Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
On Thu, Jul 07, 2016, Chris Bare wrote: > Ok, that makes sense with what I'm seeing. I just tried changing this: > const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); > to this: > const EVP_MD* md = EVP_get_digestbyname("SHA256"); > > and it all worked correctly. > so given that I have an OID for ecdsa-with-SHA256, is there a function that > will return just the digest algorithm? > I'm trying to be as flexible as possible, so I don't want to hard code this > or have my own limited lookup table. > OBJ_find_sigid_algs() you pass it the NID of the signature algorithm and it reurns the public key NID and the digest NID. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
Ok, that makes sense with what I'm seeing. I just tried changing this: const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); to this: const EVP_MD* md = EVP_get_digestbyname("SHA256"); and it all worked correctly. so given that I have an OID for ecdsa-with-SHA256, is there a function that will return just the digest algorithm? I'm trying to be as flexible as possible, so I don't want to hard code this or have my own limited lookup table. On Thu, Jul 7, 2016 at 2:54 PM, Jakob Bohm wrote: > On 07/07/2016 20:08, Chris Bare wrote: > >> EVP_get_digestbyobj fails for ecdsa-with-SHA256 >> >> ecdsa-with-SHA256 is not a digest algorithm, it is a signature > algorithm with a specific choice of digest algorithm (SHA256). > > In OpenSSL 1.0.2 and older there is a very old compatibility > feature which allows accessing a few old signature+digest > algorithm pairs via a digest algorithm object. > > Specifically: > > RSA with md2, md4, md5, mdc2, ripemd, SHA-0, SHA-1, SHA224, > SHA256, SHA384 and SHA512 > DSA with SHA-0 and SHA1 > ECDSA with with SHA1 > > This has been deprecated for a long time, but the compatibility > code makes your code below work for the above algorithm pairs. > > The reason this compatibility code is deprecated is that it > causes the RSA algorithm to be referenced every time someone > tries to reference just the hash algorithm object for one of > the digest algorithms listed above. > > I'm trying to perform a standard signature verification using the EVP_* >> functions. >> I think my code is correct, because it all runs fine if the digest is >> RSA-SHA256. >> I have an ASN1_OBJECT that specifics the signature/disgest type. >> Here is my code that dumps out all the intermediate steps called by >> EVP_get_digestbyobj: >> >> ASN1_OBJECT * ; >> >> OBJ_obj2txt(name, 256, sig_alg_oid, 1); >> printf ("NAME %s", name); >> printf ("NID = %d", OBJ_obj2nid(sig_alg_oid)); >> printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid))); >> printf ("OBJ_NAME_get = %p", >> OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH)); >> const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); >> if(md == NULL) >> printf ("EVP_get_digestbyobj failed"); >> >> When I call this with the RSA-SHA256 I get: >> NAME 1.2.840.113549.1.1.11 >> NID = 668 >> sn = RSA-SHA256 >> OBJ_NAME_get = 0x7fe8846f1ee0 >> >> and the rest of the steps succeeed. >> Then when I call the same code (in the same program, so I'm sure the >> openssl library is correctly initialized) with >> ecdsa-with-SHA256, I get: >> NAME 1.2.840.10045.4.3.2 >> NID = 794 >> sn = ecdsa-with-SHA256 >> OBJ_NAME_get = (nil) >> EVP_get_digestbyobj failed >> >> So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails. >> >> I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10 >> >> Am I doing something wrong, or could this be a bug in the library? >> Any suggestions appreciated. >> > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Chris Bare -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
On 07/07/2016 20:08, Chris Bare wrote: EVP_get_digestbyobj fails for ecdsa-with-SHA256 ecdsa-with-SHA256 is not a digest algorithm, it is a signature algorithm with a specific choice of digest algorithm (SHA256). In OpenSSL 1.0.2 and older there is a very old compatibility feature which allows accessing a few old signature+digest algorithm pairs via a digest algorithm object. Specifically: RSA with md2, md4, md5, mdc2, ripemd, SHA-0, SHA-1, SHA224, SHA256, SHA384 and SHA512 DSA with SHA-0 and SHA1 ECDSA with with SHA1 This has been deprecated for a long time, but the compatibility code makes your code below work for the above algorithm pairs. The reason this compatibility code is deprecated is that it causes the RSA algorithm to be referenced every time someone tries to reference just the hash algorithm object for one of the digest algorithms listed above. I'm trying to perform a standard signature verification using the EVP_* functions. I think my code is correct, because it all runs fine if the digest is RSA-SHA256. I have an ASN1_OBJECT that specifics the signature/disgest type. Here is my code that dumps out all the intermediate steps called by EVP_get_digestbyobj: ASN1_OBJECT * ; OBJ_obj2txt(name, 256, sig_alg_oid, 1); printf ("NAME %s", name); printf ("NID = %d", OBJ_obj2nid(sig_alg_oid)); printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid))); printf ("OBJ_NAME_get = %p", OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH)); const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); if(md == NULL) printf ("EVP_get_digestbyobj failed"); When I call this with the RSA-SHA256 I get: NAME 1.2.840.113549.1.1.11 NID = 668 sn = RSA-SHA256 OBJ_NAME_get = 0x7fe8846f1ee0 and the rest of the steps succeeed. Then when I call the same code (in the same program, so I'm sure the openssl library is correctly initialized) with ecdsa-with-SHA256, I get: NAME 1.2.840.10045.4.3.2 NID = 794 sn = ecdsa-with-SHA256 OBJ_NAME_get = (nil) EVP_get_digestbyobj failed So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails. I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10 Am I doing something wrong, or could this be a bug in the library? Any suggestions appreciated. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] EVP_get_digestbyobj fails for ecdsa-with-SHA256
EVP_get_digestbyobj fails for ecdsa-with-SHA256 I'm trying to perform a standard signature verification using the EVP_* functions. I think my code is correct, because it all runs fine if the digest is RSA-SHA256. I have an ASN1_OBJECT that specifics the signature/disgest type. Here is my code that dumps out all the intermediate steps called by EVP_get_digestbyobj: ASN1_OBJECT * ; OBJ_obj2txt(name, 256, sig_alg_oid, 1); printf ("NAME %s", name); printf ("NID = %d", OBJ_obj2nid(sig_alg_oid)); printf ("sn = %s", OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid))); printf ("OBJ_NAME_get = %p", OBJ_NAME_get(OBJ_nid2sn(OBJ_obj2nid(sig_alg_oid)),OBJ_NAME_TYPE_MD_METH)); const EVP_MD* md = EVP_get_digestbyobj(sig_alg_oid); if(md == NULL) printf ("EVP_get_digestbyobj failed"); When I call this with the RSA-SHA256 I get: NAME 1.2.840.113549.1.1.11 NID = 668 sn = RSA-SHA256 OBJ_NAME_get = 0x7fe8846f1ee0 and the rest of the steps succeeed. Then when I call the same code (in the same program, so I'm sure the openssl library is correctly initialized) with ecdsa-with-SHA256, I get: NAME 1.2.840.10045.4.3.2 NID = 794 sn = ecdsa-with-SHA256 OBJ_NAME_get = (nil) EVP_get_digestbyobj failed So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails. I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10 Am I doing something wrong, or could this be a bug in the library? Any suggestions appreciated. -- Chris Bare -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users