On 2014/10/01 19:05, Joel Sing wrote:
> > I should also add that the other obvious/easy "fix" is to initialise digest
> > in openssl/req.c to the SHA-256 EVP. That only changes 'openssl req'
> > though.
> >
> > > (and yes, clearly I've spent too much time in this code base recently...
> > > :)
> > >
> > > > Index: openssl.cnf
> > > > ===================================================================
> > > > RCS file: /cvs/src/lib/libcrypto/openssl.cnf,v
> > > > retrieving revision 1.1
> > > > diff -u -p -r1.1 openssl.cnf
> > > > --- openssl.cnf 11 Apr 2014 22:51:53 -0000 1.1
> > > > +++ openssl.cnf 30 Sep 2014 22:42:53 -0000
> > > > @@ -7,7 +7,8 @@
> > > >
> > > > ####################################################################
> > > > [ req ]
> > > > -default_bits = 1024
> > > > +default_bits = 2048
> > > > +default_md = sha256
> > > > default_keyfile = privkey.pem
> > > > distinguished_name = req_distinguished_name
> > > > attributes = req_attributes
>
> The following does this, however note that the default_bits of 1024 from
> openssl.cnf trumps the 2048 in the define... we probably should also stop
> making EVP_des_ede3_cbc() the default cipher...
I think I prefer it this way (changing usr.bin/openssl rather than
the library) as there's less risk of impact in unpredictable areas.
How about this one?
Index: usr.bin/openssl/req.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/req.c,v
retrieving revision 1.2
diff -u -p -r1.2 req.c
--- usr.bin/openssl/req.c 28 Aug 2014 14:23:52 -0000 1.2
+++ usr.bin/openssl/req.c 1 Oct 2014 09:51:37 -0000
@@ -97,7 +97,7 @@
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
-#define DEFAULT_KEY_LENGTH 512
+#define DEFAULT_KEY_LENGTH 2048
#define MIN_KEY_LENGTH 384
@@ -184,9 +184,8 @@ req_main(int argc, char **argv)
unsigned long chtype = MBSTRING_ASC;
req_conf = NULL;
-#ifndef OPENSSL_NO_DES
- cipher = EVP_des_ede3_cbc();
-#endif
+ cipher = EVP_aes_256_cbc();
+ digest = EVP_sha256();
infile = NULL;
outfile = NULL;
Index: lib/libcrypto/openssl.cnf
===================================================================
RCS file: /cvs/src/lib/libcrypto/openssl.cnf,v
retrieving revision 1.1
diff -u -p -r1.1 openssl.cnf
--- lib/libcrypto/openssl.cnf 11 Apr 2014 22:51:53 -0000 1.1
+++ lib/libcrypto/openssl.cnf 1 Oct 2014 09:51:36 -0000
@@ -1,41 +1,20 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE = /dev/arandom
-
-####################################################################
[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
+#default_bits = 2048
+#default_md = sha256
+#default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-#countryName_default = AU
countryName_min = 2
countryName_max = 2
-
stateOrProvinceName = State or Province Name (full name)
-#stateOrProvinceName_default = Some-State
-
localityName = Locality Name (eg, city)
-
0.organizationName = Organization Name (eg, company)
-#0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = CryptSoft Pty Ltd
-
organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
commonName = Common Name (eg, fully qualified host name)
commonName_max = 64
-
emailAddress = Email Address
emailAddress_max = 64
@@ -43,23 +22,3 @@ emailAddress_max = 64
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ x509v3_extensions ]
-
-nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
-nsComment = "This is a comment"
-
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType = 0x40
-
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
-
Index: usr.bin/openssl/openssl.1
===================================================================
RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.3
diff -u -p -r1.3 openssl.1
--- usr.bin/openssl/openssl.1 16 Sep 2014 16:05:44 -0000 1.3
+++ usr.bin/openssl/openssl.1 1 Oct 2014 09:51:37 -0000
@@ -5583,7 +5583,7 @@ This gives the
to write the newly created private key to.
If this option is not specified, the filename present in the
configuration file is used.
-.It Fl md4 | md5 | sha1
+.It Fl md5 | sha1 | sha256
This specifies the message digest to sign the request with.
This overrides the digest algorithm specified in the configuration file.
.Pp
@@ -5774,7 +5774,7 @@ They are currently ignored by
request signing utilities, but some CAs might want them.
.It Ar default_bits
This specifies the default key size in bits.
-If not specified, 512 is used.
+If not specified, 2048 is used.
It is used if the
.Fl new
option is used.
@@ -5790,10 +5790,11 @@ option.
.It Ar default_md
This option specifies the digest algorithm to use.
Possible values include
-.Ar md5
+.Ar md5 ,
+.Ar sha1
and
-.Ar sha1 .
-If not present, MD5 is used.
+.Ar sha256 .
+If not present, SHA256 is used.
This option can be overridden on the command line.
.It Ar distinguished_name
This specifies the section containing the distinguished name fields to
