On Wed, Oct 01, 2014 at 10:53:34AM +0100, Stuart Henderson wrote: > On 2014/10/01 19:05, Joel Sing wrote: > > > I should also add that the other obvious/easy "fix" is to initialise > > > digest > > > in openssl/req.c to the SHA-256 EVP. That only changes 'openssl req' > > > though. > > > > > > > (and yes, clearly I've spent too much time in this code base recently... > > > > :) > > > > > > > > > Index: openssl.cnf > > > > > =================================================================== > > > > > RCS file: /cvs/src/lib/libcrypto/openssl.cnf,v > > > > > retrieving revision 1.1 > > > > > diff -u -p -r1.1 openssl.cnf > > > > > --- openssl.cnf 11 Apr 2014 22:51:53 -0000 1.1 > > > > > +++ openssl.cnf 30 Sep 2014 22:42:53 -0000 > > > > > @@ -7,7 +7,8 @@ > > > > > > > > > > #################################################################### > > > > > [ req ] > > > > > -default_bits = 1024 > > > > > +default_bits = 2048 > > > > > +default_md = sha256 > > > > > default_keyfile = privkey.pem > > > > > distinguished_name = req_distinguished_name > > > > > attributes = req_attributes > > > > The following does this, however note that the default_bits of 1024 from > > openssl.cnf trumps the 2048 in the define... we probably should also stop > > making EVP_des_ede3_cbc() the default cipher... > > I think I prefer it this way (changing usr.bin/openssl rather than > the library) as there's less risk of impact in unpredictable areas. > How about this one?
Any reason to not change the default for crl/ocsp/fingerprints as well? It looks like openssl(1) could use updating: "The digest of choice for all new applications is SHA1." Index: crl.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/crl.c,v retrieving revision 1.9 diff -u -p -r1.9 crl.c --- crl.c 17 Oct 2015 15:00:11 -0000 1.9 +++ crl.c 20 Oct 2015 04:48:26 -0000 @@ -243,7 +243,7 @@ crl_main(int argc, char **argv) } } - digest = EVP_sha1(); + digest = EVP_sha256(); memset(&crl_config, 0, sizeof(crl_config)); crl_config.informat = FORMAT_PEM; Index: ocsp.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/ocsp.c,v retrieving revision 1.7 diff -u -p -r1.7 ocsp.c --- ocsp.c 17 Oct 2015 15:00:11 -0000 1.7 +++ ocsp.c 20 Oct 2015 04:47:42 -0000 @@ -355,7 +355,7 @@ ocsp_main(int argc, char **argv) if (!cert) goto end; if (!cert_id_md) - cert_id_md = EVP_sha1(); + cert_id_md = EVP_sha256(); if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) goto end; if (!sk_OPENSSL_STRING_push(reqnames, *args)) @@ -366,7 +366,7 @@ ocsp_main(int argc, char **argv) if (args[1]) { args++; if (!cert_id_md) - cert_id_md = EVP_sha1(); + cert_id_md = EVP_sha256(); if (!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) goto end; if (!sk_OPENSSL_STRING_push(reqnames, *args)) Index: x509.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/x509.c,v retrieving revision 1.12 diff -u -p -r1.12 x509.c --- x509.c 17 Oct 2015 15:00:11 -0000 1.12 +++ x509.c 20 Oct 2015 04:50:25 -0000 @@ -788,7 +788,7 @@ bad: const EVP_MD *fdig = digest; if (!fdig) - fdig = EVP_sha1(); + fdig = EVP_sha256(); if (!X509_digest(x, fdig, md, &n)) { BIO_printf(bio_err, "out of memory\n");