-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for P521 curve with SHA256/SHA384 hash algorithms. #457
Comments
Thanks for the request! ECDSA's are fairly easy for us to add to our logic. (Here's the PR where we originally added ECDSA P521.) The hardest part might be collecting appropriate test vectors. Let me check with the team to see what concerns might exist for this ECDSA. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem:
I have a use case where I need to rely on rustls-webpki (with aws-lc-rs as the crypto provider). When the CA is signed with ecdsa-with-SHA512 algorithm and the server certificate is signed with ecdsa-with-sha256/ecdsa-with-sha384, rustls-webpki fails to verify the server certificate.
I opened rustls/webpki#267 for this issue, and ultimately, it looks like support for P521 curve with SHA256/SHA384 hash algorithms needs to be added in both rustls-webpki and aws-lc-rs.
Is this something aws-lc-rs has considered or is willing to?
The text was updated successfully, but these errors were encountered: