|
|
19981c |
From 298015e8a7cf35cc0de581203b44826d2ae1d406 Mon Sep 17 00:00:00 2001
|
|
|
19981c |
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
19981c |
Date: Wed, 28 Nov 2018 08:00:08 -0500
|
|
|
19981c |
Subject: [PATCH 3/6] Adjust hash defaults based on system security level
|
|
|
19981c |
|
|
|
19981c |
Unlike the key-strength, this does not set a minimum level because
|
|
|
19981c |
it's not a simple calculation. We will have to rely on libcrypto
|
|
|
19981c |
rejecting any explicitly-set algorithms as a violation of policy.
|
|
|
19981c |
|
|
|
19981c |
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
19981c |
---
|
|
|
19981c |
include/sscg.h | 1 +
|
|
|
19981c |
src/sscg.c | 40 +++++++++++++++++++++-------------------
|
|
|
19981c |
2 files changed, 22 insertions(+), 19 deletions(-)
|
|
|
19981c |
|
|
|
19981c |
diff --git a/include/sscg.h b/include/sscg.h
|
|
|
19981c |
index 3e97cfe49a5cd8fc734ecf43a94156e376227eb7..fc90b81a0060af28529f3be6922b1b1501559300 100644
|
|
|
19981c |
--- a/include/sscg.h
|
|
|
19981c |
+++ b/include/sscg.h
|
|
|
19981c |
@@ -140,6 +140,7 @@ struct sscg_options
|
|
|
19981c |
/* Encryption requirements */
|
|
|
19981c |
int key_strength;
|
|
|
19981c |
int minimum_key_strength;
|
|
|
19981c |
+ char *hash_alg;
|
|
|
19981c |
const EVP_MD *hash_fn;
|
|
|
19981c |
|
|
|
19981c |
/* Output Files */
|
|
|
19981c |
diff --git a/src/sscg.c b/src/sscg.c
|
|
|
19981c |
index 85a42404aa94524b560755d506b893300a4414cd..58855f764480d24d6c0f57460b22a3a83281e37e 100644
|
|
|
19981c |
--- a/src/sscg.c
|
|
|
19981c |
+++ b/src/sscg.c
|
|
|
19981c |
@@ -66,14 +66,21 @@ set_default_options (struct sscg_options *opts)
|
|
|
19981c |
case 1:
|
|
|
19981c |
case 2:
|
|
|
19981c |
/* Security level 2 and below permits lower key-strengths, but SSCG
|
|
|
19981c |
- * will set a minimum of 2048 bits
|
|
|
19981c |
+ * will set a minimum of 2048 bits and the sha256 hash algorithm.
|
|
|
19981c |
*/
|
|
|
19981c |
+ opts->hash_alg = talloc_strdup (opts, "sha256");
|
|
|
19981c |
opts->key_strength = 2048;
|
|
|
19981c |
break;
|
|
|
19981c |
|
|
|
19981c |
- case 3: opts->key_strength = 3072; break;
|
|
|
19981c |
+ case 3:
|
|
|
19981c |
+ opts->hash_alg = talloc_strdup (opts, "sha256");
|
|
|
19981c |
+ opts->key_strength = 3072;
|
|
|
19981c |
+ break;
|
|
|
19981c |
|
|
|
19981c |
- case 4: opts->key_strength = 7680; break;
|
|
|
19981c |
+ case 4:
|
|
|
19981c |
+ opts->hash_alg = talloc_strdup (opts, "sha384");
|
|
|
19981c |
+ opts->key_strength = 7680;
|
|
|
19981c |
+ break;
|
|
|
19981c |
|
|
|
19981c |
default:
|
|
|
19981c |
/* Unknown security level. Default to the highest we know about */
|
|
|
19981c |
@@ -83,7 +90,10 @@ set_default_options (struct sscg_options *opts)
|
|
|
19981c |
security_level);
|
|
|
19981c |
/* Fall through */
|
|
|
19981c |
|
|
|
19981c |
- case 5: opts->key_strength = 15360; break;
|
|
|
19981c |
+ case 5:
|
|
|
19981c |
+ opts->hash_alg = talloc_strdup (opts, "sha512");
|
|
|
19981c |
+ opts->key_strength = 15360;
|
|
|
19981c |
+ break;
|
|
|
19981c |
}
|
|
|
19981c |
|
|
|
19981c |
opts->minimum_key_strength = opts->key_strength;
|
|
|
19981c |
@@ -177,7 +187,6 @@ main (int argc, const char **argv)
|
|
|
19981c |
char *email = NULL;
|
|
|
19981c |
char *hostname = NULL;
|
|
|
19981c |
char *packagename;
|
|
|
19981c |
- char *hash_alg = NULL;
|
|
|
19981c |
char **alternative_names = NULL;
|
|
|
19981c |
|
|
|
19981c |
char *ca_file = NULL;
|
|
|
19981c |
@@ -351,10 +360,10 @@ main (int argc, const char **argv)
|
|
|
19981c |
{
|
|
|
19981c |
"hash-alg",
|
|
|
19981c |
'\0',
|
|
|
19981c |
- POPT_ARG_STRING,
|
|
|
19981c |
- &hash_alg,
|
|
|
19981c |
+ POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT,
|
|
|
19981c |
+ &options->hash_alg,
|
|
|
19981c |
0,
|
|
|
19981c |
- _ ("Hashing algorithm to use for signing. (default: sha256)"),
|
|
|
19981c |
+ _ ("Hashing algorithm to use for signing."),
|
|
|
19981c |
_ ("{sha256,sha384,sha512}"),
|
|
|
19981c |
},
|
|
|
19981c |
{
|
|
|
19981c |
@@ -592,17 +601,10 @@ main (int argc, const char **argv)
|
|
|
19981c |
goto done;
|
|
|
19981c |
}
|
|
|
19981c |
|
|
|
19981c |
- if (!hash_alg)
|
|
|
19981c |
- {
|
|
|
19981c |
- /* Default to SHA256 */
|
|
|
19981c |
- options->hash_fn = EVP_sha256 ();
|
|
|
19981c |
- }
|
|
|
19981c |
- else
|
|
|
19981c |
- {
|
|
|
19981c |
- /* TODO: restrict this to approved hashes.
|
|
|
19981c |
- * For now, we'll only list SHA[256|384|512] in the help */
|
|
|
19981c |
- options->hash_fn = EVP_get_digestbyname (hash_alg);
|
|
|
19981c |
- }
|
|
|
19981c |
+ /* TODO: restrict this to approved hashes.
|
|
|
19981c |
+ * For now, we'll only list SHA[256|384|512] in the help */
|
|
|
19981c |
+ options->hash_fn = EVP_get_digestbyname (options->hash_alg);
|
|
|
19981c |
+
|
|
|
19981c |
if (!options->hash_fn)
|
|
|
19981c |
{
|
|
|
19981c |
fprintf (stderr, "Unsupported hashing algorithm.");
|
|
|
19981c |
--
|
|
|
19981c |
2.23.0
|
|
|
19981c |
|