From 298015e8a7cf35cc0de581203b44826d2ae1d406 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 28 Nov 2018 08:00:08 -0500 Subject: [PATCH 3/4] Adjust hash defaults based on system security level Unlike the key-strength, this does not set a minimum level because it's not a simple calculation. We will have to rely on libcrypto rejecting any explicitly-set algorithms as a violation of policy. Signed-off-by: Stephen Gallagher --- include/sscg.h | 1 + src/sscg.c | 40 +++++++++++++++++++++------------------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/include/sscg.h b/include/sscg.h index 3e97cfe49a5cd8fc734ecf43a94156e376227eb7..fc90b81a0060af28529f3be6922b1b1501559300 100644 --- a/include/sscg.h +++ b/include/sscg.h @@ -138,10 +138,11 @@ struct sscg_options char **subject_alt_names; /* Encryption requirements */ int key_strength; int minimum_key_strength; + char *hash_alg; const EVP_MD *hash_fn; /* Output Files */ char *ca_file; char *ca_key_file; diff --git a/src/sscg.c b/src/sscg.c index 85a42404aa94524b560755d506b893300a4414cd..58855f764480d24d6c0f57460b22a3a83281e37e 100644 --- a/src/sscg.c +++ b/src/sscg.c @@ -64,28 +64,38 @@ set_default_options (struct sscg_options *opts) { case 0: case 1: case 2: /* Security level 2 and below permits lower key-strengths, but SSCG - * will set a minimum of 2048 bits + * will set a minimum of 2048 bits and the sha256 hash algorithm. */ + opts->hash_alg = talloc_strdup (opts, "sha256"); opts->key_strength = 2048; break; - case 3: opts->key_strength = 3072; break; + case 3: + opts->hash_alg = talloc_strdup (opts, "sha256"); + opts->key_strength = 3072; + break; - case 4: opts->key_strength = 7680; break; + case 4: + opts->hash_alg = talloc_strdup (opts, "sha384"); + opts->key_strength = 7680; + break; default: /* Unknown security level. Default to the highest we know about */ fprintf (stderr, "Unknown system security level %d. Defaulting to highest-known " "level.\n", security_level); /* Fall through */ - case 5: opts->key_strength = 15360; break; + case 5: + opts->hash_alg = talloc_strdup (opts, "sha512"); + opts->key_strength = 15360; + break; } opts->minimum_key_strength = opts->key_strength; return 0; } @@ -175,11 +185,10 @@ main (int argc, const char **argv) char *organization = NULL; char *organizational_unit = NULL; char *email = NULL; char *hostname = NULL; char *packagename; - char *hash_alg = NULL; char **alternative_names = NULL; char *ca_file = NULL; char *ca_key_file = NULL; char *cert_file = NULL; @@ -349,14 +358,14 @@ main (int argc, const char **argv) _ ("Strength of the certificate private keys in bits."), minimum_key_strength_help }, { "hash-alg", '\0', - POPT_ARG_STRING, - &hash_alg, + POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, + &options->hash_alg, 0, - _ ("Hashing algorithm to use for signing. (default: sha256)"), + _ ("Hashing algorithm to use for signing."), _ ("{sha256,sha384,sha512}"), }, { "ca-file", '\0', @@ -590,21 +599,14 @@ main (int argc, const char **argv) options->minimum_key_strength); ret = EINVAL; goto done; } - if (!hash_alg) - { - /* Default to SHA256 */ - options->hash_fn = EVP_sha256 (); - } - else - { - /* TODO: restrict this to approved hashes. - * For now, we'll only list SHA[256|384|512] in the help */ - options->hash_fn = EVP_get_digestbyname (hash_alg); - } + /* TODO: restrict this to approved hashes. + * For now, we'll only list SHA[256|384|512] in the help */ + options->hash_fn = EVP_get_digestbyname (options->hash_alg); + if (!options->hash_fn) { fprintf (stderr, "Unsupported hashing algorithm."); ret = EINVAL; goto done; -- 2.19.1