From a2aaef550cf5b7b9c6eeb2a150058840b2c90319 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Tue, 2 Sep 2014 16:27:03 +0100 Subject: [PATCH] keyutil, genkey: use SHA-2 hashes by default for certs (#1062444) Resolves: rhbz#1062444 --- crypto-utils.spec | 5 ++++- genkey.pl | 24 ++++++++++++++++++++++++ keyutil.c | 17 ++++++++++++++++- 3 files changed, 44 insertions(+), 2 deletions(-) diff --git a/crypto-utils.spec b/crypto-utils.spec index 1a8660e..2bfb9eb 100644 --- a/crypto-utils.spec +++ b/crypto-utils.spec @@ -4,7 +4,7 @@ Summary: SSL certificate and key management utilities Name: crypto-utils Version: 2.4.1 -Release: 55%{?dist} +Release: 56%{?dist} Group: Applications/System # certwatch.c is GPLv2 # pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+) @@ -135,6 +135,9 @@ chmod -R u+w $RPM_BUILD_ROOT %{perl_vendorarch}/auto/Crypt %changelog +* Fri Aug 29 2014 Adam Williamson - 2.4.1-56 +- keyutil, genkey: use SHA-2 hashes by default for certs (#1062444) + * Wed Aug 27 2014 Jitka Plesnikova - 2.4.1-55 - Perl 5.20 rebuild diff --git a/genkey.pl b/genkey.pl index 2f3b582..4d38f0d 100644 --- a/genkey.pl +++ b/genkey.pl @@ -131,6 +131,7 @@ my $modNssDbDir = ''; my $nssNickname = ''; my $nssDBPrefix = ''; my $gdb = ''; +my $hashalg = "SHA256"; GetOptions('test|t' => \$test_mode, 'genreq' => \$genreq_mode, 'days=i' => \$cert_days, @@ -455,6 +456,22 @@ sub keyInDatabase { return $answer; } +# Pick an appropriate hashing function for the key length +# Ideally we should be able to depend on upstream behaviour and drop this, +# but upstream's default was not changed from SHA-1 in a timely fashion: +# https://bugzilla.mozilla.org/show_bug.cgi?id=1058933 +sub getHashForKeyLength { + use integer; + # See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf + # and http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf + $hashalg = "SHA256"; + if ($bits > 7680) { + $hashalg = "SHA512"; + } elsif ($bits > 3072) { + $hashalg = "SHA384"; + } +} + ###################################################################### # The window functions @@ -556,6 +573,8 @@ EOT last; } } + + getHashForKeyLength(); $panel->Hide(); undef $panel; @@ -601,6 +620,8 @@ EOT } } while ($bits < $minbits || $bits > $maxbits); + getHashForKeyLength(); + $panel->Hide(); undef $panel; @@ -976,6 +997,7 @@ sub makeCertNSS $args .= "-d $modNssDbDir "; $args .= "-p $nssDBPrefix " if $nssDBPrefix; $args .= "-o $certfile " if $certfile; + $args .= "-Z $hashalg "; nssUtilCmd("$bindir/certutil", $args); @@ -1015,6 +1037,7 @@ sub genRequestNSS $args .= "-v $months "; $args .= "-z $noisefile " if $noisefile; $args .= "-o $csrfile "; + $args .= "-Z $hashalg "; nssUtilCmd("$bindir/certutil", $args); @@ -1155,6 +1178,7 @@ sub renewCertNSS $args .= "-f $pwdfile " if $pwdfile; $args .= "-v $months "; $args .= "-o $csrfile "; + $args .= "-Z $hashalg "; nssUtilCmd("$bindir/certutil", $args); diff --git a/keyutil.c b/keyutil.c index eeb2019..16d1c10 100644 --- a/keyutil.c +++ b/keyutil.c @@ -1522,7 +1522,22 @@ static int keyutil_main( keyutil_extns[ext_policyConstr] = PR_FALSE; keyutil_extns[ext_inhibitAnyPolicy] = PR_FALSE; - hashAlgTag = SEC_OID_SHA1; + /* + * Hash algorithm should be at least SHA-256 after 2013: + * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf + * Per http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf + * a 3072-bit key provides 128 bits of security and a 7680-bit key provides + * 192 bits of security, so when producing certificates that use keys + * longer than those lengths, we should use a correspondingly stronger + * hash algorithm + */ + if (keysize > 7680) { + hashAlgTag = SEC_OID_SHA512; + } else if (keysize > 3072) { + hashAlgTag = SEC_OID_SHA384; + } else { + hashAlgTag = SEC_OID_SHA256; + } /* Make a cert request */ rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject,