RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm

Tue, 20 Nov 2012 19:07:55 -0800 

Thanks a lot, Dave. 

So it means that SHA256 is only technically supported from 0.9.7h. If I am 
using 0.9.7d, it is not included, right?

Best Regards,
Aaron

-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Dave Thompson
Sent: Wednesday, November 21, 2012 10:01 AM
To: openssl-users@openssl.org
Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm

> From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao 
> (Aaron,
HPSW-R&D-SH)
> Sent: Tuesday, 20 November, 2012 10:42

> In our product, we are still using OpenSSL 0.9.7d (on Windows
> platform) for certificate validation. Recently we suffered an issue 
> about certificates based SHA256, and the following error is thrown:
> 
> ldap_bind: Can't contact LDAP server (-1) 
>        additional info: error:0D0890A1:asn1 encoding 
> routines:ASN1_verify:unknown message digest algorithm
> 
> My question is:
> 
> 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? 

On one system I still have 0.9.7m which does have SHA-2, with no mention in 
CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) 
and not in 0.9.7h. 
Thus it was apparently backported somewhere >7h <=7m.

> 2) If answer is NO for point 1, since which version does OpenSSL 
> support SHA Digest Algorithm?
> 
(You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much 
longer, and the algorithm originally released as SHA was defective and 
withdrawn before use.)

Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using 
SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with 
ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to