On Fri, 2022-03-11 at 15:21 -0400, Richard Dymond wrote: > Hi > > I recently migrated an application from OpenSSL 1.1.1 to OpenSSL 3.0, > and I'm wondering how best to handle DSA signatures - specifically, > the 'r' and 's' values - in OpenSSL 3.0. > > In OpenSSL 1.1.1, it was pretty easy: > > DSA_do_sign() - gets you a DSA_SIG > DSA_SIG_get0() - gets you the 'r' and 's' values from the DSA_SIG > > This still works in OpenSSL 3.0, but the DSA_* functions are > deprecated, and so to avoid that I'm doing this instead: > > EVP_DIgestSign() - gets you a DER-encoded signature blob > BN_bin2bn() - grabs 'r' or 's' from the signature blob, so long as > you point it at the right place in the blob > > Which seems very cumbersome, and requires intimate knowledge of the > layout of the signature blob. > > Is there a better way to get the 'r' and 's' values from a DSA > signature in OpenSSL 3.0 without using deprecated functions? The DSA_SIG_* functions are not deprecated including the i2d and d2i functions. So you can use d2i_DSA_SIG to decode the DER produced by the EVP_DigestSign() and then obtain the r and s values from the DSA_SIG. -- Tomáš Mráz, OpenSSL
