On 26/04/16 10:39, Gäckler Martin (EXT) wrote: > Hi Matt, > > Thanks for the reply. According to my colleague the PHP function > opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This > does not work for the digest name "ecdsa-with-SHA256".
Hmmm. No. Well "ecdsa-with-SHA256" is not a digest, so I would not expect EVP_get_digestbyname() to return one. But "sha256" is. Have you tried just using that? I am not familiar with the PHP language bindings at all, but I would expect that the ECDSA bit would be derived from the type of key used (i.e. if you supply an EC key then it will use ECDSA). Matt > > Nevertheless, I will try to create a new branch. > > Thanks again. > > Martin > > > > -----Original Message----- From: openssl-dev > [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt Caswell > Sent: Dienstag, 26. April 2016 11:12 To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and > NID_ecdsa_with_SHA256 > > > > On 26/04/16 09:43, Gäckler Martin (EXT) wrote: >> We're currently developing a system that uses OAuth protocol to >> identify the users. The service provider is developed in PHP and >> uses OpenSSL to verify the access token. Unfortunately the identity >> provider, which is managed by another company, uses ecdsa with >> sha256 to sign the access tokens. Although the constants for this >> method (SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256) are defined >> in OpenSSL, this method is currently not supported by OpenSSL. > > I'm not really sure what that means, since its perfectly possible to > use ECDSA in conjunction with SHA256 to sign data. E.g. just use > EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to > EVP_DigestSignInit() > > https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html > > > >> >> My question is, what can I do, to add my changes to the official >> OpenSSL sources. I'm new to github and OpenSSL development and I >> did not find a documentation suitable for me. We would appreciate >> if this method would become part of the official OpenSSL >> distribution. > > Create a new branch based on the master branch in git (new features > are not accepted into stable releases). Add your features to it and > push your changes to your github repo, and then create a github pull > request. > > Matt > > -- openssl-dev mailing list To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-dev > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev