默认情况下,当您生成EVP_PKEY密钥时,它将具有SHA1摘要,可以通过以下代码进行验证:
int def_nid;
EVP_PKEY_get_default_digest_nid(pk, &def_nid);
def_nid将具有值0x64(SHA1)。有没有办法将其配置为SHA256或任何其他摘要算法?
答案 0 :(得分:0)
有没有办法将其配置为SHA256或任何其他摘要算法?
没有。根据{{3}}的文档:
For all current standard OpenSSL public key algorithms SHA1 is returned.
如果查看实现,您将看到其硬编码且不可配置:
$ grep -R EVP_PKEY_get_default_digest_nid *
...
crypto/evp/p_lib.c:int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
...
然后:
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
{
if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
return -2;
return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
0, pnid);
}
和
$ grep -R ASN1_PKEY_CTRL_DEFAULT_MD_NID *
crypto/dsa/dsa_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
crypto/ec/ec_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
crypto/evp/evp.h:#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3
crypto/evp/p_lib.c: return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
crypto/hmac/hm_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
crypto/rsa/rsa_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
engines/ccgost/gost_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
engines/ccgost/gost_ameth.c: case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
最后,来自crypto/hmac/hm_ameth.c:
static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op)
{
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha1;
return 1;
default:
return -2;
}
}
而且,来自crypto/rsa/rsa_ameth.c:
static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
X509_ALGOR *alg = NULL;
switch (op)
{
...
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha1;
return 1;
...
}