[openssl-users] Cant get openssl x509 to work as documented
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Aug 22 15:54:46 UTC 2017
> On Aug 22, 2017, at 10:53 AM, Salz, Rich via openssl-users <openssl-users at openssl.org> wrote:
>
> Fixed in 1.1.0 and later; “list—digest-algorithms” command.
For the record: "openssl list -digest-algorithms", the "ndash" above
is a typo of some sort...
It is not clear to me how to get a list of digest algorithms that have
ASN.1 OIDs for certificate signing. Are all the digests listed with
this command suitable for such use?
The "NOTES" section of EVP_SignInit(3) says:
https://www.openssl.org/docs/manmaster/man3/EVP_SignInit.html
Due to the link between message digests and public key algorithms
the correct digest algorithm must be used with the correct public
key type. A list of algorithms and associated public key algorithms
appears in EVP_DigestInit(3).
while for EVP_DigestSignInit(3) we have:
https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
In previous versions of OpenSSL there was a link between message
digest types and public key algorithms. This meant that "clone"
digests such as EVP_dss1() needed to be used to sign using SHA1
and DSA. This is no longer necessary and the use of clone digest
is now discouraged.
and finally in EVP_DigestInit(3):
https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html
EVP_MD_pkey_type() returns the NID of the public key signing algorithm
associated with this digest. For example EVP_sha1() is associated with
RSA so this will return NID_sha1WithRSAEncryption. Since digests and
signature algorithms are no longer linked this function is only
retained for compatibility reasons.
EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(),
EVP_blake2b_512(), and EVP_blake2s_256() return EVP_MD structures for
the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2, RIPEMD160,
BLAKE2b-512, and BLAKE2s-256 digest algorithms respectively.
So it is not particularly clear which combinations public key and digest
algorithms are supported for signing.
In crypto/ec/ec_pmeth.c we have:
case EVP_PKEY_CTRL_MD:
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
return 0;
}
so with ECDSA we only support SHA1 and the SHA2 family of digests.
Similar code for DSA in crypto/dsa/dsa_pmeth.c
case EVP_PKEY_CTRL_MD:
if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
return 0;
}
In crypto/rsa/rsa_pmeth.c we have:
/* List of all supported RSA digests */
case NID_sha1:
case NID_sha224:
case NID_sha256:
case NID_sha384:
case NID_sha512:
case NID_md5:
case NID_md5_sha1:
case NID_md2:
case NID_md4:
case NID_mdc2:
case NID_ripemd160:
return 1;
So for RSA we have SHA1/SHA2/MD5/MD2/MD4/MDC2/RIPEMD160 (with
special handling of PSS I'm not going into).
> And the manpages should say things like “any supported digest” and such.
The picture is a lot more complex I'm sorry to say...
--
Viktor.
More information about the openssl-users
mailing list