Max Pritikin wrote:
(Hello, I'm asking again. Please let me know if you think this would be
more appropriately addressed to the openssl-dev list or something.)
In summary: Is it possible to use sha256 when generating an ecdsa
certificate?
I'm currently working on it so please have a little more patience ;-)
If you can't wait to generate a ecdsa-with-sha256 certificate try
the attached preliminary patch.
Cheers,
Nils
Index: crypto/ec/ec_pmeth.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/ec/ec_pmeth.c,v
retrieving revision 1.5
diff -u -r1.5 ec_pmeth.c
--- crypto/ec/ec_pmeth.c 20 Jul 2006 16:56:46 -0000 1.5
+++ crypto/ec/ec_pmeth.c 22 Oct 2006 21:18:41 -0000
@@ -220,7 +220,11 @@
return 1;
case EVP_PKEY_CTRL_MD:
- if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1)
+ if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
{
ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
return 0;
Index: crypto/evp/m_sha1.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/evp/m_sha1.c,v
retrieving revision 1.14
diff -u -r1.14 m_sha1.c
--- crypto/evp/m_sha1.c 19 Apr 2006 17:05:57 -0000 1.14
+++ crypto/evp/m_sha1.c 22 Oct 2006 21:18:41 -0000
@@ -119,7 +119,7 @@
NID_sha224,
NID_sha224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init224,
update256,
final256,
@@ -138,7 +138,7 @@
NID_sha256,
NID_sha256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init256,
update256,
final256,
@@ -169,7 +169,7 @@
NID_sha384,
NID_sha384WithRSAEncryption,
SHA384_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init384,
update512,
final512,
@@ -188,7 +188,7 @@
NID_sha512,
NID_sha512WithRSAEncryption,
SHA512_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init512,
update512,
final512,
Index: crypto/objects/obj_xref.txt
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.txt,v
retrieving revision 1.1
diff -u -r1.1 obj_xref.txt
--- crypto/objects/obj_xref.txt 18 Apr 2006 23:36:05 -0000 1.1
+++ crypto/objects/obj_xref.txt 22 Oct 2006 21:18:49 -0000
@@ -26,6 +26,10 @@
dsaWithSHA1_2 sha1 dsa_2
ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey
+ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey
+ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey
+ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey
+ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey
id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001
id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94
Index: crypto/objects/objects.txt
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/objects.txt,v
retrieving revision 1.63
diff -u -r1.63 objects.txt
--- crypto/objects/objects.txt 9 Jun 2006 15:44:47 -0000 1.63
+++ crypto/objects/objects.txt 22 Oct 2006 21:18:49 -0000
@@ -75,6 +75,11 @@
!Alias id-ecSigType ansi-X9-62 4
!global
X9-62_id-ecSigType 1 : ecdsa-with-SHA1
+X9-62_id-ecSigType 3 : ecdsa-with-Specified
+ecdsa-with-Specified 1 : ecdsa-with-SHA224
+ecdsa-with-Specified 2 : ecdsa-with-SHA256
+ecdsa-with-Specified 3 : ecdsa-with-SHA384
+ecdsa-with-Specified 4 : ecdsa-with-SHA512
# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
# (http://www.secg.org/)