On Wed, 2014-08-27 at 14:57 +0100, Joe Orton wrote:
> Hi Simo - thanks for sending this in! I'm fine with adding this. One
> question - this part looks a bit magic:
>
> On Tue, Aug 05, 2014 at 06:24:29PM -0400, Simo Sorce wrote:
> > + } else if (x != NULL) {
> > + const EVP_MD *md;
> > +
> > + md = EVP_get_digestbynid(OBJ_obj2nid(x->sig_alg->algorithm));
> > + if (md == NULL ||
> > + md == EVP_md5() ||
> > + md == EVP_sha1()) {
> > + md = EVP_sha256();
> > + }
> > + if (!X509_digest(x, md, cb, &l)) {
> > + return APR_EGENERAL;
> > + }
>
> I get "pick a better digest" - is this specified in the RFC?
Yes the spec is "strange" wrt digest, which is why the code looks
strange too, here is the quote from RFC 5929 (4.1):
o if the certificate's signatureAlgorithm uses a single hash
function, and that hash function is either MD5 [RFC1321] or SHA-1
[RFC3174], then use SHA-256 [FIPS-180-3];
o if the certificate's signatureAlgorithm uses a single hash
function and that hash function neither MD5 nor SHA-1, then use
the hash function associated with the certificate's
signatureAlgorithm;
The code implements this recommendation literally.
HTH,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
