# HG changeset patch # User Kai Engert # Date 1489096275 -3600 # Thu Mar 09 22:51:15 2017 +0100 # Node ID 848abc2061a45b8387893891e814b80db1e2bd53 # Parent 482e9cbb16f13cd22f9ef7b5a73a4e3ea68ecf82 Bug 1345106, Don't use SHA1 by default for signatures in the NSS library and in certutil, crlutil and cmsutil, r=rrelyea diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c --- a/cmd/smimetools/cmsutil.c +++ b/cmd/smimetools/cmsutil.c @@ -84,7 +84,7 @@ Usage(char *progName) " where id can be a certificate nickname or email address\n" " -S create a CMS signed data message\n" " -G include a signing time attribute\n" - " -H hash use hash (default:SHA1)\n" + " -H hash use hash (default:SHA256)\n" " -N nick use certificate named \"nick\" for signing\n" " -P include a SMIMECapabilities attribute\n" " -T do not include content in CMS message\n" @@ -1097,7 +1097,7 @@ main(int argc, char **argv) signOptions.signingTime = PR_FALSE; signOptions.smimeProfile = PR_FALSE; signOptions.encryptionKeyPreferenceNick = NULL; - signOptions.hashAlgTag = SEC_OID_SHA1; + signOptions.hashAlgTag = SEC_OID_SHA256; envelopeOptions.recipients = NULL; encryptOptions.recipients = NULL; encryptOptions.envmsg = NULL; diff --git a/cmd/smimetools/smime b/cmd/smimetools/smime --- a/cmd/smimetools/smime +++ b/cmd/smimetools/smime @@ -199,8 +199,8 @@ sub signentity($$) # construct a new multipart/signed MIME entity consisting of the original content and # the signature # - # (we assume that cmsutil generates a SHA1 digest) - $out .= "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha1; boundary=\"${boundary}\"\n"; + # (we assume that cmsutil generates a SHA256 digest) + $out .= "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha256; boundary=\"${boundary}\"\n"; $out .= "\n"; # end of entity header $out .= "This is a cryptographically signed message in MIME format.\n"; # explanatory comment $out .= "\n--${boundary}\n"; diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c --- a/lib/cryptohi/secsign.c +++ b/lib/cryptohi/secsign.c @@ -312,24 +312,25 @@ SEC_DerSignData(PLArenaPool *arena, SECI if (algID == SEC_OID_UNKNOWN) { switch (pk->keyType) { case rsaKey: - algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; + algID = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; case dsaKey: /* get Signature length (= q_len*2) and work from there */ switch (PK11_SignatureLen(pk)) { + case 320: + algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; + break; case 448: algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; break; case 512: + default: algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; - default: - algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; } break; case ecKey: - algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST; + algID = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break; default: PORT_SetError(SEC_ERROR_INVALID_KEY); @@ -468,13 +469,13 @@ SEC_GetSignatureAlgorithmOidTag(KeyType break; case dsaKey: switch (hashAlgTag) { - case SEC_OID_UNKNOWN: /* default for DSA if not specified */ case SEC_OID_SHA1: sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break; case SEC_OID_SHA224: sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; break; + case SEC_OID_UNKNOWN: /* default for DSA if not specified */ case SEC_OID_SHA256: sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; @@ -484,13 +485,13 @@ SEC_GetSignatureAlgorithmOidTag(KeyType break; case ecKey: switch (hashAlgTag) { - case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */ case SEC_OID_SHA1: sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break; case SEC_OID_SHA224: sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; break; + case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */ case SEC_OID_SHA256: sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break;