From 0c6015fb864c9b3b0a0c1bbd82d0022fc5102464 Mon Sep 17 00:00:00 2001
From: Todd A Ouska <todd@yassl.com>
Date: Fri, 8 Apr 2011 11:08:45 -0700
Subject: [PATCH] sha256 with ECDSA certificate signatures

---
 ctaocrypt/include/asn.h | 3 ++-
 ctaocrypt/src/asn.c     | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/ctaocrypt/include/asn.h b/ctaocrypt/include/asn.h
index 785e81320..431f8930c 100644
--- a/ctaocrypt/include/asn.h
+++ b/ctaocrypt/include/asn.h
@@ -126,7 +126,8 @@ enum Sig_Sum  {
     MD5wRSA    = 648,
     SHAwRSA    = 649,
     SHAwECDSA  = 520,
-    SHA256wRSA = 655
+    SHA256wRSA   = 655,
+    SHA256wECDSA = 524
 };
 
 enum Hash_Sum  {
diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index fcf017256..2895f8c37 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -1583,7 +1583,7 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
 #ifndef NO_SHA256
     byte digest[SHA256_DIGEST_SIZE]; /* max size */
 #else
-    byte digest[SHA_DIGEST_SIZE];   /* max size */
+    byte digest[SHA_DIGEST_SIZE];    /* max size */
 #endif
     int  hashType, digestSz, ret;
 
@@ -1607,7 +1607,8 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
         digestSz = SHA_DIGEST_SIZE;
     }
 #ifndef NO_SHA256
-    else if (cert->signatureOID == SHA256wRSA) {
+    else if (cert->signatureOID == SHA256wRSA ||
+             cert->signatureOID == SHA256wECDSA) {
         Sha256 sha256;
         InitSha256(&sha256);
         Sha256Update(&sha256, cert->source + cert->certBegin,