[Pkg-openssl-devel] Bug#686470: libssl1.0.0: uses SHA256 instead of SHA384 for 384-bit EC key

brian m. carlson sandals at crustytoothpaste.net
Sun Sep 2 00:46:38 UTC 2012 

Package: libssl1.0.0
Version: 1.0.1c-4
Severity: important

I am running postfix on a sid machine (using OpenSSL) and I have set up
both RSA and EC keys.  The EC key in question is using a 384-bit curve
(secp384r1).  Logically, the appropriate algorithm to use in this case
is SHA-384, and this is what libgnutls28 expects.  However, OpenSSL
tries to use SHA-256, which GnuTLS doesn't like.  This causes the
connection to be aborted.

I've read the relevant specs and they don't absolutely require that
SHA-384 or SHA-512 be used (there is no MUST), but if a 384-bit key is
being used for ECDSA, SHA-384 is the logical choice if the client
supports it.  I noticed this using both gnutls-cli as a client and
Debian's mutt package (linked against libgnutls28 instead of the
default).

GnuTLS is going to work around this, but I expect this will cause other
interoperability concerns.  This also prevents Suite B compatibility out
of the box.  I marked this bug as important because it means that GnuTLS
and OpenSSL will not interoperate properly using ECDSA.

A log of the behavior using gnutls-cli is available at
<http://lists.gnu.org/archive/html/help-gnutls/2012-09/msg00000.html>.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.4-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0 depends on:
ii  cdebconf [debconf-2.0]  0.173
ii  debconf [debconf-2.0]   1.5.46
ii  libc6                   2.13-35
ii  multiarch-support       2.13-35
ii  zlib1g                  1:1.2.7.dfsg-13

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

-- debconf information excluded

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20120902/b2ab9152/attachment.pgp>

More information about the Pkg-openssl-devel mailing list