On 07/07/2016 20:08, Chris Bare wrote:
EVP_get_digestbyobj fails for ecdsa-with-SHA256
ecdsa-with-SHA256 is not a digest algorithm, it is a signature
algorithm with a specific choice of digest algorithm (SHA256).
In OpenSSL 1.0.2 and older there is a very old compatibility
feature which allows accessing a few old signature+digest
algorithm pairs via a digest algorithm object.
Specifically:
RSA with md2, md4, md5, mdc2, ripemd, SHA-0, SHA-1, SHA224,
SHA256, SHA384 and SHA512
DSA with SHA-0 and SHA1
ECDSA with with SHA1
This has been deprecated for a long time, but the compatibility
code makes your code below work for the above algorithm pairs.
The reason this compatibility code is deprecated is that it
causes the RSA algorithm to be referenced every time someone
tries to reference just the hash algorithm object for one of
the digest algorithms listed above.
I'm trying to perform a standard signature verification using the
EVP_* functions.
I think my code is correct, because it all runs fine if the digest is
RSA-SHA256.
I have an ASN1_OBJECT that specifics the signature/disgest type.
Here is my code that dumps out all the intermediate steps called by
EVP_get_digestbyobj:
ASN1_OBJECT * ;
OBJ_obj2txt(name, 256, sig_alg_oid, 1);
printf ("NAME %s", name);
printf ("NID = %d", OBJ_obj2nid(sig_alg_oid));
printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)));
printf ("OBJ_NAME_get = %p",
OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH));
const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
if(md == NULL)
printf ("EVP_get_digestbyobj failed");
When I call this with the RSA-SHA256 I get:
NAME 1.2.840.113549.1.1.11
NID = 668
sn = RSA-SHA256
OBJ_NAME_get = 0x7fe8846f1ee0
and the rest of the steps succeeed.
Then when I call the same code (in the same program, so I'm sure the
openssl library is correctly initialized) with
ecdsa-with-SHA256, I get:
NAME 1.2.840.10045.4.3.2
NID = 794
sn = ecdsa-with-SHA256
OBJ_NAME_get = (nil)
EVP_get_digestbyobj failed
So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.
I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10
Am I doing something wrong, or could this be a bug in the library?
Any suggestions appreciated.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
