Re: ecdsa certificates and sha256

Mon, 23 Oct 2006 12:38:52 -0700 


Hi Nils,
This is excellent. It means I don't need to worry about it; which dramatically improves my patience levels. :)
(Otherwise I'd have worry about finding time to dig into the code etc and not being an openssl-dev type yet that might be more time than I'd like).
I'll give the patches a shot once I get my head above water. I've a plane trip coming up and that sounds like a good time for it. 

Thanks,

- max

On Oct 23, 2006, at 1:21 PM, Nils Larsch wrote:


Max Pritikin wrote:
(Hello, I'm asking again. Please let me know if you think this would be more appropriately addressed to the openssl-dev list or something.) In summary: Is it possible to use sha256 when generating an ecdsa certificate? 

I'm currently working on it so please have a little more patience ;-)
If you can't wait to generate a ecdsa-with-sha256 certificate try
the attached preliminary patch.

Cheers,
Nils
Index: crypto/ec/ec_pmeth.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/ec/ec_pmeth.c,v
retrieving revision 1.5
diff -u -r1.5 ec_pmeth.c
--- crypto/ec/ec_pmeth.c        20 Jul 2006 16:56:46 -0000      1.5
+++ crypto/ec/ec_pmeth.c        22 Oct 2006 21:18:41 -0000
@@ -220,7 +220,11 @@
                return 1;

                case EVP_PKEY_CTRL_MD:
-               if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1)
+               if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
                        {
                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
                        return 0;
Index: crypto/evp/m_sha1.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/evp/m_sha1.c,v
retrieving revision 1.14
diff -u -r1.14 m_sha1.c
--- crypto/evp/m_sha1.c 19 Apr 2006 17:05:57 -0000      1.14
+++ crypto/evp/m_sha1.c 22 Oct 2006 21:18:41 -0000
@@ -119,7 +119,7 @@
        NID_sha224,
        NID_sha224WithRSAEncryption,
        SHA224_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init224,
        update256,
        final256,
@@ -138,7 +138,7 @@
        NID_sha256,
        NID_sha256WithRSAEncryption,
        SHA256_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init256,
        update256,
        final256,
@@ -169,7 +169,7 @@
        NID_sha384,
        NID_sha384WithRSAEncryption,
        SHA384_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init384,
        update512,
        final512,
@@ -188,7 +188,7 @@
        NID_sha512,
        NID_sha512WithRSAEncryption,
        SHA512_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init512,
        update512,
        final512,
Index: crypto/objects/obj_xref.txt
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.txt,v
retrieving revision 1.1
diff -u -r1.1 obj_xref.txt
--- crypto/objects/obj_xref.txt 18 Apr 2006 23:36:05 -0000      1.1
+++ crypto/objects/obj_xref.txt 22 Oct 2006 21:18:49 -0000
@@ -26,6 +26,10 @@
 dsaWithSHA1_2          sha1    dsa_2

 ecdsa_with_SHA1                sha1    X9_62_id_ecPublicKey
+ecdsa_with_SHA224      sha224  X9_62_id_ecPublicKey
+ecdsa_with_SHA256      sha256  X9_62_id_ecPublicKey
+ecdsa_with_SHA384      sha384  X9_62_id_ecPublicKey
+ecdsa_with_SHA512      sha512  X9_62_id_ecPublicKey

 id_GostR3411_94_with_GostR3410_2001    id_GostR3411_94 id_GostR3410_2001
 id_GostR3411_94_with_GostR3410_94      id_GostR3411_94 id_GostR3410_94
Index: crypto/objects/objects.txt
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/objects.txt,v
retrieving revision 1.63
diff -u -r1.63 objects.txt
--- crypto/objects/objects.txt  9 Jun 2006 15:44:47 -0000       1.63
+++ crypto/objects/objects.txt  22 Oct 2006 21:18:49 -0000
@@ -75,6 +75,11 @@
 !Alias id-ecSigType ansi-X9-62 4
 !global
 X9-62_id-ecSigType 1           : ecdsa-with-SHA1
+X9-62_id-ecSigType 3           : ecdsa-with-Specified
+ecdsa-with-Specified 1         : ecdsa-with-SHA224
+ecdsa-with-Specified 2         : ecdsa-with-SHA256
+ecdsa-with-Specified 3         : ecdsa-with-SHA384
+ecdsa-with-Specified 4         : ecdsa-with-SHA512
# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" 
 # (http://www.secg.org/)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to