[Bug 1810129] Re: blake2b512 / sha3-512 invalid digest type
Dimitri John Ledkov
launchpad at surgut.co.uk
Mon Jun 10 23:21:20 UTC 2019
(specifically published RFCs defining the relevant digest-algo /
signature types format to be used in x.509 certificates / or any pki
generically. Just the definition of the math to calculate the digest is
not enough)
** Changed in: openssl (Ubuntu)
Status: Incomplete => Opinion
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1810129
Title:
blake2b512 / sha3-512 invalid digest type
Status in openssl package in Ubuntu:
Opinion
Bug description:
cosmic | openssl 1.1.1-1
Since 1.1.1.a-1 provides support for blake2b512 / sha3-512 it would be
expected such to work when generating certificates which however does
not.
OpenSSL> list -digest-commands
blake2b512 blake2s256 gost md4
md5 mdc2 rmd160 sha1
sha224 sha256 sha3-224 sha3-256
sha3-384 sha3-512 sha384 sha512
sha512-224 sha512-256 shake128 shake256
sm3
OpenSSL> list -digest-algorithms
...
BLAKE2b512
...
SHA3-512
...
____
Steps to reproduce:
in openssl_ca.conf set 'default_md = blake2b512' or 'default_md =
sha3-512'
generating a certificate ends with
'error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest
type:crypto/ec/ec_pmeth.c:327:'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1810129/+subscriptions
More information about the foundations-bugs
mailing list