switch to sha256 as default digest for signinging

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20017 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/hx509/ca.c

@@ -543,7 +543,7 @@ ca_sign(hx509_context context,
     time_t notAfter;
     unsigned key_usage;
 
-    sigalg = hx509_signature_rsa_with_sha1();
+    sigalg = hx509_signature_rsa_with_sha256();
 
     memset(&c, 0, sizeof(c));
 

lib/hx509/cms.c

@@ -1094,7 +1094,7 @@ hx509_cms_create_signed_1(hx509_context context,
 			
 	ret = _hx509_create_signature(context,
 				      _hx509_cert_private_key(cert),
-				      hx509_signature_rsa_with_sha1(),
+				      hx509_signature_rsa_with_sha256(),
 				      &os,
 				      &signer_info->signatureAlgorithm,
 				      &signer_info->signature);

lib/hx509/crypto.c

@@ -1355,17 +1355,17 @@ static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
 
 static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 3 };
 const AlgorithmIdentifier _hx509_signature_sha512_data = { 
-    { 8, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
+    { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
 };
 
 static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2 };
 const AlgorithmIdentifier _hx509_signature_sha384_data = { 
-    { 8, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
+    { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
 };
 
 static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
 const AlgorithmIdentifier _hx509_signature_sha256_data = { 
-    { 8, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
+    { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
 };
 
 static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
@@ -2406,11 +2406,11 @@ hx509_crypto_select(const hx509_context context,
 
     if (type == HX509_SELECT_DIGEST) {
 	bits = SIG_DIGEST;
-	def = hx509_signature_sha1();
+	def = hx509_signature_sha256();
     } else if (type == HX509_SELECT_PUBLIC_SIG) {
 	bits = SIG_PUBLIC_SIG;
 	/* XXX depend on `source<63> and `peer<65> */
-	def = hx509_signature_rsa_with_sha1();
+	def = hx509_signature_rsa_with_sha256();
     } else {
 	hx509_set_error_string(context, 0, EINVAL, 
 			       "Unknown type %d of selection", type);

lib/hx509/req.c

@@ -191,7 +191,7 @@ _hx509_request_to_pkcs10(hx509_context context,
 
     ret = _hx509_create_signature(context,
 				  signer,
-				  hx509_signature_rsa_with_sha1(),
+				  hx509_signature_rsa_with_sha256(),
 				  &data,
 				  &r.signatureAlgorithm,
 				  &os);

lib/hx509/revoke.c

@@ -800,7 +800,7 @@ hx509_ocsp_request(hx509_context context,
     memset(&req, 0, sizeof(req));
 
     if (digest == NULL)
-	digest = hx509_signature_sha1();
+	digest = hx509_signature_sha256();
 
     ctx.req = &req.tbsRequest;
     ctx.certs = pool;

lib/hx509/tst-crypto-available1

@@ -3,7 +3,7 @@
 1.2.840.113549.1.1.5
 1.2.840.113549.1.1.4
 1.2.840.113549.1.1.2
-2.16.840.1.101.3.4.2
+2.16.840.1.101.3.4.2.1
 1.3.14.3.2.26
 1.2.840.113549.2.5
 1.2.840.113549.2.2

lib/hx509/tst-crypto-available2

@@ -1,4 +1,4 @@
-2.16.840.1.101.3.4.2
+2.16.840.1.101.3.4.2.1
 1.3.14.3.2.26
 1.2.840.113549.2.5
 1.2.840.113549.2.2

lib/hx509/tst-crypto-select1

@@ -1 +1 @@
-1.3.14.3.2.26
+2.16.840.1.101.3.4.2.1

lib/hx509/tst-crypto-select2

@@ -1 +1 @@
-1.2.840.113549.1.1.5
+1.2.840.113549.1.1.11