# HG changeset patch # User Wyllys Ingersoll # Date 1255035747 25200 # Node ID 674514c289350087c491fcf3717581db04cf29d2 # Parent 9bd3b79547a57c23caf2df7edabf4f645d44db2e 6887337 pktool gencert should use SHA1 instead of MD5 diff -r 9bd3b79547a5 -r 674514c28935 usr/src/cmd/cmd-crypto/pktool/common.c --- a/usr/src/cmd/cmd-crypto/pktool/common.c Thu Oct 08 10:44:50 2009 -0600 +++ b/usr/src/cmd/cmd-crypto/pktool/common.c Thu Oct 08 14:02:27 2009 -0700 @@ -462,13 +462,13 @@ Str2KeyType(char *algm, KMF_KEY_ALG *ktype, KMF_ALGORITHM_INDEX *sigAlg) { if (algm == NULL) { - *sigAlg = KMF_ALGID_MD5WithRSA; + *sigAlg = KMF_ALGID_SHA1WithRSA; *ktype = KMF_RSA; } else if (strcasecmp(algm, "DSA") == 0) { *sigAlg = KMF_ALGID_SHA1WithDSA; *ktype = KMF_DSA; } else if (strcasecmp(algm, "RSA") == 0) { - *sigAlg = KMF_ALGID_MD5WithRSA; + *sigAlg = KMF_ALGID_SHA1WithRSA; *ktype = KMF_RSA; } else { return (-1); diff -r 9bd3b79547a5 -r 674514c28935 usr/src/cmd/cmd-crypto/pktool/gencert.c --- a/usr/src/cmd/cmd-crypto/pktool/gencert.c Thu Oct 08 10:44:50 2009 -0600 +++ b/usr/src/cmd/cmd-crypto/pktool/gencert.c Thu Oct 08 14:02:27 2009 -0700 @@ -722,7 +722,7 @@ KMF_HANDLE_T kmfhandle = NULL; KMF_ENCODE_FORMAT fmt = KMF_FORMAT_ASN1; KMF_KEY_ALG keyAlg = KMF_RSA; - KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_MD5WithRSA; + KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_SHA1WithRSA; boolean_t interactive = B_FALSE; char *subname = NULL; KMF_CREDENTIAL tokencred = {NULL, 0}; diff -r 9bd3b79547a5 -r 674514c28935 usr/src/cmd/cmd-crypto/pktool/gencsr.c --- a/usr/src/cmd/cmd-crypto/pktool/gencsr.c Thu Oct 08 10:44:50 2009 -0600 +++ b/usr/src/cmd/cmd-crypto/pktool/gencsr.c Thu Oct 08 14:02:27 2009 -0700 @@ -71,7 +71,7 @@ if (keyAlg == KMF_DSA) sigAlg = KMF_ALGID_SHA1WithDSA; else - sigAlg = KMF_ALGID_MD5WithRSA; + sigAlg = KMF_ALGID_SHA1WithRSA; /* If the subject name cannot be parsed, flag it now and exit */ @@ -263,7 +263,7 @@ if (keyAlg == KMF_DSA) sigAlg = KMF_ALGID_SHA1WithDSA; else - sigAlg = KMF_ALGID_MD5WithRSA; + sigAlg = KMF_ALGID_SHA1WithRSA; /* If the subject name cannot be parsed, flag it now and exit */ if ((kmfrv = kmf_dn_parser(subject, &csrSubject)) != KMF_OK) { @@ -381,7 +381,7 @@ if (keyAlg == KMF_DSA) sigAlg = KMF_ALGID_SHA1WithDSA; else - sigAlg = KMF_ALGID_MD5WithRSA; + sigAlg = KMF_ALGID_SHA1WithRSA; kmfrv = configure_nss(kmfhandle, dir, prefix); if (kmfrv != KMF_OK) @@ -529,7 +529,7 @@ KMF_HANDLE_T kmfhandle = NULL; KMF_ENCODE_FORMAT fmt = KMF_FORMAT_ASN1; KMF_KEY_ALG keyAlg = KMF_RSA; - KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_MD5WithRSA; + KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_SHA1WithRSA; boolean_t interactive = B_FALSE; char *subname = NULL; KMF_CREDENTIAL tokencred = {NULL, 0}; diff -r 9bd3b79547a5 -r 674514c28935 usr/src/lib/libkmf/libkmf/common/certop.c --- a/usr/src/lib/libkmf/libkmf/common/certop.c Thu Oct 08 10:44:50 2009 -0600 +++ b/usr/src/lib/libkmf/libkmf/common/certop.c Thu Oct 08 14:02:27 2009 -0700 @@ -2965,12 +2965,9 @@ goto cleanup; ret = set_algoid(&subj_cert->certificate.signature, signature_oid); - + if (ret) + goto cleanup; } - - if (ret) - goto cleanup; - kmf_set_attr_at_index(attrlist, i, KMF_KEYSTORE_TYPE_ATTR, &Signkey->kstype, sizeof (KMF_KEYSTORE_TYPE)); i++;