[openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256
Matt Caswell
matt at openssl.org
Tue Apr 26 11:01:14 UTC 2016
On 26/04/16 10:39, Gäckler Martin (EXT) wrote:
> Hi Matt,
>
> Thanks for the reply. According to my colleague the PHP function
> opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This
> does not work for the digest name "ecdsa-with-SHA256".
Hmmm. No. Well "ecdsa-with-SHA256" is not a digest, so I would not
expect EVP_get_digestbyname() to return one. But "sha256" is. Have you
tried just using that? I am not familiar with the PHP language bindings
at all, but I would expect that the ECDSA bit would be derived from the
type of key used (i.e. if you supply an EC key then it will use ECDSA).
Matt
>
> Nevertheless, I will try to create a new branch.
>
> Thanks again.
>
> Martin
>
>
>
> -----Original Message----- From: openssl-dev
> [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
> Sent: Dienstag, 26. April 2016 11:12 To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and
> NID_ecdsa_with_SHA256
>
>
>
> On 26/04/16 09:43, Gäckler Martin (EXT) wrote:
>> We're currently developing a system that uses OAuth protocol to
>> identify the users. The service provider is developed in PHP and
>> uses OpenSSL to verify the access token. Unfortunately the identity
>> provider, which is managed by another company, uses ecdsa with
>> sha256 to sign the access tokens. Although the constants for this
>> method (SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256) are defined
>> in OpenSSL, this method is currently not supported by OpenSSL.
>
> I'm not really sure what that means, since its perfectly possible to
> use ECDSA in conjunction with SHA256 to sign data. E.g. just use
> EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to
> EVP_DigestSignInit()
>
> https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html
>
>
>
>>
>> My question is, what can I do, to add my changes to the official
>> OpenSSL sources. I'm new to github and OpenSSL development and I
>> did not find a documentation suitable for me. We would appreciate
>> if this method would become part of the official OpenSSL
>> distribution.
>
> Create a new branch based on the master branch in git (new features
> are not accepted into stable releases). Add your features to it and
> push your changes to your github repo, and then create a github pull
> request.
>
> Matt
>
> -- openssl-dev mailing list To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-dev
>
More information about the openssl-dev
mailing list