On Wed, Oct 01, 2014 at 10:53:34AM +0100, Stuart Henderson wrote:
> On 2014/10/01 19:05, Joel Sing wrote:
> > > I should also add that the other obvious/easy "fix" is to initialise
> > > digest
> > > in openssl/req.c to the SHA-256 EVP. That only changes 'openssl req'
> > > though.
> > >
> > > > (and yes, clearly I've spent too much time in this code base recently...
> > > > :)
> > > >
> > > > > Index: openssl.cnf
> > > > > ===================================================================
> > > > > RCS file: /cvs/src/lib/libcrypto/openssl.cnf,v
> > > > > retrieving revision 1.1
> > > > > diff -u -p -r1.1 openssl.cnf
> > > > > --- openssl.cnf 11 Apr 2014 22:51:53 -0000 1.1
> > > > > +++ openssl.cnf 30 Sep 2014 22:42:53 -0000
> > > > > @@ -7,7 +7,8 @@
> > > > >
> > > > > ####################################################################
> > > > > [ req ]
> > > > > -default_bits = 1024
> > > > > +default_bits = 2048
> > > > > +default_md = sha256
> > > > > default_keyfile = privkey.pem
> > > > > distinguished_name = req_distinguished_name
> > > > > attributes = req_attributes
> >
> > The following does this, however note that the default_bits of 1024 from
> > openssl.cnf trumps the 2048 in the define... we probably should also stop
> > making EVP_des_ede3_cbc() the default cipher...
>
> I think I prefer it this way (changing usr.bin/openssl rather than
> the library) as there's less risk of impact in unpredictable areas.
> How about this one?
Any reason to not change the default for crl/ocsp/fingerprints as well?
It looks like openssl(1) could use updating:
"The digest of choice for all new applications is SHA1."
Index: crl.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/crl.c,v
retrieving revision 1.9
diff -u -p -r1.9 crl.c
--- crl.c 17 Oct 2015 15:00:11 -0000 1.9
+++ crl.c 20 Oct 2015 04:48:26 -0000
@@ -243,7 +243,7 @@ crl_main(int argc, char **argv)
}
}
- digest = EVP_sha1();
+ digest = EVP_sha256();
memset(&crl_config, 0, sizeof(crl_config));
crl_config.informat = FORMAT_PEM;
Index: ocsp.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/ocsp.c,v
retrieving revision 1.7
diff -u -p -r1.7 ocsp.c
--- ocsp.c 17 Oct 2015 15:00:11 -0000 1.7
+++ ocsp.c 20 Oct 2015 04:47:42 -0000
@@ -355,7 +355,7 @@ ocsp_main(int argc, char **argv)
if (!cert)
goto end;
if (!cert_id_md)
- cert_id_md = EVP_sha1();
+ cert_id_md = EVP_sha256();
if (!add_ocsp_cert(&req, cert, cert_id_md,
issuer, ids))
goto end;
if (!sk_OPENSSL_STRING_push(reqnames, *args))
@@ -366,7 +366,7 @@ ocsp_main(int argc, char **argv)
if (args[1]) {
args++;
if (!cert_id_md)
- cert_id_md = EVP_sha1();
+ cert_id_md = EVP_sha256();
if (!add_ocsp_serial(&req, *args, cert_id_md,
issuer, ids))
goto end;
if (!sk_OPENSSL_STRING_push(reqnames, *args))
Index: x509.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/x509.c,v
retrieving revision 1.12
diff -u -p -r1.12 x509.c
--- x509.c 17 Oct 2015 15:00:11 -0000 1.12
+++ x509.c 20 Oct 2015 04:50:25 -0000
@@ -788,7 +788,7 @@ bad:
const EVP_MD *fdig = digest;
if (!fdig)
- fdig = EVP_sha1();
+ fdig = EVP_sha256();
if (!X509_digest(x, fdig, md, &n)) {
BIO_printf(bio_err, "out of memory\n");
