[Bug 1810129] Re: blake2b512 / sha3-512 invalid digest type

Mon, 10 Jun 2019 16:31:11 -0700 

I don't think it follows.

For example, with an RSA key I can use SHA3-512.

Signature Algorithm: RSA-SHA3-512

The point is, that digests are not independant, and one cannot just use
any as they need to have well known identifiers as specified in the
relevant RFCs.

Ie.
https://tools.ietf.org/html/rfc5280
https://tools.ietf.org/html/rfc3279
https://tools.ietf.org/html/rfc4055

And similar.

The SHA3 algorithms are being added in this draft:
https://tools.ietf.org/html/draft-turner-lamps-adding-sha3-to-pkix-01#ref-I-D.ietf-curdle-pkix

But it looks like it has expired 
https://datatracker.ietf.org/doc/draft-turner-lamps-adding-sha3-to-pkix/

So i'm not sure what openssl is basing their implementation on. Maybe
something published by IEEE?!

For elliptic curve keys it seems like the supported digests are all the usual 
suspects:
        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
            return 0;
        }

For RSA keys slightly larger list:
        case NID_sha1:
        case NID_sha224:
        case NID_sha256:
        case NID_sha384:
        case NID_sha512:
        case NID_md5:
        case NID_md5_sha1:
        case NID_md2:
        case NID_md4:
        case NID_mdc2:
        case NID_ripemd160:
        case NID_sha3_224:
        case NID_sha3_256:
        case NID_sha3_384:
        case NID_sha3_512:
            return 1;

If there are algos for which there are published RFCs please open a bug
upstream about adding those. If there are none defined, please submit
RFC to IETF to get them defined such that new digest algos can be added
across the internet - and not be specific to just openssl.

It's not up to Ubuntu to define new digest types in x.509, thus i'm
closing this bug report as opinion.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1810129

Title:
  blake2b512 / sha3-512 invalid digest type

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1810129/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to