Hello Viktor -- thanks a lot! Viktor Dukhovni wrote in <Zu5gqB6twiy50H_t@xxxxxxxxxxxxxxxxxxx>: |On Sat, Sep 21, 2024 at 02:36:46AM +0200, Steffen Nurpmeso wrote: | |> I used to support the following digests for S/MIME: |> |> .Ql BLAKE2b512 , |> .Ql BLAKE2s256 , ... |Is this for signing with RSA keys? See the implementations of |ossl_digest_rsa_sign_get_md_nid() and ossl_digest_get_approved_nid() Your knowledge is amazing as always. (That new code seems much easier to grasp than the one of the past, i had not seen it yet. Like my own one, in practice. But in total maybe days i spent -- and i am not alone! -- trying to find things in OpenSSL source code. And there you go.) |which do not include Blake2 digests among those supported as an |RSAwith<digest> variant. | |> And i must be very much mistaken (on this specific topic, i know, i |> know, in general i am anyway) if it worked to use Blake2 in the past, ... |A cursory search suggests that perhaps standardisation of RSA with Blake2 |fizzled out: | | https://datatracker.ietf.org/doc/draft-wconner-blake2sigs/history/ | |but I could be mistaken. No, all is well. Error solely on my side, it was *not* selected by default for S/MIME digests, but users *could* have configured it (they can configure whatever they want), .. which would have led to failure then, of course. (It was selected by default only for TLS fingerprint creation.) I now also realize by looking that ressl simply defines OPENSSL_NO_BLAKE2; bad as i jumped on that train in 2018 it seems, the Linux random code uses it (not that i did understand the recent article on its security), Argon2 uses it, WireGuard, etc. Then it seems to have be SHA-3. Thanks again Viktor! --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -- You received this message because you are subscribed to the Google Groups "openssl-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx. To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/20240921224322.jmFrDV1f%40steffen%25sdaoden.eu.
