Re: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
Hi Aaron, If your openssl version supports sha256 and its version is less than 0.9.8l, then you should add OpenSSL_add_all_algorithms() in your code to enable the same. Otherwise it will throw errors while doing any digest operation with sha256. By default sha256 is enabled on Openssl-0.9.8l version onwards. Thanks, Gayathri On Wed, Nov 21, 2012 at 8:53 AM, Dave Thompson dthomp...@prinpay.comwrote: From: Wu, Hong-Tao (Aaron, HPSW-RD-SH) [mailto:hongtao...@hp.com] Sent: Tuesday, 20 November, 2012 22:05 To: openssl-users@openssl.org Cc: dthomp...@prinpay.com Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm Thanks a lot, Dave. So it means that SHA256 is only technically supported from 0.9.7h. If I am using 0.9.7d, it is not included, right? I don't have all the old versions to check, but according to CHANGES it is NOT in 0.9.7h which means it SHOULD NOT be in any earlier 0.9.7*, and 0.9.7d IS earlier than 0.9.7h so it SHOULD NOT be in 0.9.7d. It IS in the code for 0.9.7m, therefore it was added sometime after 0.9.7h and before or at 0.9.7m. That's what 7h =7m means. Best Regards, Aaron -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 21, 2012 10:01 AM To: openssl-users@openssl.org Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-RD-SH) Sent: Tuesday, 20 November, 2012 10:42 In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere 7h =7m. 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
Hi All, In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? Thanks Regards, Aaron __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-RD-SH) Sent: Tuesday, 20 November, 2012 10:42 In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere 7h =7m. 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
Thanks a lot, Dave. So it means that SHA256 is only technically supported from 0.9.7h. If I am using 0.9.7d, it is not included, right? Best Regards, Aaron -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 21, 2012 10:01 AM To: openssl-users@openssl.org Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-RD-SH) Sent: Tuesday, 20 November, 2012 10:42 In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere 7h =7m. 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm
From: Wu, Hong-Tao (Aaron, HPSW-RD-SH) [mailto:hongtao...@hp.com] Sent: Tuesday, 20 November, 2012 22:05 To: openssl-users@openssl.org Cc: dthomp...@prinpay.com Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm Thanks a lot, Dave. So it means that SHA256 is only technically supported from 0.9.7h. If I am using 0.9.7d, it is not included, right? I don't have all the old versions to check, but according to CHANGES it is NOT in 0.9.7h which means it SHOULD NOT be in any earlier 0.9.7*, and 0.9.7d IS earlier than 0.9.7h so it SHOULD NOT be in 0.9.7d. It IS in the code for 0.9.7m, therefore it was added sometime after 0.9.7h and before or at 0.9.7m. That's what 7h =7m means. Best Regards, Aaron -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 21, 2012 10:01 AM To: openssl-users@openssl.org Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao (Aaron, HPSW-RD-SH) Sent: Tuesday, 20 November, 2012 10:42 In our product, we are still using OpenSSL 0.9.7d (on Windows platform) for certificate validation. Recently we suffered an issue about certificates based SHA256, and the following error is thrown: ldap_bind: Can't contact LDAP server (-1) additional info: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm My question is: 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? On one system I still have 0.9.7m which does have SHA-2, with no mention in CHANGES. However, the 0.9.8* CHANGES describe it as added by 0.9.8(original) and not in 0.9.7h. Thus it was apparently backported somewhere 7h =7m. 2) If answer is NO for point 1, since which version does OpenSSL support SHA Digest Algorithm? (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in OpenSSL much longer, and the algorithm originally released as SHA was defective and withdrawn before use.) Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and signatures using SHA-2 with RSA. Due to API limitation they can't do signatures using SHA-2 with ECDSA, and AIR don't have the DSA sizes for SHA-2 added by FIPS 186-3. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org