[openssl-dev] [openssl.org #3922] Bug: EVP_get_digestbynid() does not support ECDSA
Stephen Henson via RT
rt at openssl.org
Tue Jun 23 17:05:26 UTC 2015
On Mon Jun 22 20:07:43 2015, David.von.Oheimb at siemens.com wrote:
> Hi OpenSSL maintainers,
>
> I tried checking the status of the EVP_get_digestbynid issue via
> http://rt.openssl.org/Install/index.html
> but the server appears currently misconfigured:
> > Config file /etc/request-tracker4/RT_SiteConfig.pm is locked
>
> Yet I found an old conversation on this topic:
> http://openssl.6102.n7.nabble.com/Question-about-EVP-get-digestbynid-
> and-ECDSA-td28312.html
>
> With OpenSSL 1.0.2 one still gets NULL when giving ECDSA NIDs as
> input.
> Here is the workaround we currently use for EC support in
> CMPforOpenSSL:
>
That's expected behaviour. The EVP_get_digestbynid funtion expects a digest NID
whereas you are passing a signature NID instead. It does accept some signature
NIDs for historical compatibility reasons.
The thread you mention shows you how to convert a signature NID into the digest
and public key algorithm NID.
However I suspect you shouldn't be trying to do things at that level for
signatures. If you need to sign or verify ASN.1 data you can use ASN1_item_sign
or ASN1_item_verify and key and digest handling and lookup is handled
automatically.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list