rpms / openssl

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fix_strcasecmp main minimize_test_skip no_engine openssl_rebase_308to311 rawhide
  1.   f33
  2.   openssl-1.1.1-ts-sha256-default.patch
Blob Blame History Raw 
diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
--- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default	2020-11-06 11:07:28.850100899 +0100
+++ openssl-1.1.1h/apps/openssl.cnf	2020-11-06 11:11:28.042913791 +0100
@@ -364,5 +348,5 @@ tsa_name		= yes	# Must the TSA name be i
 				# (optional, default: no)
 ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
 				# (optional, default: no)
-ess_cert_id_alg		= sha1	# algorithm to compute certificate
+ess_cert_id_alg		= sha256	# algorithm to compute certificate
 				# identifier (optional, default: sha1)
diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
--- openssl-1.1.1h/apps/ts.c.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/apps/ts.c	2020-11-06 11:07:28.883101220 +0100
@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
     ASN1_OBJECT *policy_obj = NULL;
     ASN1_INTEGER *nonce_asn1 = NULL;
 
-    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
+    if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
         goto err;
     if ((ts_req = TS_REQ_new()) == NULL)
         goto err;
diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
--- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default	2020-11-06 12:03:51.226372867 +0100
+++ openssl-1.1.1h/crypto/ts/ts_conf.c	2020-11-06 12:04:01.713488990 +0100
@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
     const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
 
     if (md == NULL)
-        md = "sha1";
+        md = "sha256";
 
     cert_md = EVP_get_digestbyname(md);
     if (cert_md == NULL) {
diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
--- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/doc/man1/ts.pod	2020-11-06 11:07:28.883101220 +0100
@@ -518,7 +518,7 @@ included. Default is no. (Optional)
 =item B<ess_cert_id_alg>
 
 This option specifies the hash function to be used to calculate the TSA's
-public key certificate identifier. Default is sha1. (Optional)
+public key certificate identifier. Default is sha256. (Optional)
 
 =back
 
@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
 
 =head2 Time Stamp Request
 
-To create a timestamp request for design1.txt with SHA-1
+To create a timestamp request for design1.txt with SHA-256
 without nonce and policy and no certificate is required in the response:
 
   openssl ts -query -data design1.txt -no_nonce \
@@ -546,12 +546,12 @@ To print the content of the previous req
 
   openssl ts -query -in design1.tsq -text
 
-To create a timestamp request which includes the MD-5 digest
+To create a timestamp request which includes the SHA-512 digest
 of design2.txt, requests the signer certificate and nonce,
 specifies a policy id (assuming the tsa_policy1 name is defined in the
 OID section of the config file):
 
-  openssl ts -query -data design2.txt -md5 \
+  openssl ts -query -data design2.txt -sha512 \
         -tspolicy tsa_policy1 -cert -out design2.tsq
 
 =head2 Time Stamp Response
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.