I have a tool that is creating a cert using X509_sign. I noticed that there are no EVP_MD structs that handle ECDSA properly and found this thread from a while back.
So if the digest passed to X509_sign doesn't indicate the signature algorithm to use, it appears that the proper value needs to be set into the X509 somehow? In the sig_alg member? How is this done (the ASN1 macro stuff makes it hard to decode)? I see a X509_get_signature_type(), but no corresponding _set_ method. .................................... Erik Tkal Juniper OAC/UAC/Pulse Development -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, January 19, 2012 7:36 AM To: openssl-users@openssl.org Subject: Re: Question about EVP_get_digestbynid and ECDSA On Wed, Jan 18, 2012, Keith Welter wrote: > If I call EVP_get_digestbynid with NID_ecdsa_with_SHA256, > NID_ecdsa_with_SHA384 or NID_ecdsa_with_SHA512 it returns null (on > OpenSSL 1.0.0-fips 29 Mar 2010). I expected it to return EVP_sha256, > EVP_sha384 and EVP_sha512 respectively. Am I supplying the wrong NIDs? > Versions of OpenSSL before 1.0.0 had a horrible hack that linked digests to signature algorithms. This was removed in 1.0.0 and later and instead it uses a table mapping signature OIDs to their repective key and digest algorithm OIDs. You can use the function OBJ_find_sigid_algs(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
