【发布时间】:2014-04-23 08:16:59
【问题描述】:
默认情况下,当您生成 EVP_PKEY 密钥时,它将具有 SHA1 摘要,这可以通过以下代码证明:
int def_nid;
EVP_PKEY_get_default_digest_nid(pk, &def_nid);
def_nid 的值为 0x64 (SHA1)。有没有办法将其配置为 SHA256 或任何其他摘要算法?
【问题讨论】:
【发布时间】:2014-04-23 08:16:59
【问题描述】:
有没有办法将其配置为 SHA256 或任何其他摘要算法?
没有。根据EVP_PKEY_get_default_digest(3) 的文档:
For all current standard OpenSSL public key algorithms SHA1 is returned.
如果您查看实现,您会看到它是硬编码且不可配置的:
$ grep -R EVP_PKEY_get_default_digest_nid *
...
crypto/evp/p_lib.c:int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
...
然后:
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
{
if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
return -2;
return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
0, pnid);
}
还有:
$ grep -R ASN1_PKEY_CTRL_DEFAULT_MD_NID *
crypto/dsa/dsa_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
crypto/ec/ec_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
crypto/evp/evp.h:#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3
crypto/evp/p_lib.c: return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
crypto/hmac/hm_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
crypto/rsa/rsa_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
engines/ccgost/gost_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
engines/ccgost/gost_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
最后来自crypto/hmac/hm_ameth.c:
static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op)
{
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha1;
return 1;
default:
return -2;
}
}
还有,来自crypto/rsa/rsa_ameth.c:
static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
X509_ALGOR *alg = NULL;
switch (op)
{
...
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha1;
return 1;
...
}
【讨论】: