# HG changeset patch
# User Kai Engert <kaie@kuix.de>
# Date 1489096275 -3600
# Thu Mar 09 22:51:15 2017 +0100
# Node ID 848abc2061a45b8387893891e814b80db1e2bd53
# Parent 482e9cbb16f13cd22f9ef7b5a73a4e3ea68ecf82
Bug 1345106, Don't use SHA1 by default for signatures in the NSS library and in certutil, crlutil and cmsutil, r=rrelyea
diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c
--- a/cmd/smimetools/cmsutil.c
+++ b/cmd/smimetools/cmsutil.c
@@ -84,7 +84,7 @@ Usage(char *progName)
" where id can be a certificate nickname or email address\n"
" -S create a CMS signed data message\n"
" -G include a signing time attribute\n"
- " -H hash use hash (default:SHA1)\n"
+ " -H hash use hash (default:SHA256)\n"
" -N nick use certificate named \"nick\" for signing\n"
" -P include a SMIMECapabilities attribute\n"
" -T do not include content in CMS message\n"
@@ -1097,7 +1097,7 @@ main(int argc, char **argv)
signOptions.signingTime = PR_FALSE;
signOptions.smimeProfile = PR_FALSE;
signOptions.encryptionKeyPreferenceNick = NULL;
- signOptions.hashAlgTag = SEC_OID_SHA1;
+ signOptions.hashAlgTag = SEC_OID_SHA256;
envelopeOptions.recipients = NULL;
encryptOptions.recipients = NULL;
encryptOptions.envmsg = NULL;
diff --git a/cmd/smimetools/smime b/cmd/smimetools/smime
--- a/cmd/smimetools/smime
+++ b/cmd/smimetools/smime
@@ -199,8 +199,8 @@ sub signentity($$)
# construct a new multipart/signed MIME entity consisting of the original content and
# the signature
#
- # (we assume that cmsutil generates a SHA1 digest)
- $out .= "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha1; boundary=\"${boundary}\"\n";
+ # (we assume that cmsutil generates a SHA256 digest)
+ $out .= "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha256; boundary=\"${boundary}\"\n";
$out .= "\n"; # end of entity header
$out .= "This is a cryptographically signed message in MIME format.\n"; # explanatory comment
$out .= "\n--${boundary}\n";
diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c
--- a/lib/cryptohi/secsign.c
+++ b/lib/cryptohi/secsign.c
@@ -312,24 +312,25 @@ SEC_DerSignData(PLArenaPool *arena, SECI
if (algID == SEC_OID_UNKNOWN) {
switch (pk->keyType) {
case rsaKey:
- algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ algID = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
break;
case dsaKey:
/* get Signature length (= q_len*2) and work from there */
switch (PK11_SignatureLen(pk)) {
+ case 320:
+ algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ break;
case 448:
algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
break;
case 512:
+ default:
algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
break;
- default:
- algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
}
break;
case ecKey:
- algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+ algID = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
@@ -468,13 +469,13 @@ SEC_GetSignatureAlgorithmOidTag(KeyType
break;
case dsaKey:
switch (hashAlgTag) {
- case SEC_OID_UNKNOWN: /* default for DSA if not specified */
case SEC_OID_SHA1:
sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
break;
case SEC_OID_SHA224:
sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
break;
+ case SEC_OID_UNKNOWN: /* default for DSA if not specified */
case SEC_OID_SHA256:
sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
break;
@@ -484,13 +485,13 @@ SEC_GetSignatureAlgorithmOidTag(KeyType
break;
case ecKey:
switch (hashAlgTag) {
- case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
case SEC_OID_SHA1:
sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
break;
case SEC_OID_SHA224:
sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE;
break;
+ case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
case SEC_OID_SHA256:
sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
break;