keyutil, genkey: use SHA-2 hashes by default for certs (#1062444)

Resolves: rhbz#1062444
2014-09-02 16:27:03 +01:00 · 2014-09-02 16:27:03 +01:00 · a2aaef550c
parent b0009234d8
commit a2aaef550c
3 changed files with 44 additions and 2 deletions
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@ -4,7 +4,7 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.4.1
-Release: 55%{?dist}
+Release: 56%{?dist}
 Group: Applications/System
 # certwatch.c is GPLv2
 # pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
@ -135,6 +135,9 @@ chmod -R u+w $RPM_BUILD_ROOT
 %{perl_vendorarch}/auto/Crypt

 %changelog
+* Fri Aug 29 2014 Adam Williamson <awilliam@redhat.com> - 2.4.1-56
+- keyutil, genkey: use SHA-2 hashes by default for certs (#1062444)
+
 * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.1-55
 - Perl 5.20 rebuild

--- a/genkey.pl
+++ b/genkey.pl
@ -131,6 +131,7 @@ my $modNssDbDir = '';
 my $nssNickname = '';
 my $nssDBPrefix = '';
 my $gdb = '';
+my $hashalg = "SHA256";
 GetOptions('test|t' => \$test_mode, 
           'genreq' => \$genreq_mode,
           'days=i' => \$cert_days,
@ -455,6 +456,22 @@ sub keyInDatabase {
    return $answer;
 }

+# Pick an appropriate hashing function for the key length
+# Ideally we should be able to depend on upstream behaviour and drop this,
+# but upstream's default was not changed from SHA-1 in a timely fashion:
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1058933
+sub getHashForKeyLength {
+    use integer;
+    # See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
+    # and http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
+    $hashalg = "SHA256";
+    if ($bits > 7680) {
+        $hashalg = "SHA512";
+    } elsif ($bits > 3072) {
+        $hashalg = "SHA384";
+    }
+}
+
 ######################################################################
 # The window functions

@ -556,6 +573,8 @@ EOT
 	    last;
 	}
    }
+    
+    getHashForKeyLength();

    $panel->Hide();
    undef $panel;
@ -601,6 +620,8 @@ EOT
 	}
    } while ($bits < $minbits || $bits > $maxbits);
    
+    getHashForKeyLength();
+    
    $panel->Hide();
    undef $panel;

@ -976,6 +997,7 @@ sub makeCertNSS
    $args .= "-d $modNssDbDir "; 
    $args .= "-p $nssDBPrefix " if $nssDBPrefix;
    $args .= "-o $certfile " if $certfile;
+    $args .= "-Z $hashalg ";
    
    nssUtilCmd("$bindir/certutil", $args);

@ -1015,6 +1037,7 @@ sub genRequestNSS
    $args .= "-v $months ";
    $args .= "-z $noisefile " if $noisefile;
    $args .= "-o $csrfile ";
+    $args .= "-Z $hashalg ";
    
    nssUtilCmd("$bindir/certutil", $args);

@ -1155,6 +1178,7 @@ sub renewCertNSS
    $args   .= "-f $pwdfile "   if $pwdfile;
    $args   .= "-v $months ";
    $args   .= "-o $csrfile ";
+    $args   .= "-Z $hashalg ";
    
    nssUtilCmd("$bindir/certutil", $args);
    
--- a/keyutil.c
+++ b/keyutil.c
@ -1522,7 +1522,22 @@ static int keyutil_main(
    keyutil_extns[ext_policyConstr] = PR_FALSE;
    keyutil_extns[ext_inhibitAnyPolicy] = PR_FALSE;

-    hashAlgTag = SEC_OID_SHA1;
+    /*
+     * Hash algorithm should be at least SHA-256 after 2013:
+     * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
+     * Per http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
+     * a 3072-bit key provides 128 bits of security and a 7680-bit key provides
+     * 192 bits of security, so when producing certificates that use keys
+     * longer than those lengths, we should use a correspondingly stronger
+     * hash algorithm
+     */
+    if (keysize > 7680) {
+        hashAlgTag = SEC_OID_SHA512;
+    } else if (keysize > 3072) {
+        hashAlgTag = SEC_OID_SHA384;
+    } else {
+        hashAlgTag = SEC_OID_SHA256;
+    }

    /*  Make a cert request */
    rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject,