issue Oct 17, 2016 · 5 comments

Comments

@olcryx
Copy link

olcryx commented Oct 17, 2016

I setup 2 CAs (an offline root CA and a networked intermediate signing CA) mostly by following the tutorial at langui.sh (using "gem install" to grab the r509 gems, rather than building afresh from a git clone.)

On both, config.yaml contains the following stanzas for all profiles:
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
- SHA1

and yet the resultant certs are SHA1 when I run r509 at the command line to gen the root cert and/or hit the test interface on the intermediate to sign a CSR:

[root@DEN-DO-OPS-01 r509ca-g1]# r509 --out test1.cer --keyout test1.key
CSR Bit Length (2048):
Message Digest (SHA1):SHA256
C (US): 
ST (Illinois): Colorado
L (Chicago): Broomfield
O (r509 LLC): Alteryx, Inc.
OU (null by default): DevOps
CN: test certificate (do NOT use in production)
SAN Domains (comma separated):
Self-signed cert duration in days (null disables self-sign):10
/C=US/ST=Colorado/L=Broomfield/O=Alteryx, Inc./OU=DevOps/CN=test certificate (do NOT use in production)
[root@DEN-DO-OPS-01 r509ca-g1]# openssl x509 -text -noout -in test1.cer | grep Signature
    Signature Algorithm: sha1WithRSAEncryption
    Signature Algorithm: sha1WithRSAEncryption

Do I need to build from scratch and incorporate pcabido's PR #114 to get SHA256 at all, or is there something I'm missing somewhere?
@olcryx
Copy link
Author

olcryx commented Oct 18, 2016
edited

Hm. As far as the commandline r509 tool goes, this appears to be a problem only with the interactive generation; if I skip interactive and supply all values as arguments it works:

[ocraig@DEN-DO-OPS-01 r509]$ r509 -m sha256 -d 10 -b 2048 -o test3.cer -k test3.key -s /CN=Alteryx\ test\ \(g1\)/O=Alteryx,\ Inc./C=US/ST=Colorado/L=Broomfield/OU=DevOps
/CN=Alteryx test (g1)/O=Alteryx, Inc./C=US/ST=Colorado/L=Broomfield/OU=DevOps
[ocraig@DEN-DO-OPS-01 r509]$ openssl x509 -text -noout < test3.cer | grep Signature
    Signature Algorithm: sha256WithRSAEncryption
    Signature Algorithm: sha256WithRSAEncryption

With that revelation, I used @rjes's ever-so-helpful curl/python one-liner from r509-ca-http issue#38 to poke at this a bit, and found that regardless of the default_md setting in config.yaml, r509 will sign certs with SHA1 unless explicitly supplied with a message_digest argument. This is true even when SHA1 is not listed in allowed_mds. So I have a workaround, but it still seems like a flaw that should be fixed.

@olcryx olcryx changed the title Certs created with SHA1 despite speccing SHA256 both as default in config.yaml and explicitly in request Certs are always signed with SHA1 (regardless of config.yaml settings) unless explicitly overridden with request params Oct 18, 2016
@reaperhulk
Copy link
Member

Interesting. When issuing a cert it should be calling the options builder and then passing the resulting hash to sign. The options builder has this line: https://github.com/r509/r509/blob/master/lib/r509/certificate_authority/options_builder.rb#L76 which should use the default_md if no message digest is supplied. Apparently that isn't working?

@olcryx
Copy link
Author

olcryx commented Oct 18, 2016

As I read that (but bear in mind I'm no Ruby expert) the line you cite shouldn't be reached unless the profile doesn't restrict allowed_mds. All of my profiles do, and at the moment none of them contain SHA1, so I should be raising an exception at https://github.com/r509/r509/blob/master/lib/r509/certificate_authority/options_builder.rb#L72 -- but I don't. In fact, running the r509 CLI in interactive mode I can request a bogus MD (see below) and it still completes (and writes SHA1) which makes me think that the test for allowed_mds && requested_md at https://github.com/r509/r509/blob/master/lib/r509/certificate_authority/options_builder.rb#L68 is returning false. Any chance one of those two is not yet populated when this code gets called?

[ocraig@DEN-DO-OPS-01 ~]$ r509 --out test4.cer --keyout test4.key
CSR Bit Length (2048):
Message Digest (SHA1):SHAzam
C (US): 
ST (Illinois): 
L (Chicago): 
O (r509 LLC): 
OU (null by default): 
CN: test cert
SAN Domains (comma separated):
Self-signed cert duration in days (null disables self-sign):10
Password to encrypt generated key (empty disables encryption):
/C=US/ST=Illinois/L=Chicago/O=r509 LLC/CN=test cert
[ocraig@DEN-DO-OPS-01 ~]$ openssl x509 -text -noout -in test4.cer | grep Signature
    Signature Algorithm: sha1WithRSAEncryption
    Signature Algorithm: sha1WithRSAEncryption

@olcryx
Copy link
Author

olcryx commented Oct 18, 2016

Ah, hang on -- the CLI tool (r509 --out foo --keyout bar) doesn't read config.yaml. So yeah, allowed_mds is not populated and my test is invalid for finding a flaw in the service.

This doesn't explain why default_md is ignored when running the actual service -- unless the service is also ignoring config.yaml which seems improbable.

@reaperhulk
Copy link
Member

Hmm, well if you have an environment that can reproduce this I'd suggest putting some debug statements in where the md enforcement is supposed to occur so we can see what's going on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reaperhulk @olcryx