[openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256

Gäckler Martin (EXT) extern.Martin.Gaeckler at esolutions.de
Tue Apr 26 09:39:35 UTC 2016


Hi Matt,

Thanks for the reply. According to my colleague the PHP function opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This does not work for the digest name "ecdsa-with-SHA256".

Nevertheless, I will try to create a new branch.

Thanks again.

Martin



-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Dienstag, 26. April 2016 11:12
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256



On 26/04/16 09:43, Gäckler Martin (EXT) wrote:
> We're currently developing a system that uses OAuth protocol to 
> identify the users. The service provider is developed in PHP and uses 
> OpenSSL to verify the access token. Unfortunately the identity 
> provider, which is managed by another company, uses ecdsa with sha256 
> to sign the access tokens. Although the constants for this method 
> (SN_ecdsa_with_SHA256 and
> NID_ecdsa_with_SHA256) are defined in OpenSSL, this method is 
> currently not supported by OpenSSL.

I'm not really sure what that means, since its perfectly possible to use ECDSA in conjunction with SHA256 to sign data. E.g. just use
EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to
EVP_DigestSignInit()

https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html


> 
> My question is, what can I do, to add my changes to the official 
> OpenSSL sources. I'm new to github and OpenSSL development and I did 
> not find a documentation suitable for me. We would appreciate if this 
> method would become part of the official OpenSSL distribution.

Create a new branch based on the master branch in git (new features are not accepted into stable releases). Add your features to it and push your changes to your github repo, and then create a github pull request.

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


More information about the openssl-dev mailing list