Mercurial > illumos > illumos-gate

changeset 10744:674514c28935

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6887337 pktool gencert should use SHA1 instead of MD5
author Wyllys Ingersoll <wyllys.ingersoll@sun.com>
date Thu, 08 Oct 2009 14:02:27 -0700
parents 9bd3b79547a5
children 89bfb2b10e30
files usr/src/cmd/cmd-crypto/pktool/common.c usr/src/cmd/cmd-crypto/pktool/gencert.c usr/src/cmd/cmd-crypto/pktool/gencsr.c usr/src/lib/libkmf/libkmf/common/certop.c
diffstat 4 files changed, 9 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/cmd-crypto/pktool/common.c	Thu Oct 08 10:44:50 2009 -0600
+++ b/usr/src/cmd/cmd-crypto/pktool/common.c	Thu Oct 08 14:02:27 2009 -0700
@@ -462,13 +462,13 @@
 Str2KeyType(char *algm, KMF_KEY_ALG *ktype, KMF_ALGORITHM_INDEX *sigAlg)
 {
 	if (algm == NULL) {
-		*sigAlg = KMF_ALGID_MD5WithRSA;
+		*sigAlg = KMF_ALGID_SHA1WithRSA;
 		*ktype = KMF_RSA;
 	} else if (strcasecmp(algm, "DSA") == 0) {
 		*sigAlg = KMF_ALGID_SHA1WithDSA;
 		*ktype = KMF_DSA;
 	} else if (strcasecmp(algm, "RSA") == 0) {
-		*sigAlg = KMF_ALGID_MD5WithRSA;
+		*sigAlg = KMF_ALGID_SHA1WithRSA;
 		*ktype = KMF_RSA;
 	} else {
 		return (-1);
--- a/usr/src/cmd/cmd-crypto/pktool/gencert.c	Thu Oct 08 10:44:50 2009 -0600
+++ b/usr/src/cmd/cmd-crypto/pktool/gencert.c	Thu Oct 08 14:02:27 2009 -0700
@@ -722,7 +722,7 @@
 	KMF_HANDLE_T kmfhandle = NULL;
 	KMF_ENCODE_FORMAT fmt = KMF_FORMAT_ASN1;
 	KMF_KEY_ALG keyAlg = KMF_RSA;
-	KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_MD5WithRSA;
+	KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_SHA1WithRSA;
 	boolean_t interactive = B_FALSE;
 	char *subname = NULL;
 	KMF_CREDENTIAL tokencred = {NULL, 0};
--- a/usr/src/cmd/cmd-crypto/pktool/gencsr.c	Thu Oct 08 10:44:50 2009 -0600
+++ b/usr/src/cmd/cmd-crypto/pktool/gencsr.c	Thu Oct 08 14:02:27 2009 -0700
@@ -71,7 +71,7 @@
 	if (keyAlg == KMF_DSA)
 		sigAlg = KMF_ALGID_SHA1WithDSA;
 	else
-		sigAlg = KMF_ALGID_MD5WithRSA;
+		sigAlg = KMF_ALGID_SHA1WithRSA;
 
 
 	/* If the subject name cannot be parsed, flag it now and exit */
@@ -263,7 +263,7 @@
 	if (keyAlg == KMF_DSA)
 		sigAlg = KMF_ALGID_SHA1WithDSA;
 	else
-		sigAlg = KMF_ALGID_MD5WithRSA;
+		sigAlg = KMF_ALGID_SHA1WithRSA;
 
 	/* If the subject name cannot be parsed, flag it now and exit */
 	if ((kmfrv = kmf_dn_parser(subject, &csrSubject)) != KMF_OK) {
@@ -381,7 +381,7 @@
 	if (keyAlg == KMF_DSA)
 		sigAlg = KMF_ALGID_SHA1WithDSA;
 	else
-		sigAlg = KMF_ALGID_MD5WithRSA;
+		sigAlg = KMF_ALGID_SHA1WithRSA;
 
 	kmfrv = configure_nss(kmfhandle, dir, prefix);
 	if (kmfrv != KMF_OK)
@@ -529,7 +529,7 @@
 	KMF_HANDLE_T kmfhandle = NULL;
 	KMF_ENCODE_FORMAT fmt = KMF_FORMAT_ASN1;
 	KMF_KEY_ALG keyAlg = KMF_RSA;
-	KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_MD5WithRSA;
+	KMF_ALGORITHM_INDEX sigAlg = KMF_ALGID_SHA1WithRSA;
 	boolean_t interactive = B_FALSE;
 	char *subname = NULL;
 	KMF_CREDENTIAL tokencred = {NULL, 0};
--- a/usr/src/lib/libkmf/libkmf/common/certop.c	Thu Oct 08 10:44:50 2009 -0600
+++ b/usr/src/lib/libkmf/libkmf/common/certop.c	Thu Oct 08 14:02:27 2009 -0700
@@ -2965,12 +2965,9 @@
 			goto cleanup;
 		ret = set_algoid(&subj_cert->certificate.signature,
 		    signature_oid);
-
+		if (ret)
+			goto cleanup;
 	}
-
-	if (ret)
-		goto cleanup;
-
 	kmf_set_attr_at_index(attrlist, i, KMF_KEYSTORE_TYPE_ATTR,
 	    &Signkey->kstype, sizeof (KMF_KEYSTORE_TYPE));
 	i++;