On 28/10/2021 22:46, Kory Hamzeh wrote:
Hi Matt,
I am making the changes that you suggested, I think I can get the X and Y by using
EVP_PKEY_get_bn_param() with OSSL_PKEY_PARAM_EC_PUB_X and _PUB_Y.
Yes. Correct.
What I cannot figure out is how to get R and S. If I had an ECDSA_SIG, I would call ECDSA_SIG_get0_r() and _s().
Are there EVP_PKEY params for R and S?
An ECDSA signature is just a DER encoded ECDSA_SIG structure. Therefore
take the resulting signature and call d2i_ECDSA_SIG. This will enable
you to access r and s.
Matt
Thanks,
Kory
On Oct 27, 2021, at 11:04 AM, Kory Hamzeh <kory@xxxxxxxxxxxx> wrote:
Hi,
I am upgrading some 3RD party code which performs FIPS ECDSA AVS testing for FIPS 140-2 certification. The code uses FIPS_escda_sign(), which in Openssl-fips-2.0.5 is define as:
ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
const unsigned char *msg, size_t msglen
, const EVP_MD *mhash)
The full code is here:
https://github.com/majek/openssl/blob/master/fips/ecdsa/fips_ecdsavs.c
I have read through all of the ECDSA sign man pages, and I cannot find a functions that is close to accepting some of the same parameter. I could use some help please. I have very little experience with ECDSA.
Thanks,
Kory
