On Wed, 1 Oct 2014, Joel Sing wrote:
> On Wed, 1 Oct 2014, Stuart Henderson wrote:
> > Over the coming months, web browsers will progressively start to first
> > warn for certificate chains including SHA-1 hashes, then treat them
> > as insecure (including disabling certain content - scripts etc).
> > Chrome are initially doing this for certs expiring after Jan 2017,
> > but will progressively slide it forward to certs expiring after
> > Jan 2016.
> >
> > Since my previous attempt to at least show this in ssl(8) examples
> > for "openssl req" a few months ago, I've spent some time digging for
> > where the defaults are set in the code as a nicer place to set sane
> > values, but haven't tracked it down yet. Would it be OK to set it
> > in the default config for now? (or does anyone have an idea of where
> > in the code this comes from?)
>
> Welcome to libkitchensink...
>
> I'd need to quadruple check, however this should come from openssl/req.c
> do_X509_sign() being called with a NULL digest, which calls openssl/req.c
> do_sign_init() with a NULL md, which calls crypto/evp/m_sigver.c
> EVP_DigestSignInit() with md being NULL, which calls crypto/evp/m_sigver.c
> do_sigver_init() with type being NULL, which results in:
>
> if (type == NULL) {
> int def_nid;
> if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
> type = EVP_get_digestbynid(def_nid);
> }
>
> EVP_PKEY_get_default_digest_nid() returns the default digest associated
> with the given PKEY. Since you're using RSA, pkey_ctrl is implemented by
> crypto/rsa/rsa_ameth.c rsa_pkey_ctrl(), which has:
>
> case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
> *(int *)arg2 = NID_sha1;
> return 1;
>
> Catch all that?
>
> To make SHA-256 the default for RSA, we'd have to change that from NID_sha1
> to NID_sha256...
I should also add that the other obvious/easy "fix" is to initialise digest in
openssl/req.c to the SHA-256 EVP. That only changes 'openssl req' though.
> (and yes, clearly I've spent too much time in this code base recently... :)
>
> > Index: openssl.cnf
> > ===================================================================
> > RCS file: /cvs/src/lib/libcrypto/openssl.cnf,v
> > retrieving revision 1.1
> > diff -u -p -r1.1 openssl.cnf
> > --- openssl.cnf 11 Apr 2014 22:51:53 -0000 1.1
> > +++ openssl.cnf 30 Sep 2014 22:42:53 -0000
> > @@ -7,7 +7,8 @@
> >
> > ####################################################################
> > [ req ]
> > -default_bits = 1024
> > +default_bits = 2048
> > +default_md = sha256
> > default_keyfile = privkey.pem
> > distinguished_name = req_distinguished_name
> > attributes = req_attributes
--
"Action without study is fatal. Study without action is futile."
-- Mary Ritter Beard
