Re: OpenSSL 1.1.1: How to get signature algorithm id? (no EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You can use OBJ_find_sigid_by_algs() and pass the
EVP_PKEY_base_id(pkey) and EVP_MD_type(md) values to it. It should find
the signature algorithm id.

Tomas Mraz, OpenSSL

On Thu, 2023-02-09 at 15:21 +0000, Andrew Lynch via openssl-users
wrote:
> Hi,
>  
> I have some old code that determines the signature algorithm OID
> given a combination of EVP_PKEY *pkey and EVP_MD *digest.  It
> contains an #ifdef EVP_MD_FLAG_PKEY_METHOD_SIGNATURE.  If true, it
> uses OBJ_find_sigid_by_algs() with the digest and pkey->ameth-
> >pkey_id to get the OID.  The else case uses EVP_MD_pkey_type() with
> only the digest.
>  
> Given an ECDSA pkey and a SHA256 digest the application using OpenSSL
> 1.0.2 outputs the expected ecdsa-with-SHA256.  With OpenSSL 1.1.1 it
> incorrectly outputs sha256WithRSAEncryption.
>  
> OpenSSL 1.0.2 has the flag defined whereas it does not exist at all
> in 1.1.1.  As EVP_MD_pkey_type() only has the digest to work with it
> will always return NID_sha256WithRSAEncryption regardless of the type
> of EVP_PKEY that is actually used with the digest to create a
> signature.
>  
> Which API calls can I use in OpenSSL 1.1.1 to get the correct
> signature algorithm id given some combination of EVP_PKEY and EVP_MD?
>  
> Regards,
> Andrew.
>  

-- 
Tomáš Mráz, OpenSSL





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux