Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
On Thu, Jul 07, 2016, Chris Bare wrote:
> Ok, that makes sense with what I'm seeing. I just tried changing this:
> const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
> to this:
> const EVP_MD* md = EVP_get_digestbyname("SHA256");
>
> and it all worked correctly.
> so given that I have an OID for ecdsa-with-SHA256, is there a function that
> will return just the digest algorithm?
> I'm trying to be as flexible as possible, so I don't want to hard code this
> or have my own limited lookup table.
>
OBJ_find_sigid_algs() you pass it the NID of the signature algorithm and it
reurns the public key NID and the digest NID.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
Ok, that makes sense with what I'm seeing. I just tried changing this:
const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
to this:
const EVP_MD* md = EVP_get_digestbyname("SHA256");
and it all worked correctly.
so given that I have an OID for ecdsa-with-SHA256, is there a function that
will return just the digest algorithm?
I'm trying to be as flexible as possible, so I don't want to hard code this
or have my own limited lookup table.
On Thu, Jul 7, 2016 at 2:54 PM, Jakob Bohm wrote:
> On 07/07/2016 20:08, Chris Bare wrote:
>
>> EVP_get_digestbyobj fails for ecdsa-with-SHA256
>>
>> ecdsa-with-SHA256 is not a digest algorithm, it is a signature
> algorithm with a specific choice of digest algorithm (SHA256).
>
> In OpenSSL 1.0.2 and older there is a very old compatibility
> feature which allows accessing a few old signature+digest
> algorithm pairs via a digest algorithm object.
>
> Specifically:
>
> RSA with md2, md4, md5, mdc2, ripemd, SHA-0, SHA-1, SHA224,
> SHA256, SHA384 and SHA512
> DSA with SHA-0 and SHA1
> ECDSA with with SHA1
>
> This has been deprecated for a long time, but the compatibility
> code makes your code below work for the above algorithm pairs.
>
> The reason this compatibility code is deprecated is that it
> causes the RSA algorithm to be referenced every time someone
> tries to reference just the hash algorithm object for one of
> the digest algorithms listed above.
>
> I'm trying to perform a standard signature verification using the EVP_*
>> functions.
>> I think my code is correct, because it all runs fine if the digest is
>> RSA-SHA256.
>> I have an ASN1_OBJECT that specifics the signature/disgest type.
>> Here is my code that dumps out all the intermediate steps called by
>> EVP_get_digestbyobj:
>>
>> ASN1_OBJECT * ;
>>
>> OBJ_obj2txt(name, 256, sig_alg_oid, 1);
>> printf ("NAME %s", name);
>> printf ("NID = %d", OBJ_obj2nid(sig_alg_oid));
>> printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)));
>> printf ("OBJ_NAME_get = %p",
>> OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH));
>> const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
>> if(md == NULL)
>> printf ("EVP_get_digestbyobj failed");
>>
>> When I call this with the RSA-SHA256 I get:
>> NAME 1.2.840.113549.1.1.11
>> NID = 668
>> sn = RSA-SHA256
>> OBJ_NAME_get = 0x7fe8846f1ee0
>>
>> and the rest of the steps succeeed.
>> Then when I call the same code (in the same program, so I'm sure the
>> openssl library is correctly initialized) with
>> ecdsa-with-SHA256, I get:
>> NAME 1.2.840.10045.4.3.2
>> NID = 794
>> sn = ecdsa-with-SHA256
>> OBJ_NAME_get = (nil)
>> EVP_get_digestbyobj failed
>>
>> So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.
>>
>> I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10
>>
>> Am I doing something wrong, or could this be a bug in the library?
>> Any suggestions appreciated.
>>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
Chris Bare
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
On 07/07/2016 20:08, Chris Bare wrote:
EVP_get_digestbyobj fails for ecdsa-with-SHA256
ecdsa-with-SHA256 is not a digest algorithm, it is a signature
algorithm with a specific choice of digest algorithm (SHA256).
In OpenSSL 1.0.2 and older there is a very old compatibility
feature which allows accessing a few old signature+digest
algorithm pairs via a digest algorithm object.
Specifically:
RSA with md2, md4, md5, mdc2, ripemd, SHA-0, SHA-1, SHA224,
SHA256, SHA384 and SHA512
DSA with SHA-0 and SHA1
ECDSA with with SHA1
This has been deprecated for a long time, but the compatibility
code makes your code below work for the above algorithm pairs.
The reason this compatibility code is deprecated is that it
causes the RSA algorithm to be referenced every time someone
tries to reference just the hash algorithm object for one of
the digest algorithms listed above.
I'm trying to perform a standard signature verification using the
EVP_* functions.
I think my code is correct, because it all runs fine if the digest is
RSA-SHA256.
I have an ASN1_OBJECT that specifics the signature/disgest type.
Here is my code that dumps out all the intermediate steps called by
EVP_get_digestbyobj:
ASN1_OBJECT * ;
OBJ_obj2txt(name, 256, sig_alg_oid, 1);
printf ("NAME %s", name);
printf ("NID = %d", OBJ_obj2nid(sig_alg_oid));
printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)));
printf ("OBJ_NAME_get = %p",
OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH));
const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
if(md == NULL)
printf ("EVP_get_digestbyobj failed");
When I call this with the RSA-SHA256 I get:
NAME 1.2.840.113549.1.1.11
NID = 668
sn = RSA-SHA256
OBJ_NAME_get = 0x7fe8846f1ee0
and the rest of the steps succeeed.
Then when I call the same code (in the same program, so I'm sure the
openssl library is correctly initialized) with
ecdsa-with-SHA256, I get:
NAME 1.2.840.10045.4.3.2
NID = 794
sn = ecdsa-with-SHA256
OBJ_NAME_get = (nil)
EVP_get_digestbyobj failed
So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.
I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10
Am I doing something wrong, or could this be a bug in the library?
Any suggestions appreciated.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
EVP_get_digestbyobj fails for ecdsa-with-SHA256
I'm trying to perform a standard signature verification using the EVP_*
functions.
I think my code is correct, because it all runs fine if the digest is
RSA-SHA256.
I have an ASN1_OBJECT that specifics the signature/disgest type.
Here is my code that dumps out all the intermediate steps called by
EVP_get_digestbyobj:
ASN1_OBJECT * ;
OBJ_obj2txt(name, 256, sig_alg_oid, 1);
printf ("NAME %s", name);
printf ("NID = %d", OBJ_obj2nid(sig_alg_oid));
printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)));
printf ("OBJ_NAME_get = %p",
OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH));
const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid);
if(md == NULL)
printf ("EVP_get_digestbyobj failed");
When I call this with the RSA-SHA256 I get:
NAME 1.2.840.113549.1.1.11
NID = 668
sn = RSA-SHA256
OBJ_NAME_get = 0x7fe8846f1ee0
and the rest of the steps succeeed.
Then when I call the same code (in the same program, so I'm sure the
openssl library is correctly initialized) with
ecdsa-with-SHA256, I get:
NAME 1.2.840.10045.4.3.2
NID = 794
sn = ecdsa-with-SHA256
OBJ_NAME_get = (nil)
EVP_get_digestbyobj failed
So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.
I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10
Am I doing something wrong, or could this be a bug in the library?
Any suggestions appreciated.
--
Chris Bare
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
