gnutls_x509_*_sign: no longer sign with SHA1

Modify the behavior of the functions to sign with an appropriate
to the public key hash algorithm. That although it modifies the
semantics of the functions, it allows them to be useful even after
SHA1 is considered insecure.

In addition to that, the functions which accept a hash algorithm, will
accept a null hash, which instructs the function to select a
reasonable choice.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

3 files changed, 35 insertions, 7 deletions

diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index a5930a45f9..b09887486a 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -91,6 +91,9 @@ gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version)
  * be fully functional (e.g., for signature verification), until it
  * is exported an re-imported.
  *
+ * After GnuTLS 3.6.1 the value of @dig may be %GNUTLS_DIG_UNKNOWN,
+ * and in that case, a suitable but reasonable for the key algorithm will be selected.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
@@ -141,8 +144,10 @@ gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
  * @issuer: is the certificate of the certificate issuer
  * @issuer_key: holds the issuer's private key
  *
- * This function is the same a gnutls_x509_crl_sign2() with no flags, and
- * SHA1 as the hash algorithm.
+ * This function is the same a gnutls_x509_crl_sign2() with no flags,
+ * and an appropriate hash algorithm. The hash algorithm used may
+ * vary between versions of GnuTLS, and it is tied to the security
+ * level of the issuer's public key.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
@@ -154,7 +159,7 @@ gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
 		     gnutls_x509_privkey_t issuer_key)
 {
 	return gnutls_x509_crl_sign2(crl, issuer, issuer_key,
-				     GNUTLS_DIG_SHA1, 0);
+				     0, 0);
 }
 
 /**
@@ -475,6 +480,9 @@ gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
  * be fully functional (e.g., for signature verification), until it
  * is exported an re-imported.
  *
+ * After GnuTLS 3.6.1 the value of @dig may be %GNUTLS_DIG_UNKNOWN,
+ * and in that case, a suitable but reasonable for the key algorithm will be selected.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
@@ -494,6 +502,12 @@ gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
+	if (dig == 0) {
+		result = gnutls_x509_crt_get_preferred_hash_algorithm(issuer, &dig, NULL);
+		if (result < 0)
+			return gnutls_assert_val(result);
+	}
+
 	/* disable all the unneeded OPTIONAL fields.
 	 */
 	disable_optional_stuff(crl);
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index d513b8e2fe..a383a47821 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3183,7 +3183,7 @@ gnutls_x509_crt_check_key_purpose(gnutls_x509_crt_t cert,
  * gnutls_x509_crt_get_preferred_hash_algorithm:
  * @crt: Holds the certificate
  * @hash: The result of the call with the hash algorithm used for signature
- * @mand: If non-zero it means that the algorithm MUST use this hash. May be NULL.
+ * @mand: If non-zero it means that the algorithm MUST use this hash. May be %NULL.
  *
  * This function will read the certificate and return the appropriate digest
  * algorithm to use for signing with this certificate. Some certificates (i.e.
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 57169d09db..e4df604861 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2003-2016 Free Software Foundation, Inc.
- * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright (C) 2016-2017 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -1113,6 +1113,9 @@ gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt,
  * be fully functional (e.g., for signature verification), until it
  * is exported an re-imported.
  *
+ * After GnuTLS 3.6.1 the value of @dig may be %GNUTLS_DIG_UNKNOWN,
+ * and in that case, a suitable but reasonable for the key algorithm will be selected.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  **/
@@ -1165,7 +1168,9 @@ gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
  * @issuer_key: holds the issuer's private key
  *
  * This function is the same a gnutls_x509_crt_sign2() with no flags,
- * and SHA1 as the hash algorithm.
+ * and an appropriate hash algorithm. The hash algorithm used may
+ * vary between versions of GnuTLS, and it is tied to the security
+ * level of the issuer's public key.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
@@ -1175,7 +1180,7 @@ gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
 		     gnutls_x509_privkey_t issuer_key)
 {
 	return gnutls_x509_crt_sign2(crt, issuer, issuer_key,
-				     GNUTLS_DIG_SHA1, 0);
+				     0, 0);
 }
 
 /**
@@ -1785,6 +1790,9 @@ gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
  * be fully functional (e.g., for signature verification), until it
  * is exported an re-imported.
  *
+ * After GnuTLS 3.6.1 the value of @dig may be %GNUTLS_DIG_UNKNOWN,
+ * and in that case, a suitable but reasonable for the key algorithm will be selected.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  **/
@@ -1802,6 +1810,12 @@ gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt,
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
+	if (dig == 0) {
+		result = gnutls_x509_crt_get_preferred_hash_algorithm(issuer, &dig, NULL);
+		if (result < 0)
+			return gnutls_assert_val(result);
+	}
+
 	MODIFIED(crt);
 
 	/* disable all the unneeded OPTIONAL fields.