From 298015e8a7cf35cc0de581203b44826d2ae1d406 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 28 Nov 2018 08:00:08 -0500
Subject: [PATCH 3/6] Adjust hash defaults based on system security level

Unlike the key-strength, this does not set a minimum level because
it's not a simple calculation. We will have to rely on libcrypto
rejecting any explicitly-set algorithms as a violation of policy.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
 include/sscg.h |  1 +
 src/sscg.c     | 40 +++++++++++++++++++++-------------------
 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/include/sscg.h b/include/sscg.h
index 3e97cfe49a5cd8fc734ecf43a94156e376227eb7..fc90b81a0060af28529f3be6922b1b1501559300 100644
--- a/include/sscg.h
+++ b/include/sscg.h
@@ -140,6 +140,7 @@ struct sscg_options
   /* Encryption requirements */
   int key_strength;
   int minimum_key_strength;
+  char *hash_alg;
   const EVP_MD *hash_fn;
 
   /* Output Files */
diff --git a/src/sscg.c b/src/sscg.c
index 85a42404aa94524b560755d506b893300a4414cd..58855f764480d24d6c0f57460b22a3a83281e37e 100644
--- a/src/sscg.c
+++ b/src/sscg.c
@@ -66,14 +66,21 @@ set_default_options (struct sscg_options *opts)
     case 1:
     case 2:
       /* Security level 2 and below permits lower key-strengths, but SSCG
-       * will set a minimum of 2048 bits
+       * will set a minimum of 2048 bits and the sha256 hash algorithm.
        */
+      opts->hash_alg = talloc_strdup (opts, "sha256");
       opts->key_strength = 2048;
       break;
 
-    case 3: opts->key_strength = 3072; break;
+    case 3:
+      opts->hash_alg = talloc_strdup (opts, "sha256");
+      opts->key_strength = 3072;
+      break;
 
-    case 4: opts->key_strength = 7680; break;
+    case 4:
+      opts->hash_alg = talloc_strdup (opts, "sha384");
+      opts->key_strength = 7680;
+      break;
 
     default:
       /* Unknown security level. Default to the highest we know about */
@@ -83,7 +90,10 @@ set_default_options (struct sscg_options *opts)
                security_level);
       /* Fall through */
 
-    case 5: opts->key_strength = 15360; break;
+    case 5:
+      opts->hash_alg = talloc_strdup (opts, "sha512");
+      opts->key_strength = 15360;
+      break;
     }
 
   opts->minimum_key_strength = opts->key_strength;
@@ -177,7 +187,6 @@ main (int argc, const char **argv)
   char *email = NULL;
   char *hostname = NULL;
   char *packagename;
-  char *hash_alg = NULL;
   char **alternative_names = NULL;
 
   char *ca_file = NULL;
@@ -351,10 +360,10 @@ main (int argc, const char **argv)
     {
       "hash-alg",
       '\0',
-      POPT_ARG_STRING,
-      &hash_alg,
+      POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT,
+      &options->hash_alg,
       0,
-      _ ("Hashing algorithm to use for signing. (default: sha256)"),
+      _ ("Hashing algorithm to use for signing."),
       _ ("{sha256,sha384,sha512}"),
     },
     {
@@ -592,17 +601,10 @@ main (int argc, const char **argv)
       goto done;
     }
 
-  if (!hash_alg)
-    {
-      /* Default to SHA256 */
-      options->hash_fn = EVP_sha256 ();
-    }
-  else
-    {
-      /* TODO: restrict this to approved hashes.
-         * For now, we'll only list SHA[256|384|512] in the help */
-      options->hash_fn = EVP_get_digestbyname (hash_alg);
-    }
+  /* TODO: restrict this to approved hashes.
+   * For now, we'll only list SHA[256|384|512] in the help */
+  options->hash_fn = EVP_get_digestbyname (options->hash_alg);
+
   if (!options->hash_fn)
     {
       fprintf (stderr, "Unsupported hashing algorithm.");
-- 
2.23.0