Support for P521 curve with SHA256/SHA384 hash algorithms. #457
Assignees
Comments
|
Thanks for the request! ECDSA's are fairly easy for us to add to our logic. (Here's the PR where we originally added ECDSA P521.) The hardest part might be collecting appropriate test vectors. Let me check with the team to see what concerns might exist for this ECDSA. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem:
I have a use case where I need to rely on rustls-webpki (with aws-lc-rs as the crypto provider). When the CA is signed with ecdsa-with-SHA512 algorithm and the server certificate is signed with ecdsa-with-sha256/ecdsa-with-sha384, rustls-webpki fails to verify the server certificate.
I opened rustls/webpki#267 for this issue, and ultimately, it looks like support for P521 curve with SHA256/SHA384 hash algorithms needs to be added in both rustls-webpki and aws-lc-rs.
Is this something aws-lc-rs has considered or is willing to?
The text was updated successfully, but these errors were encountered: