Quantcast

The new subject hash algorithm

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

The new subject hash algorithm

Krzysztof Benedyczak
Hi Openssl Developers,

Since openssl 1.0.0 a new subject hash is used, i.e. the output of the

openssl x509 -subject_hash ...

has changed. The old one was quite easy to decipher and commonly known
(part of the MD5 hash of the bin form of the subject name). Now AFAIU
MD5 has been changed do SHA1, but it seems that there are also other
modifications (some normalization? or?).

Is it possible to get a precise information how openssl generate the
the aforementioned subject hash? I can try to infer it from source of
course, but having an algorithm description would be of great help.

I was trying to find some information on the topic but no luck. The
reason for the question is that in Java software I need to support
openssl-like certificates trust store.

Thanks and best regards,
Krzysztof
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: The new subject hash algorithm

Dr. Stephen Henson
On Mon, Apr 22, 2013, Krzysztof Benedyczak wrote:

> Hi Openssl Developers,
>
> Since openssl 1.0.0 a new subject hash is used, i.e. the output of the
>
> openssl x509 -subject_hash ...
>
> has changed. The old one was quite easy to decipher and commonly
> known (part of the MD5 hash of the bin form of the subject name).
> Now AFAIU MD5 has been changed do SHA1, but it seems that there are
> also other modifications (some normalization? or?).
>
> Is it possible to get a precise information how openssl generate the
> the aforementioned subject hash? I can try to infer it from source
> of course, but having an algorithm description would be of great
> help.
>
> I was trying to find some information on the topic but no luck. The
> reason for the question is that in Java software I need to support
> openssl-like certificates trust store.
>

It's a bit complex and you need to be able to decode and reencode the Name
structure to duplicate this.

The function x509_name_canon performs the reencoding this is in
crypto/asn1/x_name.c:

/* This function generates the canonical encoding of the Name structure.
 * In it all strings are converted to UTF8, leading, trailing and
 * multiple spaces collapsed, converted to lower case and the leading
 * SEQUENCE header removed.
 *

This encoding is then used to perform the hash using SHA1 in a similar way to
the old algorithm (see X509_NAME_hash function in crypto/x509/x509_cmp.c).

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: The new subject hash algorithm

Krzysztof Benedyczak
Hi,

W dniu 24.04.2013 17:36, Dr. Stephen Henson pisze:

> On Mon, Apr 22, 2013, Krzysztof Benedyczak wrote:
>
>> Hi Openssl Developers,
>>
>> Since openssl 1.0.0 a new subject hash is used, i.e. the output of the
>>
>> openssl x509 -subject_hash ...
>>
>> has changed. The old one was quite easy to decipher and commonly
>> known (part of the MD5 hash of the bin form of the subject name).
>> Now AFAIU MD5 has been changed do SHA1, but it seems that there are
>> also other modifications (some normalization? or?).
>>
>> Is it possible to get a precise information how openssl generate the
>> the aforementioned subject hash? I can try to infer it from source
>> of course, but having an algorithm description would be of great
>> help.
>>
>> I was trying to find some information on the topic but no luck. The
>> reason for the question is that in Java software I need to support
>> openssl-like certificates trust store.
>>
>
> It's a bit complex and you need to be able to decode and reencode the Name
> structure to duplicate this.
>
> The function x509_name_canon performs the reencoding this is in
> crypto/asn1/x_name.c:
>
> /* This function generates the canonical encoding of the Name structure.
>   * In it all strings are converted to UTF8, leading, trailing and
>   * multiple spaces collapsed, converted to lower case and the leading
>   * SEQUENCE header removed.
>   *
>
> This encoding is then used to perform the hash using SHA1 in a similar way to
> the old algorithm (see X509_NAME_hash function in crypto/x509/x509_cmp.c).

Thanks a lot for the answer. I've tried it on a simple DN and I was able
to reproduce the same hash as is outputted by Openssl.

However I have some general doubts regarding the algorithm:
  -) what about multi-valued RDNs? According to RFC their order is
irrelevant. Do you somehow sort them for the c19 form?
  -) what is the definition of the 'string' above? TeletexString,
PrintableString, UTF8String, BMPString? More or less?

Thanks again,
Krzysztof



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: The new subject hash algorithm

c0y3
Hi Steve and Krzysztof,
I have not been able to reproduce the same output as openssl. Can you be more specific how you achieved it?

So x509_name_canon generates the CANONICAL representation of the subject name, right?

If I understand correctly, after generating the canon encoding I would only have to pass it to EVP_Digest, correct?

Exposing x509_name_canon() to x509_cmp.c first.

unsigned long X509_NAME_hash(X509_NAME *x):
    x509_name_canon()
    EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL)

Loading...