Re: openssl.1: note default -md value for openssl enc and how to get list of available hashes

[Theo Buehler]

On Wed, Dec 18, 2019 at 11:11:33AM +, Stuart Henderson wrote:
> On 2019/12/18 06:30, Fabio Scotoni wrote:
> > My reason for proposing that is a fear that people will still find years
> > old or even decades old files much later on, forgetting or not realizing
> > that they need to change -md.
> > Having a note in the man page would help that specific scenario.
> > The format of the man page doesn't lend itself to doing so, however.
> 
> Would it be enough of a hint to just do this?
> 
> Currently, the default value is
> .Cm sha256 .

I suppose this might help. I'm ok with that.

Re: openssl.1: note default -md value for openssl enc and how to get list of available hashes

[Stuart Henderson]

On 2019/12/18 06:30, Fabio Scotoni wrote:
> My reason for proposing that is a fear that people will still find years
> old or even decades old files much later on, forgetting or not realizing
> that they need to change -md.
> Having a note in the man page would help that specific scenario.
> The format of the man page doesn't lend itself to doing so, however.

Would it be enough of a hint to just do this?

Currently, the default value is
.Cm sha256 .


> Index: usr.bin/openssl/openssl.1
> ===
> RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
> retrieving revision 1.116
> diff -u -p -r1.116 openssl.1
> --- usr.bin/openssl/openssl.1   28 Nov 2019 11:21:33 -  1.116
> +++ usr.bin/openssl/openssl.1   18 Dec 2019 05:16:10 -
> @@ -2176,11 +2176,8 @@ option.
>  Use
>  .Ar digest
>  to create a key from a pass phrase.
> -.Ar digest
> -may be one of
> -.Cm md5
> -or
> -.Cm sha1 .
> +The default value is
> +.Cm sha256 .
>  .It Fl none
>  Use NULL cipher (no encryption or decryption of input).
>  .It Fl nopad
> 

Re: openssl.1: note default -md value for openssl enc and how to get list of available hashes

[Theo Buehler]

On Wed, Dec 18, 2019 at 06:30:00AM +0100, Fabio Scotoni wrote:
> On 12/18/19 5:46 AM, Theo Buehler wrote:
> > The diff modifies the CA section, not ENC. I need to check if we can
> > do something about the weak defaults there, but the diff is not
> > correct.
> 
> That's my bad.
> New diff inline.

Thanks, committed.

Re: openssl.1: note default -md value for openssl enc and how to get list of available hashes

[Fabio Scotoni]

On 12/18/19 5:46 AM, Theo Buehler wrote:
> The diff modifies the CA section, not ENC. I need to check if we can
> do something about the weak defaults there, but the diff is not
> correct.

That's my bad.
New diff inline.

> For ENC, it's indeed correct that the default was changed from md5 to
> sha256, and this should be updated. However, I'm not sure that we
> should add a list-message-digest-algorithms reference. I'd just note
> that the default is sha256 and be done with it.

The reason why I added list-message-digest-algorithms was to keep the
intention of the original part that said "Digest may be one of [...]":
a list of valid options.
However, the list is liable to expand and best practices are liable to
change, so I wanted to resolve that with a dynamic reference to
list-message-digest-algorithms instead.
Now I've just removed that part in hopes that introduction at the top of
openssl.1 makes this clear enough.

>> Inspired by a conversation on misc@ a few weeks ago ("LibreSSL vs.
>> OpenSSL enc command").
>> Perhaps it's also worthwhile to have a HISTORY section/subsection or
>> historical note about this since it's probably of interoperability
>> concern for older files.
>
> Yes, the question of how to decrypt files that were encrypted with md5
> as a digest comes up from time to time on the lists. Not convinced
> that a HISTORY section would help that.  The appropriate place would
> have been an upgrade note, but the opportunity was missed...

My reason for proposing that is a fear that people will still find years
old or even decades old files much later on, forgetting or not realizing
that they need to change -md.
Having a note in the man page would help that specific scenario.
The format of the man page doesn't lend itself to doing so, however.

Index: usr.bin/openssl/openssl.1
===
RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.116
diff -u -p -r1.116 openssl.1
--- usr.bin/openssl/openssl.1   28 Nov 2019 11:21:33 -  1.116
+++ usr.bin/openssl/openssl.1   18 Dec 2019 05:16:10 -
@@ -2176,11 +2176,8 @@ option.
 Use
 .Ar digest
 to create a key from a pass phrase.
-.Ar digest
-may be one of
-.Cm md5
-or
-.Cm sha1 .
+The default value is
+.Cm sha256 .
 .It Fl none
 Use NULL cipher (no encryption or decryption of input).
 .It Fl nopad

Re: openssl.1: note default -md value for openssl enc and how to get list of available hashes

[Theo Buehler]

On Mon, Dec 16, 2019 at 07:15:15PM +0100, Fabio Scotoni wrote:
> This diff changes the documentation of openssl(1) enc to note the
> default value (sha256) and replace the "hardcoded" list of md5, sha1
> with instructions to use list-message-digest-algorithms instead.

The diff modifies the CA section, not ENC. I need to check if we can do
something about the weak defaults there, but the diff is not correct.

For ENC, it's indeed correct that the default was changed from md5 to
sha256, and this should be updated. However, I'm not sure that we should
add a list-message-digest-algorithms reference. I'd just note that the
default is sha256 and be done with it.

> Inspired by a conversation on misc@ a few weeks ago ("LibreSSL vs.
> OpenSSL enc command").
> Perhaps it's also worthwhile to have a HISTORY section/subsection or
> historical note about this since it's probably of interoperability
> concern for older files.

Yes, the question of how to decrypt files that were encrypted with md5
as a digest comes up from time to time on the lists. Not convinced that
a HISTORY section would help that.  The appropriate place would have
been an upgrade note, but the opportunity was missed...

> 
> Index: usr.bin/openssl/openssl.1
> ===
> RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
> retrieving revision 1.116
> diff -u -p -r1.116 openssl.1
> --- usr.bin/openssl/openssl.1   28 Nov 2019 11:21:33 -  1.116
> +++ usr.bin/openssl/openssl.1   16 Dec 2019 18:09:54 -
> @@ -416,10 +416,10 @@ The default is
>  .Cm pem .
>  .It Fl md Ar alg
>  The message digest to use.
> -Possible values include
> -.Ar md5
> -and
> -.Ar sha1 .
> +A list of possible values can be obtained with the pseudo-command
> +.Cm list-message-digest-algorithms .
> +The default value is
> +.Ar sha256 .
>  This option also applies to CRLs.
>  .It Fl msie_hack
>  This is a legacy option to make
> 

Re: openssl.1: note default -md value for openssl enc and how to get list of available hashes

[Jason McIntyre]

On Mon, Dec 16, 2019 at 07:15:15PM +0100, Fabio Scotoni wrote:
> This diff changes the documentation of openssl(1) enc to note the
> default value (sha256) and replace the "hardcoded" list of md5, sha1
> with instructions to use list-message-digest-algorithms instead.
> 

i'm happy to commit this if an obsd developer oks it.

> Inspired by a conversation on misc@ a few weeks ago ("LibreSSL vs.
> OpenSSL enc command").
> Perhaps it's also worthwhile to have a HISTORY section/subsection or
> historical note about this since it's probably of interoperability
> concern for older files.
> 

i don;t know if i want to add an excess of text to this page, but if
there's a specific detail you want to add, feel free to submit it.

jmc

> Index: usr.bin/openssl/openssl.1
> ===
> RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
> retrieving revision 1.116
> diff -u -p -r1.116 openssl.1
> --- usr.bin/openssl/openssl.1   28 Nov 2019 11:21:33 -  1.116
> +++ usr.bin/openssl/openssl.1   16 Dec 2019 18:09:54 -
> @@ -416,10 +416,10 @@ The default is
>  .Cm pem .
>  .It Fl md Ar alg
>  The message digest to use.
> -Possible values include
> -.Ar md5
> -and
> -.Ar sha1 .
> +A list of possible values can be obtained with the pseudo-command
> +.Cm list-message-digest-algorithms .
> +The default value is
> +.Ar sha256 .
>  This option also applies to CRLs.
>  .It Fl msie_hack
>  This is a legacy option to make
> 

openssl.1: note default -md value for openssl enc and how to get list of available hashes

[Fabio Scotoni]

This diff changes the documentation of openssl(1) enc to note the
default value (sha256) and replace the "hardcoded" list of md5, sha1
with instructions to use list-message-digest-algorithms instead.

Inspired by a conversation on misc@ a few weeks ago ("LibreSSL vs.
OpenSSL enc command").
Perhaps it's also worthwhile to have a HISTORY section/subsection or
historical note about this since it's probably of interoperability
concern for older files.

Index: usr.bin/openssl/openssl.1
===
RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.116
diff -u -p -r1.116 openssl.1
--- usr.bin/openssl/openssl.1   28 Nov 2019 11:21:33 -  1.116
+++ usr.bin/openssl/openssl.1   16 Dec 2019 18:09:54 -
@@ -416,10 +416,10 @@ The default is
 .Cm pem .
 .It Fl md Ar alg
 The message digest to use.
-Possible values include
-.Ar md5
-and
-.Ar sha1 .
+A list of possible values can be obtained with the pseudo-command
+.Cm list-message-digest-algorithms .
+The default value is
+.Ar sha256 .
 This option also applies to CRLs.
 .It Fl msie_hack
 This is a legacy option to make