You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
113 lines
5.1 KiB
113 lines
5.1 KiB
From f0740c131b69f3346f07e7b7b03ebf27c50c0ccd Mon Sep 17 00:00:00 2001 |
|
From: Julien Rische <jrische@redhat.com> |
|
Date: Fri, 11 Mar 2022 11:33:56 +0100 |
|
Subject: [PATCH] Use SHA-256 instead of SHA-1 for PKINIT CMS digest |
|
|
|
Various organizations including NIST have been strongly recommending to |
|
stop using SHA-1 for digital signatures for some years already. CMS |
|
digest is used to generate such signatures, hence it should be upgraded |
|
to use SHA-256. |
|
--- |
|
.../preauth/pkinit/pkinit_crypto_openssl.c | 27 ++++++++++--------- |
|
1 file changed, 14 insertions(+), 13 deletions(-) |
|
|
|
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
|
index 42e5c581d..2a6ef4aaa 100644 |
|
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
|
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
|
@@ -1240,7 +1240,7 @@ cms_signeddata_create(krb5_context context, |
|
/* will not fill-out EVP_PKEY because it's on the smartcard */ |
|
|
|
/* Set digest algs */ |
|
- p7si->digest_alg->algorithm = OBJ_nid2obj(NID_sha1); |
|
+ p7si->digest_alg->algorithm = OBJ_nid2obj(NID_sha256); |
|
|
|
if (p7si->digest_alg->parameter != NULL) |
|
ASN1_TYPE_free(p7si->digest_alg->parameter); |
|
@@ -1251,17 +1251,17 @@ cms_signeddata_create(krb5_context context, |
|
/* Set sig algs */ |
|
if (p7si->digest_enc_alg->parameter != NULL) |
|
ASN1_TYPE_free(p7si->digest_enc_alg->parameter); |
|
- p7si->digest_enc_alg->algorithm = OBJ_nid2obj(NID_sha1WithRSAEncryption); |
|
+ p7si->digest_enc_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption); |
|
if (!(p7si->digest_enc_alg->parameter = ASN1_TYPE_new())) |
|
goto cleanup; |
|
p7si->digest_enc_alg->parameter->type = V_ASN1_NULL; |
|
|
|
/* add signed attributes */ |
|
- /* compute sha1 digest over the EncapsulatedContentInfo */ |
|
+ /* compute sha256 digest over the EncapsulatedContentInfo */ |
|
ctx = EVP_MD_CTX_new(); |
|
if (ctx == NULL) |
|
goto cleanup; |
|
- EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); |
|
+ EVP_DigestInit_ex(ctx, EVP_sha256(), NULL); |
|
EVP_DigestUpdate(ctx, data, data_len); |
|
md_tmp = EVP_MD_CTX_md(ctx); |
|
EVP_DigestFinal_ex(ctx, md_data, &md_len); |
|
@@ -1289,9 +1289,10 @@ cms_signeddata_create(krb5_context context, |
|
goto cleanup2; |
|
|
|
#ifndef WITHOUT_PKCS11 |
|
- /* Some tokens can only do RSAEncryption without sha1 hash */ |
|
- /* to compute sha1WithRSAEncryption, encode the algorithm ID for the hash |
|
- * function and the hash value into an ASN.1 value of type DigestInfo |
|
+ /* Some tokens can only do RSAEncryption without sha256 hash */ |
|
+ /* to compute sha256WithRSAEncryption, encode the algorithm ID for the |
|
+ * hash function and the hash value into an ASN.1 value of type |
|
+ * DigestInfo |
|
* DigestInfo::=SEQUENCE { |
|
* digestAlgorithm AlgorithmIdentifier, |
|
* digest OCTET STRING } |
|
@@ -1310,7 +1311,7 @@ cms_signeddata_create(krb5_context context, |
|
alg = X509_ALGOR_new(); |
|
if (alg == NULL) |
|
goto cleanup2; |
|
- X509_ALGOR_set0(alg, OBJ_nid2obj(NID_sha1), V_ASN1_NULL, NULL); |
|
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_sha256), V_ASN1_NULL, NULL); |
|
alg_len = i2d_X509_ALGOR(alg, NULL); |
|
|
|
digest = ASN1_OCTET_STRING_new(); |
|
@@ -1339,7 +1340,7 @@ cms_signeddata_create(krb5_context context, |
|
#endif |
|
{ |
|
pkiDebug("mech = %s\n", |
|
- id_cryptoctx->pkcs11_method == 1 ? "CKM_SHA1_RSA_PKCS" : "FS"); |
|
+ id_cryptoctx->pkcs11_method == 1 ? "CKM_SHA256_RSA_PKCS" : "FS"); |
|
retval = pkinit_sign_data(context, id_cryptoctx, abuf, alen, |
|
&sig, &sig_len); |
|
} |
|
@@ -4189,7 +4190,7 @@ create_signature(unsigned char **sig, unsigned int *sig_len, |
|
ctx = EVP_MD_CTX_new(); |
|
if (ctx == NULL) |
|
return ENOMEM; |
|
- EVP_SignInit(ctx, EVP_sha1()); |
|
+ EVP_SignInit(ctx, EVP_sha256()); |
|
EVP_SignUpdate(ctx, data, data_len); |
|
*sig_len = EVP_PKEY_size(pkey); |
|
if ((*sig = malloc(*sig_len)) == NULL) |
|
@@ -4663,10 +4664,10 @@ pkinit_get_certs_pkcs11(krb5_context context, |
|
|
|
#ifndef PKINIT_USE_MECH_LIST |
|
/* |
|
- * We'd like to use CKM_SHA1_RSA_PKCS for signing if it's available, but |
|
+ * We'd like to use CKM_SHA256_RSA_PKCS for signing if it's available, but |
|
* many cards seems to be confused about whether they are capable of |
|
* this or not. The safe thing seems to be to ignore the mechanism list, |
|
- * always use CKM_RSA_PKCS and calculate the sha1 digest ourselves. |
|
+ * always use CKM_RSA_PKCS and calculate the sha256 digest ourselves. |
|
*/ |
|
|
|
id_cryptoctx->mech = CKM_RSA_PKCS; |
|
@@ -4694,7 +4695,7 @@ pkinit_get_certs_pkcs11(krb5_context context, |
|
if (mechp[i] == CKM_RSA_PKCS) { |
|
/* This seems backwards... */ |
|
id_cryptoctx->mech = |
|
- (info.flags & CKF_SIGN) ? CKM_SHA1_RSA_PKCS : CKM_RSA_PKCS; |
|
+ (info.flags & CKF_SIGN) ? CKM_SHA256_RSA_PKCS : CKM_RSA_PKCS; |
|
} |
|
} |
|
free(mechp); |
|
-- |
|
2.35.1 |
|
|
|
|