X509_digest with cyassl

Developers
Allan Rank
2010-09-13
2013-04-23
  • Allan Rank

    Allan Rank - 2010-09-13

    Hello!

    How do I create a SHA1 fingerprint from a certificate using CyaSSL?

    OpenSSL code to do it:
                   
                    X509* x = /* get certificate */;
                    unsigned int n;
                    unsigned char md;
                    const EVP_MD* evp_type = EVP_sha1();               
                   
                    X509_digest(x, evp_type, md, &n);

    or:
                   
                    X509* x = /* get certificate */;       
                    int i;
                    const ASN1_ITEM *it = ASN1_ITEM_rptr(X509);
                    const EVP_MD* evp_type = EVP_sha1();
                    ASN1_VALUE *asn = (ASN1_VALUE *)x;
                    unsigned int n;
                    unsigned char md;
                    unsigned char *str = NULL;
           
                    i = ASN1_item_i2d(asn, &str, it);
                   
                    EVP_Digest(str, i, md, n, evp_type, NULL);

    I should be able to verify SHA1 hash generated by OpenSSL, so
    fingerprint generated with CyaSSL should be the same.

    Thanks!

     
  • Todd Ouska

    Todd Ouska - 2010-10-01

    Hi, sorry for the delay, don't think I got a notification for this one.

    I'm not totally clear on what you're trying to do.  Do you just need the hash over every byte of the certificate?  If so, that is easy.  Read in all the bytes and use ShaUpdate() and ShaFinal().

    On the other hand, if you need the hash over just the Subject's Name in the cert there is no easy way to get this currently from CyaSSL.  CyaSSL keeps track of this internally but doesn't yet "export" the hash.  We can add that if it's something that's needed.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks