Re: Cant get openssl x509 to work as documented

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Aug 22, 2017, at 10:53 AM, Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
> 
> Fixed in 1.1.0 and later; “list—digest-algorithms” command.

For the record: "openssl list -digest-algorithms", the "ndash" above
is a typo of some sort...

It is not clear to me how to get a list of digest algorithms that have
ASN.1 OIDs for certificate signing.  Are all the digests listed with
this command suitable for such use?

The "NOTES" section of EVP_SignInit(3) says:

   https://www.openssl.org/docs/manmaster/man3/EVP_SignInit.html

       Due to the link between message digests and public key algorithms
       the correct digest algorithm must be used with the correct public
       key type. A list of algorithms and associated public key algorithms
       appears in EVP_DigestInit(3).

while for EVP_DigestSignInit(3) we have:

   https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html

       In previous versions of OpenSSL there was a link between message
       digest types and public key algorithms. This meant that "clone"
       digests such as EVP_dss1() needed to be used to sign using SHA1
       and DSA. This is no longer necessary and the use of clone digest
       is now discouraged.

and finally in EVP_DigestInit(3):

    https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html

       EVP_MD_pkey_type() returns the NID of the public key signing algorithm
       associated with this digest. For example EVP_sha1() is associated with
       RSA so this will return NID_sha1WithRSAEncryption. Since digests and
       signature algorithms are no longer linked this function is only
       retained for compatibility reasons.

       EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
       EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(),
       EVP_blake2b_512(), and EVP_blake2s_256() return EVP_MD structures for
       the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2, RIPEMD160,
       BLAKE2b-512, and BLAKE2s-256 digest algorithms respectively.

So it is not particularly clear which combinations public key and digest
algorithms are supported for signing.

In crypto/ec/ec_pmeth.c we have:

    case EVP_PKEY_CTRL_MD:
        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
            return 0;
        }

so with ECDSA we only support SHA1 and the SHA2 family of digests.
Similar code for DSA in crypto/dsa/dsa_pmeth.c

    case EVP_PKEY_CTRL_MD:
        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
            EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
            return 0;
        }

In crypto/rsa/rsa_pmeth.c we have:

        /* List of all supported RSA digests */
        case NID_sha1:
        case NID_sha224:
        case NID_sha256:
        case NID_sha384:
        case NID_sha512:
        case NID_md5:
        case NID_md5_sha1:
        case NID_md2:
        case NID_md4:
        case NID_mdc2:
        case NID_ripemd160:
            return 1;

So for RSA we have SHA1/SHA2/MD5/MD2/MD4/MDC2/RIPEMD160 (with
special handling of PSS I'm not going into).

> And the manpages should say things like “any supported digest” and such.

The picture is a lot more complex I'm sorry to say...

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux