From 298015e8a7cf35cc0de581203b44826d2ae1d406 Mon Sep 17 00:00:00 2001

From: Stephen Gallagher <sgallagh@redhat.com>

Date: Wed, 28 Nov 2018 08:00:08 -0500

Subject: [PATCH 3/6] Adjust hash defaults based on system security level

Unlike the key-strength, this does not set a minimum level because

it's not a simple calculation. We will have to rely on libcrypto

rejecting any explicitly-set algorithms as a violation of policy.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

---

 include/sscg.h |  1 +

 src/sscg.c     | 40 +++++++++++++++++++++-------------------

 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/include/sscg.h b/include/sscg.h

index 3e97cfe49a5cd8fc734ecf43a94156e376227eb7..fc90b81a0060af28529f3be6922b1b1501559300 100644

--- a/include/sscg.h

+++ b/include/sscg.h

@@ -140,6 +140,7 @@ struct sscg_options

   /* Encryption requirements */

   int key_strength;

   int minimum_key_strength;

+  char *hash_alg;

   const EVP_MD *hash_fn;

   /* Output Files */

diff --git a/src/sscg.c b/src/sscg.c

index 85a42404aa94524b560755d506b893300a4414cd..58855f764480d24d6c0f57460b22a3a83281e37e 100644

--- a/src/sscg.c

+++ b/src/sscg.c

@@ -66,14 +66,21 @@ set_default_options (struct sscg_options *opts)

     case 1:

     case 2:

       /* Security level 2 and below permits lower key-strengths, but SSCG

-       * will set a minimum of 2048 bits

+       * will set a minimum of 2048 bits and the sha256 hash algorithm.

        */

+      opts->hash_alg = talloc_strdup (opts, "sha256");

       opts->key_strength = 2048;

       break;

-    case 3: opts->key_strength = 3072; break;

+    case 3:

+      opts->hash_alg = talloc_strdup (opts, "sha256");

+      opts->key_strength = 3072;

+      break;

-    case 4: opts->key_strength = 7680; break;

+    case 4:

+      opts->hash_alg = talloc_strdup (opts, "sha384");

+      opts->key_strength = 7680;

+      break;

     default:

       /* Unknown security level. Default to the highest we know about */

@@ -83,7 +90,10 @@ set_default_options (struct sscg_options *opts)

                security_level);

       /* Fall through */

-    case 5: opts->key_strength = 15360; break;

+    case 5:

+      opts->hash_alg = talloc_strdup (opts, "sha512");

+      opts->key_strength = 15360;

+      break;

     }

   opts->minimum_key_strength = opts->key_strength;

@@ -177,7 +187,6 @@ main (int argc, const char **argv)

   char *email = NULL;

   char *hostname = NULL;

   char *packagename;

-  char *hash_alg = NULL;

   char **alternative_names = NULL;

   char *ca_file = NULL;

@@ -351,10 +360,10 @@ main (int argc, const char **argv)

     {

       "hash-alg",

       '\0',

-      POPT_ARG_STRING,

-      &hash_alg,

+      POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT,

+      &options->hash_alg,

       0,

-      _ ("Hashing algorithm to use for signing. (default: sha256)"),

+      _ ("Hashing algorithm to use for signing."),

       _ ("{sha256,sha384,sha512}"),

     },

     {

@@ -592,17 +601,10 @@ main (int argc, const char **argv)

       goto done;

     }

-  if (!hash_alg)

-    {

-      /* Default to SHA256 */

-      options->hash_fn = EVP_sha256 ();

-    }

-  else

-    {

-      /* TODO: restrict this to approved hashes.

-         * For now, we'll only list SHA[256|384|512] in the help */

-      options->hash_fn = EVP_get_digestbyname (hash_alg);

-    }

+  /* TODO: restrict this to approved hashes.

+   * For now, we'll only list SHA[256|384|512] in the help */

+  options->hash_fn = EVP_get_digestbyname (options->hash_alg);

+

   if (!options->hash_fn)

     {

       fprintf (stderr, "Unsupported hashing algorithm.");

-- 

2.23.0