diff options
| author | lloyd <[email protected]> | 2009-11-09 13:22:52 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2009-11-09 13:22:52 +0000 |
| commit | 4049ba134674d78c07c8b0453cb5e5f312469639 (patch) | |
| tree | b9214ede8da1600a46560fe061017fa124b2b465 /checks | |
| parent | b5d4cf01a893718c8796652f3cf0f68b867bab94 (diff) | |
In creating X.509 certificates and PKCS #10 requests, let (actually: require)
the user to specify the hash function to use, instead of always using SHA-1.
This was a sensible default a few years ago, when there wasn't a ~2^60 attack
on SHA-1 and support for SHA-2 was pretty much nil, but using something else
makes a lot more sense these days.
Diffstat (limited to 'checks')
| -rw-r--r-- | checks/x509.cpp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/checks/x509.cpp b/checks/x509.cpp index 6f191285c..69dd29492 100644 --- a/checks/x509.cpp +++ b/checks/x509.cpp @@ -129,6 +129,8 @@ void do_x509_tests(RandomNumberGenerator& rng) { std::cout << "Testing X.509 CA/CRL/cert/cert request: " << std::flush; + std::string hash_fn = "SHA-256"; + /* Create the CA's key and self-signed cert */ std::cout << '.' << std::flush; RSA_PrivateKey ca_key(rng, 1024); @@ -136,6 +138,7 @@ void do_x509_tests(RandomNumberGenerator& rng) std::cout << '.' << std::flush; X509_Certificate ca_cert = X509::create_self_signed_cert(ca_opts(), ca_key, + hash_fn, rng); std::cout << '.' << std::flush; @@ -146,12 +149,14 @@ void do_x509_tests(RandomNumberGenerator& rng) std::cout << '.' << std::flush; PKCS10_Request user1_req = X509::create_cert_req(req_opts1(), user1_key, + "SHA-1", rng); /* Create user #2's key and cert request */ std::cout << '.' << std::flush; #if defined(BOTAN_HAS_ECDSA) - ECDSA_PrivateKey user2_key(rng, get_EC_Dom_Pars_by_oid("1.3.132.0.8")); + EC_Domain_Params ecc_domain = get_EC_Dom_Pars_by_oid("1.2.840.10045.3.1.7"); + ECDSA_PrivateKey user2_key(rng, ecc_domain); #else RSA_PrivateKey user2_key(rng, 1024); #endif @@ -159,11 +164,12 @@ void do_x509_tests(RandomNumberGenerator& rng) std::cout << '.' << std::flush; PKCS10_Request user2_req = X509::create_cert_req(req_opts2(), user2_key, + hash_fn, rng); /* Create the CA object */ std::cout << '.' << std::flush; - X509_CA ca(ca_cert, ca_key); + X509_CA ca(ca_cert, ca_key, hash_fn); std::cout << '.' << std::flush; /* Sign the requests to create the certs */ |