EVP_get_digestbynid() return NULL

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

EVP_get_digestbynid() return NULL

cellecial-2
Hi,
 
I'm frustrated that I can't get correct result from such a simple API(on openssl 1.0.1c),just like below.
 
#include <openssl/evp.h>
 
void main()
{
 EVP_MD *md;

 OpenSSL_add_all_algorithms();

 md = EVP_get_digestbynid(NID_ecdsa_with_SHA256);  //NID_md5
 if (md == NULL)
  printf("fail\n");
 else
  printf("succeed\n");
}

 

I read the posts before, it said "Versions of OpenSSL before 1.0.0 had a horrible hack that linked digests to signature algorithms. This was removed in 1.0.0 and later and instead it uses a table mapping signature OIDs to their repective key and digest algorithm  OIDs. "
So I think 1.0.1c is fixed.
 
I try to do some track,it returns NULL at lh_OBJ_NAME_retrieve().
Is hash table empty?
 
Or it's just a misuse. Am I missing something?
 
Thank you in advance.
 
Reply | Threaded
Open this post in threaded view
|

Re: EVP_get_digestbynid() return NULL

Viktor Dukhovni
On Thu, Mar 14, 2013 at 11:34:12AM +0800, cellecial wrote:

> I'm frustrated that I can't get correct result from such a simple API(on
> openssl 1.0.1c),just like below.
>
>  md = EVP_get_digestbynid(NID_ecdsa_with_SHA256);  //NID_md5

This is because ECDSA-WITH-SHA256 is a signature algorithm, and not
a digest algorithm like MD5, SHA1, ...

> Or it's just a misuse. Am I missing something?

Yes: EVP_SignInit != EVP_DigestInit.  Consult both manpages.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: EVP_get_digestbynid() return NULL

cellecial-2
but I tried  md = EVP_get_digestbynid(NID_md5), still NULL


On Thu, Mar 14, 2013 at 11:54 AM, Viktor Dukhovni <[hidden email]> wrote:
On Thu, Mar 14, 2013 at 11:34:12AM +0800, cellecial wrote:

> I'm frustrated that I can't get correct result from such a simple API(on
> openssl 1.0.1c),just like below.
>
>  md = EVP_get_digestbynid(NID_ecdsa_with_SHA256);  //NID_md5

This is because ECDSA-WITH-SHA256 is a signature algorithm, and not
a digest algorithm like MD5, SHA1, ...

> Or it's just a misuse. Am I missing something?

Yes: EVP_SignInit != EVP_DigestInit.  Consult both manpages.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: EVP_get_digestbynid() return NULL

Viktor Dukhovni
On Thu, Mar 14, 2013 at 01:05:25PM +0800, cellecial wrote:

> but I tried  md = EVP_get_digestbynid(NID_md5), still NULL

PBKAC?

        $ cat md.c
        #include <openssl/ssl.h>
        #include <openssl/evp.h>
        #include <stdio.h>

        int main()
        {
            int nids[] = { NID_md5, NID_sha1, NID_sha256, NID_sha512 };
            int i;

            SSL_library_init();

            for (i = 0; i < sizeof(nids)/sizeof(int); ++i) {
                const EVP_MD *md = EVP_get_digestbynid(nids[i]);
                if (md) {
                    int n = EVP_MD_type(md);
                    printf("%d: %s: nid=%d size=%d\n", nids[i],
                           OBJ_nid2sn(n), n, EVP_MD_size(md));
                }
            }
        }

        $ cc -o md md.c -lssl -lcrypto

        $ ./md
        4: MD5: nid=4 size=16
        64: SHA1: nid=64 size=20
        672: SHA256: nid=672 size=32
        674: SHA512: nid=674 size=64

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]