Re: openssl.cnf req defaults -> default_md sha256

Wed, 01 Oct 2014 01:45:26 -0700 

On Wed, 1 Oct 2014, Stuart Henderson wrote:
> Over the coming months, web browsers will progressively start to first
> warn for certificate chains including SHA-1 hashes, then treat them
> as insecure (including disabling certain content - scripts etc).
> Chrome are initially doing this for certs expiring after Jan 2017,
> but will progressively slide it forward to certs expiring after
> Jan 2016.
>
> Since my previous attempt to at least show this in ssl(8) examples
> for "openssl req" a few months ago, I've spent some time digging for
> where the defaults are set in the code as a nicer place to set sane
> values, but haven't tracked it down yet. Would it be OK to set it
> in the default config for now? (or does anyone have an idea of where
> in the code this comes from?)

Welcome to libkitchensink...

I'd need to quadruple check, however this should come from openssl/req.c 
do_X509_sign() being called with a NULL digest, which calls openssl/req.c 
do_sign_init() with a NULL md, which calls crypto/evp/m_sigver.c 
EVP_DigestSignInit() with md being NULL, which calls crypto/evp/m_sigver.c 
do_sigver_init() with type being NULL, which results in:

        if (type == NULL) {
                int def_nid;
                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
                        type = EVP_get_digestbynid(def_nid);
        }

EVP_PKEY_get_default_digest_nid() returns the default digest associated with 
the given PKEY. Since you're using RSA, pkey_ctrl is implemented by 
crypto/rsa/rsa_ameth.c rsa_pkey_ctrl(), which has:

        case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                *(int *)arg2 = NID_sha1;
                return 1;

Catch all that?

To make SHA-256 the default for RSA, we'd have to change that from NID_sha1 to 
NID_sha256...

(and yes, clearly I've spent too much time in this code base recently... :)

> Index: openssl.cnf
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/openssl.cnf,v
> retrieving revision 1.1
> diff -u -p -r1.1 openssl.cnf
> --- openssl.cnf       11 Apr 2014 22:51:53 -0000      1.1
> +++ openssl.cnf       30 Sep 2014 22:42:53 -0000
> @@ -7,7 +7,8 @@
>
>  ####################################################################
>  [ req ]
> -default_bits         = 1024
> +default_bits         = 2048
> +default_md           = sha256
>  default_keyfile      = privkey.pem
>  distinguished_name   = req_distinguished_name
>  attributes           = req_attributes



-- 

    "Action without study is fatal. Study without action is futile."
        -- Mary Ritter Beard

Reply via email to