Re: Refactring FIPS_escda_sign() for OpenSSL 3.0.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 28/10/2021 22:46, Kory Hamzeh wrote:
Hi Matt,

I am making the changes that you suggested, I think I can get the X and Y by using

EVP_PKEY_get_bn_param() with  OSSL_PKEY_PARAM_EC_PUB_X and _PUB_Y.

Yes. Correct.

What I cannot figure out is how to get R and S. If I had an ECDSA_SIG, I would call ECDSA_SIG_get0_r() and _s().

Are there EVP_PKEY params for R and S?


An ECDSA signature is just a DER encoded ECDSA_SIG structure. Therefore take the resulting signature and call d2i_ECDSA_SIG. This will enable you to access r and s.

Matt



Thanks,
Kory



On Oct 27, 2021, at 11:04 AM, Kory Hamzeh <kory@xxxxxxxxxxxx> wrote:


Hi,

I am upgrading some 3RD party code which performs FIPS ECDSA AVS testing for FIPS 140-2 certification. The code uses FIPS_escda_sign(), which in Openssl-fips-2.0.5 is define as:

ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
			const unsigned char *msg, size_t msglen
,			const EVP_MD *mhash)


The full code is here:

https://github.com/majek/openssl/blob/master/fips/ecdsa/fips_ecdsavs.c

I have read through all of the ECDSA sign man pages, and I cannot find a functions that is close to accepting some of the same parameter. I could use some help please. I have very little experience with ECDSA.

Thanks,
Kory







[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux