Replacement for CRL name hash computation

[number492]

I am trying to compute the name hash for CRLs (X509Name.hash() in pyopenssl), and it seems there is no equivalent operation in the cryptography package. The closest I can find is Name.public_bytes(), but that only gives me X509Name.der(). I tried reproducing the steps in hash()'s documentation, but I'm getting a different hash than openssl. Not to mention the process is internal and may be subject to change.

What is the suggested replacement for pyopenssl's X509Name.hash()?

[alex]

What's your goal with the hash function? Are you looking for something that will return the exact same value, or are looking for something that will fill the same role (i.e., a deterministic short integer representation)?

…

On Sat, Jan 18, 2025 at 6:00 PM Istvan Papp ***@***.***> wrote: I am trying to compute the name hash for CRLs (X509Name.hash() in pyopenssl), and it seems there is no equivalent operation in the cryptography package. The closest I can find is Name.public_bytes(), but that only gives me X509Name.der(). I tried reproducing the steps in hash()'s documentation, but I'm getting a different hash than openssl. Not to mention the process is internal and may be subject to change. What is the suggested replacement for pyopenssl's X509Name.hash()? — Reply to this email directly, view it on GitHub <#1412>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAAGBBYBGO5TASZIBJL6CL2LLMHNAVCNFSM6AAAAABVOBQPL2VHI2DSMVQWIX3LMV43ASLTON2WKOZSG44TOMRWHAZTOMA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

[number492]

I am trying to get the exact same value, to build the symlinks, specifically for openssl to consume later. Without falling back to running openssl via subprocess, preferably.

[alex]

Unfortunately, OpenSSL no longer documents the precise algorithm for computing these. https://github.com/openssl/openssl/blob/master/crypto/x509/x509_cmp.c#L289 is the implementation.

…

On Sun, Jan 19, 2025 at 2:32 AM Istvan Papp ***@***.***> wrote: I am trying to get the exact same value, to build the symlinks, specifically for openssl to consume later. Without falling back to running openssl via subprocess, preferably. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: ***@***.***>

-- All that is necessary for evil to succeed is for good people to do nothing.