> On Aug 22, 2017, at 10:53 AM, Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> wrote: > > Fixed in 1.1.0 and later; “list—digest-algorithms” command. For the record: "openssl list -digest-algorithms", the "ndash" above is a typo of some sort... It is not clear to me how to get a list of digest algorithms that have ASN.1 OIDs for certificate signing. Are all the digests listed with this command suitable for such use? The "NOTES" section of EVP_SignInit(3) says: https://www.openssl.org/docs/manmaster/man3/EVP_SignInit.html Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in EVP_DigestInit(3). while for EVP_DigestSignInit(3) we have: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged. and finally in EVP_DigestInit(3): https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return NID_sha1WithRSAEncryption. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(), EVP_blake2b_512(), and EVP_blake2s_256() return EVP_MD structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2, RIPEMD160, BLAKE2b-512, and BLAKE2s-256 digest algorithms respectively. So it is not particularly clear which combinations public key and digest algorithms are supported for signing. In crypto/ec/ec_pmeth.c we have: case EVP_PKEY_CTRL_MD: if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); return 0; } so with ECDSA we only support SHA1 and the SHA2 family of digests. Similar code for DSA in crypto/dsa/dsa_pmeth.c case EVP_PKEY_CTRL_MD: if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && EVP_MD_type((const EVP_MD *)p2) != NID_dsa && EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; } In crypto/rsa/rsa_pmeth.c we have: /* List of all supported RSA digests */ case NID_sha1: case NID_sha224: case NID_sha256: case NID_sha384: case NID_sha512: case NID_md5: case NID_md5_sha1: case NID_md2: case NID_md4: case NID_mdc2: case NID_ripemd160: return 1; So for RSA we have SHA1/SHA2/MD5/MD2/MD4/MDC2/RIPEMD160 (with special handling of PSS I'm not going into). > And the manpages should say things like “any supported digest” and such. The picture is a lot more complex I'm sorry to say... -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
