isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/openssl-1.1.1-ts-sha256-default.patch

0c50f5
diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
0c50f5
--- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default	2020-11-06 11:07:28.850100899 +0100
0c50f5
+++ openssl-1.1.1h/apps/openssl.cnf	2020-11-06 11:11:28.042913791 +0100
0c50f5
@@ -364,5 +348,5 @@ tsa_name		= yes	# Must the TSA name be i
0c50f5
 				# (optional, default: no)
0c50f5
 ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
0c50f5
 				# (optional, default: no)
0c50f5
-ess_cert_id_alg		= sha1	# algorithm to compute certificate
0c50f5
+ess_cert_id_alg		= sha256	# algorithm to compute certificate
0c50f5
 				# identifier (optional, default: sha1)
0c50f5
diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
0c50f5
--- openssl-1.1.1h/apps/ts.c.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
0c50f5
+++ openssl-1.1.1h/apps/ts.c	2020-11-06 11:07:28.883101220 +0100
0c50f5
@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
e4b8d1
     ASN1_OBJECT *policy_obj = NULL;
e4b8d1
     ASN1_INTEGER *nonce_asn1 = NULL;
e4b8d1
 
e4b8d1
-    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
e4b8d1
+    if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
e4b8d1
         goto err;
e4b8d1
     if ((ts_req = TS_REQ_new()) == NULL)
e4b8d1
         goto err;
0c50f5
diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
0c50f5
--- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default	2020-11-06 12:03:51.226372867 +0100
0c50f5
+++ openssl-1.1.1h/crypto/ts/ts_conf.c	2020-11-06 12:04:01.713488990 +0100
0c50f5
@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
0c50f5
     const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
0c50f5
 
0c50f5
     if (md == NULL)
0c50f5
-        md = "sha1";
0c50f5
+        md = "sha256";
0c50f5
 
0c50f5
     cert_md = EVP_get_digestbyname(md);
0c50f5
     if (cert_md == NULL) {
0c50f5
diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
0c50f5
--- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
0c50f5
+++ openssl-1.1.1h/doc/man1/ts.pod	2020-11-06 11:07:28.883101220 +0100
0c50f5
@@ -518,7 +518,7 @@ included. Default is no. (Optional)
e4b8d1
 =item B<ess_cert_id_alg>
e4b8d1
 
e4b8d1
 This option specifies the hash function to be used to calculate the TSA's
e4b8d1
-public key certificate identifier. Default is sha1. (Optional)
e4b8d1
+public key certificate identifier. Default is sha256. (Optional)
e4b8d1
 
e4b8d1
 =back
e4b8d1
 
0c50f5
@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
e4b8d1
 
e4b8d1
 =head2 Time Stamp Request
e4b8d1
 
0c50f5
-To create a timestamp request for design1.txt with SHA-1
0c50f5
+To create a timestamp request for design1.txt with SHA-256
e4b8d1
 without nonce and policy and no certificate is required in the response:
e4b8d1
 
e4b8d1
   openssl ts -query -data design1.txt -no_nonce \
0c50f5
@@ -546,12 +546,12 @@ To print the content of the previous req
e4b8d1
 
e4b8d1
   openssl ts -query -in design1.tsq -text
e4b8d1
 
0c50f5
-To create a timestamp request which includes the MD-5 digest
0c50f5
+To create a timestamp request which includes the SHA-512 digest
e4b8d1
 of design2.txt, requests the signer certificate and nonce,
e4b8d1
 specifies a policy id (assuming the tsa_policy1 name is defined in the
e4b8d1
 OID section of the config file):
e4b8d1
 
e4b8d1
-  openssl ts -query -data design2.txt -md5 \
e4b8d1
+  openssl ts -query -data design2.txt -sha512 \
e4b8d1
         -tspolicy tsa_policy1 -cert -out design2.tsq
e4b8d1
 
e4b8d1
 =head2 Time Stamp Response