[openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256
Gäckler Martin (EXT)
extern.Martin.Gaeckler at esolutions.de
Tue Apr 26 11:40:14 UTC 2016
Hi,
I've asked my colleague to try this solution and it worked.
I've seen, that the file "m_ecsda.c" had been removed from the source tree. Since my changes are based on this file, I assume, that my patch is not necessary.
Once again, thanks for your help.
BTW: We get the signature not with DER encoding. So we assume, that this was our real problem, now.
Regards Martin
-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Dienstag, 26. April 2016 13:01
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256
On 26/04/16 10:39, Gäckler Martin (EXT) wrote:
> Hi Matt,
>
> Thanks for the reply. According to my colleague the PHP function
> opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This
> does not work for the digest name "ecdsa-with-SHA256".
Hmmm. No. Well "ecdsa-with-SHA256" is not a digest, so I would not expect EVP_get_digestbyname() to return one. But "sha256" is. Have you tried just using that? I am not familiar with the PHP language bindings at all, but I would expect that the ECDSA bit would be derived from the type of key used (i.e. if you supply an EC key then it will use ECDSA).
Matt
>
> Nevertheless, I will try to create a new branch.
>
> Thanks again.
>
> Martin
>
>
>
> -----Original Message----- From: openssl-dev
> [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
> Sent: Dienstag, 26. April 2016 11:12 To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] digest SN_ecdsa_with_SHA256 and
> NID_ecdsa_with_SHA256
>
>
>
> On 26/04/16 09:43, Gäckler Martin (EXT) wrote:
>> We're currently developing a system that uses OAuth protocol to
>> identify the users. The service provider is developed in PHP and uses
>> OpenSSL to verify the access token. Unfortunately the identity
>> provider, which is managed by another company, uses ecdsa with
>> sha256 to sign the access tokens. Although the constants for this
>> method (SN_ecdsa_with_SHA256 and NID_ecdsa_with_SHA256) are defined
>> in OpenSSL, this method is currently not supported by OpenSSL.
>
> I'm not really sure what that means, since its perfectly possible to
> use ECDSA in conjunction with SHA256 to sign data. E.g. just use
> EVP_sha256() as the EVP_MD, and create an EC EVP_PKEY in a call to
> EVP_DigestSignInit()
>
> https://www.openssl.org/docs/manmaster/crypto/EVP_DigestSignInit.html
>
>
>
>>
>> My question is, what can I do, to add my changes to the official
>> OpenSSL sources. I'm new to github and OpenSSL development and I did
>> not find a documentation suitable for me. We would appreciate if this
>> method would become part of the official OpenSSL distribution.
>
> Create a new branch based on the master branch in git (new features
> are not accepted into stable releases). Add your features to it and
> push your changes to your github repo, and then create a github pull
> request.
>
> Matt
>
> -- openssl-dev mailing list To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-dev
>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
More information about the openssl-dev
mailing list